SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
(Mandrake Issues Fix) Linux Kernel Real-time Clock Routines May Leak Kernel Data to User Applications
SecurityTracker Alert ID:  1008657
SecurityTracker URL:  http://securitytracker.com/id/1008657
CVE Reference:   CVE-2003-0984   (Links to External Site)
Date:  Jan 8 2004
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2
Description:   A vulnerability was reported in the Linux 2.4 kernel in the real-time clock routines. A local user may be able to view leaked kernel data.

In December 2003, it was reported that real time clock routines in the Linux kernel do not properly initialize memory structures. As a result, a local user may be able to access the routines to view kernel stack data.
Impact:   A local user may be able to view some kernel data.
Solution:   Mandrake has released a fix.

Corporate Server 2.1:
344b324173b04d135c00072452203021 corporate/2.1/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm
558b3f1e0ae41705a7e9d934d49947c4 corporate/2.1/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm
6a06c2133a894e542caf6cedf72e6d89 corporate/2.1/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
45aaeb3cf17a0d59adfabf63e6d8de6f corporate/2.1/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm
fd3c78a32146b808d3355e375e2a05b4 corporate/2.1/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
adc06d97e9468534ec14e330b102180c corporate/2.1/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm

Corporate Server 2.1/x86_64:
d3d77a7084d6d5a976a8a40285ba03b6 x86_64/corporate/2.1/RPMS/kernel-2.4.19.34mdk-1-1mdk.x86_64.rpm
b2bb6374e1f0e2db7ea9d3f13b4a0d6f x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.34mdk-1-1mdk.x86_64.rpm
216d6cfcc6a3409228d1a5161c6b0aeb x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.34mdk-1-1mdk.x86_64.rpm
780d0a110c2512006a4e9cb52afe463c x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-34mdk.x86_64.rpm
a1fb994e250ce11fc08e460dee0cddd5 x86_64/corporate/2.1/SRPMS/kernel-2.4.19.34mdk-1-1mdk.src.rpm

Mandrake Linux 9.0:
344b324173b04d135c00072452203021 9.0/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm
558b3f1e0ae41705a7e9d934d49947c4 9.0/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm
6a06c2133a894e542caf6cedf72e6d89 9.0/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
45aaeb3cf17a0d59adfabf63e6d8de6f 9.0/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm
fd3c78a32146b808d3355e375e2a05b4 9.0/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
adc06d97e9468534ec14e330b102180c 9.0/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm

Mandrake Linux 9.1:
2bde1321f95b49fa456ade29d03f0212 9.1/RPMS/initscripts-7.06-12.3.91mdk.i586.rpm
7e6a48635fc44714dd4efdd5714c1968 9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.i586.rpm
f901e50a01fb020f31102a2cf494e817 9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.i586.rpm
10c60ba7a25f1e7b3ea1f19636afcc6b 9.1/RPMS/kernel-secure-2.4.21.0.27mdk-1-1mdk.i586.rpm
6270d3d1ce00b5d85931145e1b27f8a4 9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.i586.rpm
165628ae2d42c0f2f9bf894d3e9fc432 9.1/RPMS/kernel-source-2.4.21-0.27mdk.i586.rpm
8cfd6b274467b7165bd5985805254567 9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
b6cd338f787dc5062763004afa45e623 9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm

Mandrake Linux 9.1/PPC:
08ec2073354e8d64ebf81a79cd5bc319 ppc/9.1/RPMS/initscripts-7.06-12.3.91mdk.ppc.rpm
84f9d61c4b504c6ccce1f87344d96692 ppc/9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.ppc.rpm
b389e5b0bffa3e166c2960d8e032fab1 ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.ppc.rpm
0c0fd519aba807c43c78b89360ff26b1 ppc/9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.ppc.rpm
feec3693688aedea8defd75da9cf6919 ppc/9.1/RPMS/kernel-source-2.4.21-0.27mdk.ppc.rpm
8cfd6b274467b7165bd5985805254567 ppc/9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
b6cd338f787dc5062763004afa45e623 ppc/9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm

Mandrake Linux 9.2:
dbae8a701a027e2a0aeb524643d3cdee 9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.i586.rpm
2f9b2ed7be3388932bbc319611a0b8b7 9.2/RPMS/kernel-2.4.22.26mdk-1-1mdk.i586.rpm
b2f4fe01031d1bf8d26ea6c408be63f8 9.2/RPMS/kernel-enterprise-2.4.22.26mdk-1-1mdk.i586.rpm
e0dc38c45880e6732a50feba5470eaac 9.2/RPMS/kernel-i686-up-4GB-2.4.22.26mdk-1-1mdk.i586.rpm
f4c5098f1ef165692963956fbc844690 9.2/RPMS/kernel-p3-smp-64GB-2.4.22.26mdk-1-1mdk.i586.rpm
957ea9608c9e6488185e1d5b19d615e2 9.2/RPMS/kernel-secure-2.4.22.26mdk-1-1mdk.i586.rpm
6c9bc5e4353a8f336a4bfe928a79bd13 9.2/RPMS/kernel-smp-2.4.22.26mdk-1-1mdk.i586.rpm
8068ecb61313e6157811dbb8fe0f46a1 9.2/RPMS/kernel-source-2.4.22-26mdk.i586.rpm
664a1994ee4c0d90df8f9341afa5b818 9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
4d92e02dee3945e4b7476ba4bba9bf6d 9.2/SRPMS/kernel-2.4.22.26mdk-1-1mdk.src.rpm

