J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Red Hat Linux 2.4 Kernel Multiple Potential Vulnerabilities

Severity: LOW

Description:

Red Hat Linux has released a 2.4 Kernel update to fix multiple potential security issues.

The issues are as follows:

Red Hat has reported that ioctls of several RTC drivers have been fixed to prevent potential data leaks. A privileged attacker may potentially exploit this condition to gain access to sensitive data. This may be related to BID 9154.

A previous kernel upgrade may have caused certain "--reject-with tcp-reset" IPTABLES rules to malfunction. This may lead an administrator into a false sense of security or introduce security exposures since existing or newly created rules may not function properly.

It has been reported that if a bonding interface that does not have an IP address is initiated, the bonding process and kernel may panic due to a reference to a null pointer. This may require superuser privileges but could be exposed via third-party setuid applications that may perform this operation, though this has not been confirmed.

Other non-security related issues were also addressed in this upgrade.

Affected Products:

  • CRUX CRUX Linux 1.0.0
  • Gentoo Linux 1.2.0
  • Gentoo Linux 1.4.0
  • Linux kernel 2.4.20
  • RedHat Linux 7.1.0
  • RedHat Linux 7.2.0
  • RedHat Linux 7.3.0
  • RedHat Linux 8.0.0
  • RedHat Linux 9.0.0 i386
  • RedHat kernel-2.4.18-14.athlon.rpm 0.0.0
  • RedHat kernel-2.4.18-14.i586.rpm 0.0.0
  • RedHat kernel-2.4.18-14.i686.rpm 0.0.0
  • RedHat kernel-2.4.18-3.athlon.rpm 0.0.0
  • RedHat kernel-2.4.18-3.i386.rpm 0.0.0
  • RedHat kernel-2.4.18-3.i686.rpm 0.0.0
  • RedHat kernel-2.4.2-2.i386.rpm 0.0.0
  • RedHat kernel-2.4.2-2.i586.rpm 0.0.0
  • RedHat kernel-2.4.2-2.i686.rpm 0.0.0
  • RedHat kernel-2.4.20-8.athlon.rpm 0.0.0
  • RedHat kernel-2.4.20-8.i586.rpm 0.0.0
  • RedHat kernel-2.4.20-8.i686.rpm 0.0.0
  • RedHat kernel-2.4.7-10.athlon.rpm 0.0.0
  • RedHat kernel-2.4.7-10.i386.rpm 0.0.0
  • RedHat kernel-2.4.7-10.i686.rpm 0.0.0
  • Slackware Linux 9.0.0
  • WOLK WOLK 4.4.0 s

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.