Debian Security Advisory DSA 1111-1 (kernel-source-2.6.8 et. al.)

Published: 2008-01-17 22:13:11
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:


Technical Details:
It was discovered that a race condition in the process filesystem can lead to privilege escalation. The following matrix explains which kernel version for which architecture fixes the problem mentioned above: Debian 3.1 (sarge) Source 2.6.8-16sarge4 Alpha architecture 2.6.8-16sarge4 AMD64 architecture 2.6.8-16sarge4 Intel IA-32 architecture 2.6.8-16sarge4 Intel IA-64 architecture 2.6.8-14sarge4 PowerPC architecture 2.6.8-12sarge4 Sun Sparc architecture 2.6.8-15sarge4 As an exploit for this issue in the wild, this advisory was sent out without builds for the IBM S/390, Motorola 680x0 and HP Precision architectures being available. They will be released in a followup-advisory as soon as they are available. Also, the kernels for the FAI installer haven't been updated yet. As a workaround we recommend to mount proc with the nosuid and noexec options. We recommend that you upgrade your kernel Linux Distribution Package immediately and reboot

The remote host is missing an update to kernel-source-2.6.8 et. al. announced via advisory DSA 1111-1.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.