Mandrake Linux Security Advisory : kernel (MDKSA-2007:171)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :

The Linux kernel did not properly save or restore EFLAGS during a
context switch, or reset the flags when creating new threads, which
allowed local users to cause a denial of service (process crash)
(CVE-2006-5755).

The compat_sys_mount function in fs/compat.c allowed local users to
cause a denial of service (NULL pointer dereference and oops) by
mounting a smbfs file system in compatibility mode (CVE-2006-7203).

The nfnetlink_log function in netfilter allowed an attacker to cause a
denial of service (crash) via unspecified vectors which would trigger
a NULL pointer dereference (CVE-2007-1496).

The nf_conntrack function in netfilter did not set nfctinfo during
reassembly of fragmented packets, which left the default value as
IP_CT_ESTABLISHED and could allow remote attackers to bypass certain
rulesets using IPv6 fragments (CVE-2007-1497).

The netlink functionality did not properly handle NETLINK_FIB_LOOKUP
replies, which allowed a remote attacker to cause a denial of service
(resource consumption) via unspecified vectors, probably related to
infinite recursion (CVE-2007-1861).

A typo in the Linux kernel caused RTA_MAX to be used as an array size
instead of RTN_MAX, which lead to an out of bounds access by certain
functions (CVE-2007-2172).

The IPv6 protocol allowed remote attackers to cause a denial of
service via crafted IPv6 type 0 route headers that create network
amplification between two routers (CVE-2007-2242).

The random number feature did not properly seed pools when there was
no entropy, or used an incorrect cast when extracting entropy, which
could cause the random number generator to provide the same values
after reboots on systems without an entropy source (CVE-2007-2453).

A memory leak in the PPPoE socket implementation allowed local users
to cause a denial of service (memory consumption) by creating a socket
using connect, and releasing it before the PPPIOCGCHAN ioctl is
initialized (CVE-2007-2525).

An integer underflow in the cpuset_tasks_read function, when the
cpuset filesystem is mounted, allowed local users to obtain kernel
memory contents by using a large offset when reading the
/dev/cpuset/tasks file (CVE-2007-2875).

The sctp_new function in netfilter allowed remote attackers to cause a
denial of service by causing certain invalid states that triggered a
NULL pointer dereference (CVE-2007-2876).

In addition to these security fixes, other fixes have been included
such as :

- Fix crash on netfilter when nfnetlink_log is used on
certain hooks on packets forwarded to or from a bridge

- Fixed busy sleep on IPVS which caused high load averages

- Fixed possible race condition on ext[34]_link

- Fixed missing braces in condition block that led to
wrong behaviour in NFS

- Fixed XFS lock deallocation that resulted in oops when
unmounting

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 25968 (mandrake_MDKSA-2007-171.nasl)

Bugtraq ID: 23615
23870
24376
24390

CVE ID: CVE-2006-5755
CVE-2006-7203
CVE-2007-1496
CVE-2007-1497
CVE-2007-1861
CVE-2007-2172
CVE-2007-2242
CVE-2007-2453
CVE-2007-2525
CVE-2007-2875
CVE-2007-2876

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now