Mandrake Linux Security Advisory : kernel (MDKSA-2004:066)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A number of vulnerabilities were discovered in the Linux kernel that
are corrected with this update :

Multiple vulnerabilities were found by the Sparse source checker that
could allow local users to elevate privileges or gain access to kernel
memory (CVE-2004-0495).

Missing Discretionary Access Controls (DAC) checks in the chown(2)
system call could allow an attacker with a local account to change the
group ownership of arbitrary files, which could lead to root
privileges on affected systems (CVE-2004-0497).

An information leak vulnerability that affects only ia64 systems was
fixed (CVE-2004-0565).

Insecure permissions on /proc/scsi/qla2300/HbaApiNode could allow a
local user to cause a DoS on the system; this only affects
Mandrakelinux 9.2 and below (CVE-2004-0587).

A vulnerability that could crash the kernel has also been fixed. This
crash, however, can only be exploited via root (in br_if.c).

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at :

http://www.mandrakesoft.com/security/kernelupdate

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14165 (mandrake_MDKSA-2004-066.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0495
CVE-2004-0497
CVE-2004-0565
CVE-2004-0587

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now