Mandriva Linux Security Advisory : kernel (MDVSA-2008:044)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

The wait_task_stopped function in the Linux kernel before 2.6.23.8
checks a TASK_TRACED bit instead of an exit_state value, which allows
local users to cause a denial of service (machine crash) via
unspecified vectors. NOTE: some of these details are obtained from
third-party information. (CVE-2007-5500)

The tcp_sacktag_write_queue function in the Linux kernel 2.6.21
through 2.6.23.7 allowed remote attackers to cause a denial of service
(crash) via crafted ACK responses that trigger a NULL pointer
dereference (CVE-2007-5501).

The do_corefump function in fs/exec.c in the Linux kernel prior to
2.6.24-rc3 did not change the UID of a core dump file if it exists
before a root process creates a core dump in the same location, which
could possibly allow local users to obtain sensitive information
(CVE-2007-6206).

VFS in the Linux kernel before 2.6.22.16 performed tests of access
mode by using the flag variable instead of the acc_mode variable,
which could possibly allow local users to bypass intended permissions
and remove directories (CVE-2008-0001).

The Linux kernel prior to 2.6.22.17, when using certain drivers that
register a fault handler that does not perform range checks, allowed
local users to access kernel memory via an out-of-range offset
(CVE-2008-0007).

A flaw in the vmsplice system call did not properly verify address
arguments passed by user-space processes, which allowed local
attackers to overwrite arbitrary kernel memory and gain root
privileges (CVE-2008-0600).

Mandriva urges all users to upgrade to these new kernels immediately
as the CVE-2008-0600 flaw is being actively exploited. This issue only
affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor
Corporate 4.0 are affected.

Additionally, this kernel updates the version from 2.6.22.12 to
2.6.22.18 and fixes numerous other bugs, including :

- fix freeze when ejecting a cm40x0 PCMCIA card

- fix crash on unloading netrom

- fixes alsa-related sound issues on Dell XPS M1210 and
M1330 models

- the HZ value was increased on the laptop kernel to
increase interactivity and reduce latency

- netfilter ipset, psd, and ifwlog support was re-enabled

- unionfs was reverted to a working 1.4 branch that is
less buggy

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36924 (mandriva_MDVSA-2008-044.nasl)

Bugtraq ID: 26474
26477
26701
27280
27686

CVE ID: CVE-2007-5500
CVE-2007-5501
CVE-2007-6206
CVE-2008-0001
CVE-2008-0007
CVE-2008-0600

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now