Mandrake Linux Security Advisory : kernel (MDKSA-2001:079-2)

high Nessus Plugin ID 14777

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Alexander Viro discovered a vulnerability in the devfs implementation that is shipped with Mandrake Linux 8.1. We are aware of the problem and are currently working on a solution. As a workaround, until an update becomes available, please boot with the devfs=nomount option.

Rafal Wojtczuk found a vulnerability in the 2.2.19 and 2.4.11 Linux kernels with the ptrace code and deeply nested symlinks spending an arbitrary amount of time in the kernel code. The ptrace vulnerability could be used by local users to gain root privilege, the symlink vulnerability could result in a local DoS.

There is an additional vulnerability in the kernel's syncookie code which could potentially allow a remote attacker to guess the cookie and bypass existing firewall rules. The discovery was found by Manfred Spraul and Andi Kleen.

Update :

The previous advisory was missing the md5sums for the lm_utils packages. The md5sums are now included in the package list.

NOTE: This update is *not* meant to be done via MandrakeUpdate! You must download the necessary RPMs and upgrade manually by following these steps :

1. Type: rpm -ivh kernel-[version].i586.rpm 2. Type: mv kernel-[version].i586.rpm /tmp 3. Type: rpm -Fvh *.rpm 4a. You may wish to edit /etc/lilo.conf to ensure a new entry is in place. The new kernel will be the last entry. Change any options you need to change.
You will also want to create a new entry with the initrd and image directives pointing to the old kernel's vmlinuz and initrd images so you may also boot from the old images if required. 4b. PPC users must execute some additional instructions. First edit /etc/yaboot.conf and add a new entry for the kernel and change any options that you need to change. You must also create a new initrd image to enable USB support for keyboards and mice by typing: mkinitrd --with=usb-ohci /boot/initrd-2.4.8-31.3mdk 2.4.8-31.3mdk 5a. If you use lilo, type:
/sbin/lilo -v 5b. If you use GRUB, type: sh /boot/grub/install.sh 5c.
PPC users must type: /sbin/ybin -v

You may then reboot and use the new kernel and remove the older kernel when you are comfortable using the upgraded one.

Solution

Update the affected packages.

See Also

https://www.securityfocus.com/archive?id=1&mid=221337

Plugin Details

Severity: High

ID: 14777

File Name: mandrake_MDKSA-2001-079.nasl

Version: 1.16

Type: local

Published: 9/18/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:iptables, p-cpe:/a:mandriva:linux:iptables-ipv6, p-cpe:/a:mandriva:linux:kernel, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:kernel-enterprise, p-cpe:/a:mandriva:linux:kernel-headers, p-cpe:/a:mandriva:linux:kernel-pcmcia-cs, p-cpe:/a:mandriva:linux:kernel-smp, p-cpe:/a:mandriva:linux:kernel-source, p-cpe:/a:mandriva:linux:lm_utils, p-cpe:/a:mandriva:linux:lm_utils-devel, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/26/2001

Exploitable With

Core Impact

Reference Information

CVE: CVE-2001-0907, CVE-2001-1384

MDKSA: 2001:079-2