RHEL 2.1 : kernel (RHSA-2003:103)

high Nessus Plugin ID 12381

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated kernel packages are now available that fix a ptrace-related vulnerability which can lead to elevated (root) privileges.

The Linux kernel handles the basic functions of the operating system.
A vulnerability has been found in version 2.4.18 of the kernel.

This vulnerability allows a local user to gain elevated (root) privileges without authorization.

All users should upgrade to these errata packages, which contain patches to fix the vulnerability.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2003-0127

https://access.redhat.com/errata/RHSA-2003:103

Plugin Details

Severity: High

ID: 12381

File Name: redhat-RHSA-2003-103.nasl

Version: 1.29

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-boot, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-doc, p-cpe:/a:redhat:enterprise_linux:kernel-enterprise, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-smp, p-cpe:/a:redhat:enterprise_linux:kernel-source, p-cpe:/a:redhat:enterprise_linux:kernel-summit, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/21/2003

Vulnerability Publication Date: 3/31/2003

Reference Information

CVE: CVE-2003-0127

RHSA: 2003:103