Detections
Analytics

Mandrake Linux Security Advisory : kernel (MDKSA-2007:232)

high Nessus Plugin ID 36221

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream (CVE-2006-6058).

An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set (CVE-2007-4997).

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 36221

File Name: mandrake_MDKSA-2007-232.nasl

Version: 1.13

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kernel-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:kernel-laptop-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-laptop-devel-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-laptop-devel-latest, p-cpe:/a:mandriva:linux:kernel-laptop-latest, p-cpe:/a:mandriva:linux:kernel-server-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-server-devel-latest, p-cpe:/a:mandriva:linux:kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.22.12-1mdv, p-cpe:/a:mandriva:linux:kernel-source-latest, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 11/28/2007

Reference Information

CVE: CVE-2006-6058, CVE-2007-4997

CWE: 189

MDKSA: 2007:232