Mandrake Linux Security Advisory : kernel (MDKSA-2003:110)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A vulnerability was discovered in the Linux kernel versions 2.4.22 and
previous. A flaw in bounds checking in the do_brk() function can allow
a local attacker to gain root privileges. This vulnerability is known
to be exploitable; an exploit is in the wild at this time.

The Mandrake Linux 9.2 kernels are not vulnerable to this problem as
the fix for it is already present in kernel version 2.4.22-21mdk
(provided in MDKA-2003:021).

MandrakeSoft encourages all users to upgrade their systems
immediately.

To upgrade your kernel, please use the documentation available
online :

http://www.mandrakesecure.net/en/kernelupdate.php

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14092 (mandrake_MDKSA-2003-110.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0961

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now