Mandriva Linux Security Advisory : kernel (MDVSA-2008:223)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :

Buffer overflow in format descriptor parsing in the uvc_parse_format
function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the
video4linux (V4L) implementation in the Linux kernel before 2.6.26.1
has unknown impact and attack vectors. (CVE-2008-3496)

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem
in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN
capability before processing a (1) SIOCDEVRESINSTATS, (2)
SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl
request, which allows local users to bypass intended capability
restrictions. (CVE-2008-3525)

Integer overflow in the sctp_setsockopt_auth_key function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows
remote attackers to cause a denial of service (panic) or possibly have
unspecified other impact via a crafted sca_keylength field associated
with the SCTP_AUTH_KEY option. (CVE-2008-3526)

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux
kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does
not verify that the identifier index is within the bounds established
by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive
information via a crafted SCTP_HMAC_IDENT IOCTL request involving the
sctp_getsockopt function, a different vulnerability than
CVE-2008-4113. (CVE-2008-4445)

Additionaly, fixes for sound on NEC Versa S9100 and others were added,
PATA and AHCI support for Intel ICH10 was added, a fix to allow better
disk transfer speeds was made for Hercules EC-900 mini-notebook, a
cyrus-imapd corruption issue in x86_64 arch was solved, RealTek
8169/8168/8101 support was improved, and a few other things. Check the
package changelog for details.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

See also :

https://qa.mandriva.com/35343
https://qa.mandriva.com/39048

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37065 (mandriva_MDVSA-2008-223.nasl)

Bugtraq ID:

CVE ID: CVE-2008-3496
CVE-2008-3525
CVE-2008-3526
CVE-2008-4445

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now