Mandrake Linux 9.2/AMD64:
603219ea9ca09a9283c98ebfaab3c1ba amd64/9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.amd64.rpm
2d44e7cd4ff2148e3b9e548fd1beec59 amd64/9.2/RPMS/kernel-2.4.22.27mdk-1-1mdk.amd64.rpm
e98224df11f1c5f8c2432457e1e4a004 amd64/9.2/RPMS/kernel-secure-2.4.22.27mdk-1-1mdk.amd64.rpm
0dd710693b0df96ac6b1e68c5f5ad7c9 amd64/9.2/RPMS/kernel-smp-2.4.22.27mdk-1-1mdk.amd64.rpm
d3b57b8dd9a19a6b4ed2f8f01cfeb75f amd64/9.2/RPMS/kernel-source-2.4.22-27mdk.amd64.rpm
664a1994ee4c0d90df8f9341afa5b818 amd64/9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
945e4f9405fcccac6a844a86109b74b6 amd64/9.2/SRPMS/kernel-2.4.22.27mdk-1-1mdk.src.rpm

Multi Network Firewall 8.2:
15023427ad0c65e0607e217778bc6672 mnf8.2/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
adc06d97e9468534ec14e330b102180c mnf8.2/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   State error
Underlying OS:  

Message History:   This archive entry is a follow-up to the message listed below.
Jan 5 2004 Linux Kernel Real-time Clock Routines May Leak Kernel Data to User Applications


 Source Message Contents
Date:  8 Jan 2004 17:32:39 -0000
Subject:  MDKSA-2004:001 - Updated kernel packages fix local root vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           kernel
 Advisory ID:            MDKSA-2004:001
 Date:                   January 7th, 2004

 Affected versions:	 9.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A flaw in bounds checking in mremap() in the Linux kernel versions
 2.4.23 and previous was discovered by Paul Starzetz.  This flaw may
 be used to allow a local attacker to obtain root privilege.
 
 Another minor information leak in the RTC (real time clock) routines
 was fixed as well.
 
 All Mandrake Linux users are encouraged to upgrade to these packages
 immediately.  To update your kernel, please follow the directions
 located at:
 
   http://www.mandrakesecure.net/en/kernelupdate.php
 
 Mandrake Linux 9.1 and 9.2 users should upgrade the initscripts (9.1)
 and bootloader-utils (9.2) packages prior to upgrading the kernel as
 they contain a fixed installkernel script that fixes instances where
 the loop module was not being loaded and would cause mkinitrd to fail.
 
 Users requiring commercial NVIDIA drivers can find drivers for
 Mandrake Linux 9.2 at MandrakeClub.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 344b324173b04d135c00072452203021  corporate/2.1/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm
 558b3f1e0ae41705a7e9d934d49947c4  corporate/2.1/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm
 6a06c2133a894e542caf6cedf72e6d89  corporate/2.1/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
 45aaeb3cf17a0d59adfabf63e6d8de6f  corporate/2.1/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm
 fd3c78a32146b808d3355e375e2a05b4  corporate/2.1/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
 adc06d97e9468534ec14e330b102180c  corporate/2.1/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm

 Corporate Server 2.1/x86_64:
 d3d77a7084d6d5a976a8a40285ba03b6  x86_64/corporate/2.1/RPMS/kernel-2.4.19.34mdk-1-1mdk.x86_64.rpm
 b2bb6374e1f0e2db7ea9d3f13b4a0d6f  x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.34mdk-1-1mdk.x86_64.rpm
 216d6cfcc6a3409228d1a5161c6b0aeb  x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.34mdk-1-1mdk.x86_64.rpm
 780d0a110c2512006a4e9cb52afe463c  x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-34mdk.x86_64.rpm
 a1fb994e250ce11fc08e460dee0cddd5  x86_64/corporate/2.1/SRPMS/kernel-2.4.19.34mdk-1-1mdk.src.rpm

 Mandrake Linux 9.0:
 344b324173b04d135c00072452203021  9.0/RPMS/kernel-2.4.19.37mdk-1-1mdk.i586.rpm
 558b3f1e0ae41705a7e9d934d49947c4  9.0/RPMS/kernel-enterprise-2.4.19.37mdk-1-1mdk.i586.rpm
 6a06c2133a894e542caf6cedf72e6d89  9.0/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
 45aaeb3cf17a0d59adfabf63e6d8de6f  9.0/RPMS/kernel-smp-2.4.19.37mdk-1-1mdk.i586.rpm
 fd3c78a32146b808d3355e375e2a05b4  9.0/RPMS/kernel-source-2.4.19-37mdk.i586.rpm
 adc06d97e9468534ec14e330b102180c  9.0/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm

