'SmoothWall Project Security Advisory SWP-2004:002'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    SmoothWall Project Security Advisory SWP-2004:002
From:       William Anderson <neuro () smoothwall ! org>
Date:       2004-02-26 16:44:02
Message-ID: 403E2252.8000008 () smoothwall ! org
[Download RAW message or body]

-------------------------------------------------------------
  SmoothWall Project Security Advisory SWP-2004:002
-------------------------------------------------------------

     Summary: Updates for SmoothWall Express to correct
              local vulnerabilities in Linux kernel.
  Importance: Severe
       Issue: Possible local vulnerabilities
   CVE Names: CAN-2004-0077
    Released: 2004-02-27
SW-specific: no

Affected Products:

   SmoothWall Express 2.0 (fixes1)

The products shown must be updated to the fix level as
shown above before applying any updates mentioned in this
advisory.

-------------------------------------------------------------
  Description
-------------------------------------------------------------

Critical security vulnerabilities have been found in the
Linux kernel in the following areas:

- Locally exploitable vulnerabilities in memory management
   code (mremap system calls)

These vulnerabilities can result in privilege escalation or
unwanted availability of sensitive information.

-------------------------------------------------------------
  Corrective Actions
-------------------------------------------------------------

You should download and install the required update for
your product(s).  The updates can be downloaded from the
web links below, along with installation instructions and
any further caveats or updates.

SmoothWall Express 2.0 fixes 2
- http://smoothwall.org/p/2.0-fixes2.html

-------------------------------------------------------------
  Further Information
-------------------------------------------------------------

CVE Candidate CAN-2004-0077
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077
Linux kernel do_mremap VMA limit local privilege escalation
- http://www.isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Linux Kernel 2.4.25 Changelog
- http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25

____ smoothwall - delivering versatile, affordable security _

-- 
_ __/|  William Anderson            | Martin: Alright, I'll give it a shot.
\`O_o'  neuro at smoothwall dot org | Oatman: No, no, don't give it a shot!
=(_ _)= http://smoothwall.org/team/ |         Don't shoot anything!
    U  - Thhbt! GPG 0x7C4D858F       |  -- Grosse Pointe Blank (1997)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic