Mandrake Linux Security Advisory : kernel (MDKSA-2005:022)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.

Synopsis :

The remote Mandrake Linux host is missing one or more security

Description :

A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with
this advisory :

- Multiple race conditions in the terminal layer of 2.4
and 2.6 kernels (prior to 2.6.9) can allow a local
attacker to obtain portions of kernel data or allow
remote attackers to cause a kernel panic by switching
from console to PPP line discipline, then quickly
sending data that is received during the switch

- Richard Hart found an integer underflow problem in the
iptables firewall logging rules that can allow a remote
attacker to crash the machine by using a specially
crafted IP packet. This is only possible, however, if
firewalling is enabled. The problem only affects 2.6
kernels and was fixed upstream in 2.6.8 (CVE-2004-0816)

- Stefan Esser found several remote DoS confitions in the
smbfs file system. This could be exploited by a hostile
SMB server (or an attacker injecting packets into the
network) to crash the client systems (CVE-2004-0883 and

- Paul Starzetz and Georgi Guninski reported,
independently, that bad argument handling and bad
integer arithmetics in the IPv4 sendmsg handling of
control messages could lead to a local attacker crashing
the machine. The fixes were done by Herbert Xu

- Rob Landley discovered a race condition in the handling
of /proc/.../cmdline where, under rare circumstances, a
user could read the environment variables of another
process that was still spawning leading to the potential
disclosure of sensitive information such as passwords

- Paul Starzetz reported that the missing serialization in
unix_dgram_recvmsg() which was added to kernel 2.4.28
can be used by a local attacker to gain elevated (root)
privileges (CVE-2004-1068)

- Ross Kendall Axe discovered a possible kernel panic
(DoS) while sending AF_UNIX network packets if certain
SELinux-related kernel options were enabled. By default
options are not enabled (CVE-2004-1069)

- Paul Starzetz of discovered several issues with
the error handling of the ELF loader routines in the
kernel. The fixes were provided by Chris Wright
(CVE-2004-1070, CVE-2004-1071, CVE-2004-1072,

- It was discovered that hand-crafted a.out binaries could
be used to trigger a local DoS condition in both the 2.4
and 2.6 kernels. The fixes were done by Chris Wright

- Paul Starzetz found bad handling in the IGMP code which
could lead to a local attacker being able to crash the
machine. The fix was done by Chris Wright

- Jeremy Fitzhardinge discovered two buffer overflows in
the sys32_ni_syscall() and sys32_vm86_warning()
functions that could be used to overwrite kernel memory
with attacker-supplied code resulting in privilege
escalation (CVE-2004-1151)

- Paul Starzetz found locally exploitable flaws in the
binary format loader's uselib() function that could be
abused to allow a local user to obtain root privileges

- Paul Starzetz found an exploitable flaw in the page
fault handler when running on SMP machines

- A vulnerability in insert_vm_struct could allow a locla
user to trigger BUG() when the user created a large vma
that overlapped with arg pages during exec

- Paul Starzetz also found a number of vulnerabilities in
the kernel binfmt_elf loader that could lead a local
user to obtain elevated (root) privileges

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at :

PLEASE NOTE: Mandrakelinux 10.0 users will need to upgrade to the
latest module-init-tools package prior to upgrading their kernel.
Likewise, MNF8.2 users will need to upgrade to the latest modutils
package prior to upgrading their kernel.

See also :

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now