 Mandrake Linux 9.1:
 2bde1321f95b49fa456ade29d03f0212  9.1/RPMS/initscripts-7.06-12.3.91mdk.i586.rpm
 7e6a48635fc44714dd4efdd5714c1968  9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.i586.rpm
 f901e50a01fb020f31102a2cf494e817  9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.i586.rpm
 10c60ba7a25f1e7b3ea1f19636afcc6b  9.1/RPMS/kernel-secure-2.4.21.0.27mdk-1-1mdk.i586.rpm
 6270d3d1ce00b5d85931145e1b27f8a4  9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.i586.rpm
 165628ae2d42c0f2f9bf894d3e9fc432  9.1/RPMS/kernel-source-2.4.21-0.27mdk.i586.rpm
 8cfd6b274467b7165bd5985805254567  9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
 b6cd338f787dc5062763004afa45e623  9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 08ec2073354e8d64ebf81a79cd5bc319  ppc/9.1/RPMS/initscripts-7.06-12.3.91mdk.ppc.rpm
 84f9d61c4b504c6ccce1f87344d96692  ppc/9.1/RPMS/kernel-2.4.21.0.27mdk-1-1mdk.ppc.rpm
 b389e5b0bffa3e166c2960d8e032fab1  ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.27mdk-1-1mdk.ppc.rpm
 0c0fd519aba807c43c78b89360ff26b1  ppc/9.1/RPMS/kernel-smp-2.4.21.0.27mdk-1-1mdk.ppc.rpm
 feec3693688aedea8defd75da9cf6919  ppc/9.1/RPMS/kernel-source-2.4.21-0.27mdk.ppc.rpm
 8cfd6b274467b7165bd5985805254567  ppc/9.1/SRPMS/initscripts-7.06-12.3.91mdk.src.rpm
 b6cd338f787dc5062763004afa45e623  ppc/9.1/SRPMS/kernel-2.4.21.0.27mdk-1-1mdk.src.rpm

 Mandrake Linux 9.2:
 dbae8a701a027e2a0aeb524643d3cdee  9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.i586.rpm
 2f9b2ed7be3388932bbc319611a0b8b7  9.2/RPMS/kernel-2.4.22.26mdk-1-1mdk.i586.rpm
 b2f4fe01031d1bf8d26ea6c408be63f8  9.2/RPMS/kernel-enterprise-2.4.22.26mdk-1-1mdk.i586.rpm
 e0dc38c45880e6732a50feba5470eaac  9.2/RPMS/kernel-i686-up-4GB-2.4.22.26mdk-1-1mdk.i586.rpm
 f4c5098f1ef165692963956fbc844690  9.2/RPMS/kernel-p3-smp-64GB-2.4.22.26mdk-1-1mdk.i586.rpm
 957ea9608c9e6488185e1d5b19d615e2  9.2/RPMS/kernel-secure-2.4.22.26mdk-1-1mdk.i586.rpm
 6c9bc5e4353a8f336a4bfe928a79bd13  9.2/RPMS/kernel-smp-2.4.22.26mdk-1-1mdk.i586.rpm
 8068ecb61313e6157811dbb8fe0f46a1  9.2/RPMS/kernel-source-2.4.22-26mdk.i586.rpm
 664a1994ee4c0d90df8f9341afa5b818  9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
 4d92e02dee3945e4b7476ba4bba9bf6d  9.2/SRPMS/kernel-2.4.22.26mdk-1-1mdk.src.rpm

 Mandrake Linux 9.2/AMD64:
 603219ea9ca09a9283c98ebfaab3c1ba  amd64/9.2/RPMS/bootloader-utils-1.6-3.1.92mdk.amd64.rpm
 2d44e7cd4ff2148e3b9e548fd1beec59  amd64/9.2/RPMS/kernel-2.4.22.27mdk-1-1mdk.amd64.rpm
 e98224df11f1c5f8c2432457e1e4a004  amd64/9.2/RPMS/kernel-secure-2.4.22.27mdk-1-1mdk.amd64.rpm
 0dd710693b0df96ac6b1e68c5f5ad7c9  amd64/9.2/RPMS/kernel-smp-2.4.22.27mdk-1-1mdk.amd64.rpm
 d3b57b8dd9a19a6b4ed2f8f01cfeb75f  amd64/9.2/RPMS/kernel-source-2.4.22-27mdk.amd64.rpm
 664a1994ee4c0d90df8f9341afa5b818  amd64/9.2/SRPMS/bootloader-utils-1.6-3.1.92mdk.src.rpm
 945e4f9405fcccac6a844a86109b74b6  amd64/9.2/SRPMS/kernel-2.4.22.27mdk-1-1mdk.src.rpm

 Multi Network Firewall 8.2:
 15023427ad0c65e0607e217778bc6672  mnf8.2/RPMS/kernel-secure-2.4.19.37mdk-1-1mdk.i586.rpm
 adc06d97e9468534ec14e330b102180c  mnf8.2/SRPMS/kernel-2.4.19.37mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE//ZQ2mqjQ0CJFipgRAhbiAJ9Ynq77P20SpN1fUtL/6T/6UHnGegCg8lul
m3Iey37txkx7vLqlIj18EAo=
=Bsd0
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC