Mandriva Linux Security Advisory : kernel (MDVSA-2008:167)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux
kernel before 2.6.25.3 allows remote attackers to cause a denial of
service (memory consumption) via network traffic to a Simple Internet
Transition (SIT) tunnel interface, related to the pskb_may_pull and
kfree_skb functions, and management of an skb reference count.
(CVE-2008-2136)

The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and
other versions before 2.6.25.3 does not check file permissions when
certain UTIME_NOW and UTIME_OMIT combinations are used, which allows
local users to modify file times of arbitrary files, possibly leading
to a denial of service. (CVE-2008-2148)

Integer overflow in the dccp_feat_change function in net/dccp/feat.c
in the Datagram Congestion Control Protocol (DCCP) subsystem in the
Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to
gain privileges via an invalid feature length, which leads to a
heap-based buffer overflow. (CVE-2008-2358)

The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux
kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial
of service (kernel heap memory corruption and system crash) and
possibly have unspecified other impact via a crafted PPPOL2TP packet
that results in a large value for a certain length variable.
(CVE-2008-2750)

Linux kernel 2.6.18, and possibly other versions, when running on
AMD64 architectures, allows local users to cause a denial of service
(crash) via certain ptrace calls. (CVE-2008-1615)

Integer overflow in the sctp_getsockopt_local_addrs_old function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
functionality in the Linux kernel before 2.6.25.9 allows local users
to cause a denial of service (resource consumption and system outage)
via vectors involving a large addr_num field in an sctp_getaddrs_old
data structure. (CVE-2008-2826)

Race condition in the directory notification subsystem (dnotify) in
Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows
local users to cause a denial of service (OOPS) and possibly gain
privileges via unspecified vectors. (CVE-2008-1375)

The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux
kernel 2.6.x before 2.6.25.1 does not properly check certain
information related to register size, which has unspecified impact and
local attack vectors, probably related to reading or writing kernel
memory. (CVE-2008-1675)

Linux kernel before 2.6.25.2 does not apply a certain protection
mechanism for fcntl functionality, which allows local users to (1)
execute code in parallel or (2) exploit a race condition to obtain
re-ordered access to the descriptor table. (CVE-2008-1669)

Additionaly, a number of fixes has been included for the rtc driver,
Arima W651DI audio chipset, unionfs, as well as Tomoyolinux has been
updated to 1.6.3, UDF 2.50 support was added, and a few things more.
Check the package changelog for more details.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36653 (mandriva_MDVSA-2008-167.nasl)

Bugtraq ID: 29003
29076
29086
29235
29747

CVE ID: CVE-2008-1375
CVE-2008-1615
CVE-2008-1669
CVE-2008-1675
CVE-2008-2136
CVE-2008-2148
CVE-2008-2358
CVE-2008-2750
CVE-2008-2826

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now