Full Disclosure mailing list archives
SmoothWall Limited Product Advisory SWL-2004:002
From: William Anderson <neuro () smoothwall org>
Date: Wed, 03 Mar 2004 15:33:18 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------- ~ SmoothWall Limited Product Advisory SWL-2004:002 - ------------------------------------------------------------- ~ Summary: Updates for SmoothWall Corporate Server and ~ Corporate Guardian to correct local ~ vulnerabilities in Linux kernel. ~ Importance: Severe ~ Issue: Possible local vulnerabilities ~ CVE Names: CAN-2004-0077 ~ Released: 2004-03-03 SW-specific: no Affected Products: ~ SmoothWall Corporate Server 3.0 (fixes7) ~ SmoothWall Corporate Guardian 3.0 (fixes2) The products shown must be updated to the fix level as shown above before applying any updates mentioned in this advisory. - ------------------------------------------------------------- ~ Description - ------------------------------------------------------------- Critical security vulnerabilities have been found in the Linux kernel in the following areas: - - Locally exploitable vulnerabilities in memory management ~ code (mremap system calls) These vulnerabilities can result in privilege escalation or unwanted availability of sensitive information. - ------------------------------------------------------------- ~ Corrective Actions - ------------------------------------------------------------- You should download and install the required update for your product(s). The updates can be downloaded from the web links below, along with installation instructions and any further caveats or updates. SmoothWall Corporate Server 3.0 fixes 8 - - http://smoothwall.net/u/corpserv/3.0/fixes8.html SmoothWall Corporate Server 3.0 fixes 3 - - http://smoothwall.net/u/corpserv/3.0/fixes3.html - ------------------------------------------------------------- ~ Further Information - ------------------------------------------------------------- CVE Candidate CAN-2004-0077 - - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077 Linux kernel do_mremap VMA limit local privilege escalation - - http://www.isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt Linux Kernel 2.4.25 Changelog - - http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25 ____ smoothwall - delivering versatile, affordable security _ - -- _ __/| William Anderson | Martin: Alright, I'll give it a shot. \`O_o' neuro at smoothwall dot org | Oatman: No, no, don't give it a shot! =(_ _)= http://smoothwall.org/team/ | Don't shoot anything! ~ U - Thhbt! GPG 0x7C4D858F | -- Grosse Pointe Blank (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFARfq++2Hw2nxNhY8RAlSGAJ4zRQHrC6TedQanIPGV33boqXEuzQCfXBJ1 c7+mKN5YbrOTjVDWeME67rk= =YsGz -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SmoothWall Limited Product Advisory SWL-2004:002 William Anderson (Mar 03)
- Re: SmoothWall Limited Product Advisory SWL-2004:002 William Anderson (Mar 03)