This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
Multiple vulnerabilities in the Linux kernel have been discovered and
fixed in this update. The following have been fixed in the 2.4
Colin Percival discovered a vulnerability in Intel's Hyper-Threading
technology could allow a local user to use a malicious thread to
create covert channels, monitor the execution of other threads, and
obtain sensitive information such as cryptographic keys via a timing
attack on memory cache misses. This has been corrected by disabling HT
support in all kernels (CVE-2005-0109).
When forwarding fragmented packets, a hardware assisted checksum could
only be used once which could lead to a Denial of Service attack or
crash by remote users (CVE-2005-0209).
A flaw in the Linux PPP driver was found where on systems allowing
remote users to connect to a server via PPP, a remote client could
cause a crash, resulting in a Denial of Service (CVE-2005-0384).
An information leak in the ext2 filesystem code was found where when a
new directory is created, the ext2 block written to disk is not
A signedness error in the copy_from_read_buf function in n_tty.c
allows local users to read kernel memory via a negative argument
George Guninski discovered a buffer overflow in the ATM driver where
the atm_get_addr() function does not validate its arguments
sufficiently which could allow a local attacker to overwrite large
portions of kernel memory by supplying a negative length argument.
This could potentially lead to the execution of arbitrary code
A flaw when freeing a pointer in load_elf_library was found that could
be abused by a local user to potentially crash the machine causing a
Denial of Service (CVE-2005-0749).
A problem with the Bluetooth kernel stack in kernels 2.4.6 through
2.4.30-rc1 and 2.6 through 220.127.116.11 could be used by a local attacker
to gain root access or crash the machine (CVE-2005-0750).
A race condition in the Radeon DRI driver allows a local user with DRI
privileges to execute arbitrary code as root (CVE-2005-0767).
Paul Starzetz found an integer overflow in the ELF binary format
loader's code dump function in kernels prior to and including
2.4.31-pre1 and 2.6.12-rc4. By creating and executing a specially
crafted ELF executable, a local attacker could exploit this to execute
arbitrary code with root and kernel privileges (CVE-2005-1263).
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8
Family: Mandriva Local Security Checks
Nessus Plugin ID: 18599 (mandrake_MDKSA-2005-111.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now