Mandrake Linux Security Advisory : kernel-2.4 (MDKSA-2005:111)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities in the Linux kernel have been discovered and
fixed in this update. The following have been fixed in the 2.4
kernels :

Colin Percival discovered a vulnerability in Intel's Hyper-Threading
technology could allow a local user to use a malicious thread to
create covert channels, monitor the execution of other threads, and
obtain sensitive information such as cryptographic keys via a timing
attack on memory cache misses. This has been corrected by disabling HT
support in all kernels (CVE-2005-0109).

When forwarding fragmented packets, a hardware assisted checksum could
only be used once which could lead to a Denial of Service attack or
crash by remote users (CVE-2005-0209).

A flaw in the Linux PPP driver was found where on systems allowing
remote users to connect to a server via PPP, a remote client could
cause a crash, resulting in a Denial of Service (CVE-2005-0384).

An information leak in the ext2 filesystem code was found where when a
new directory is created, the ext2 block written to disk is not
initialized (CVE-2005-0400).

A signedness error in the copy_from_read_buf function in n_tty.c
allows local users to read kernel memory via a negative argument
(CVE-2005-0530).

George Guninski discovered a buffer overflow in the ATM driver where
the atm_get_addr() function does not validate its arguments
sufficiently which could allow a local attacker to overwrite large
portions of kernel memory by supplying a negative length argument.
This could potentially lead to the execution of arbitrary code
(CVE-2005-0531).

A flaw when freeing a pointer in load_elf_library was found that could
be abused by a local user to potentially crash the machine causing a
Denial of Service (CVE-2005-0749).

A problem with the Bluetooth kernel stack in kernels 2.4.6 through
2.4.30-rc1 and 2.6 through 2.6.11.5 could be used by a local attacker
to gain root access or crash the machine (CVE-2005-0750).

A race condition in the Radeon DRI driver allows a local user with DRI
privileges to execute arbitrary code as root (CVE-2005-0767).

Paul Starzetz found an integer overflow in the ELF binary format
loader's code dump function in kernels prior to and including
2.4.31-pre1 and 2.6.12-rc4. By creating and executing a specially
crafted ELF executable, a local attacker could exploit this to execute
arbitrary code with root and kernel privileges (CVE-2005-1263).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 18599 (mandrake_MDKSA-2005-111.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0109
CVE-2005-0209
CVE-2005-0384
CVE-2005-0400
CVE-2005-0530
CVE-2005-0531
CVE-2005-0749
CVE-2005-0750
CVE-2005-0767
CVE-2005-1263

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now