Mandriva Linux Security Advisory : kernel (MDVSA-2008:043)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A flaw in the vmsplice system call did not properly verify address
arguments passed by user-space processes, which allowed local
attackers to overwrite arbitrary kernel memory and gain root
privileges.

Mandriva urges all users to upgrade to these new kernels immediately
as this flaw is being actively exploited. This issue only affects
2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate
4.0 are affected.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36383 (mandriva_MDVSA-2008-043.nasl)

Bugtraq ID:

CVE ID: CVE-2008-0009
CVE-2008-0010
CVE-2008-0600

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now