Mandriva Linux Security Advisory : kernel (MDVSA-2008:223)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :

Buffer overflow in format descriptor parsing in the uvc_parse_format
function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the
video4linux (V4L) implementation in the Linux kernel before
has unknown impact and attack vectors. (CVE-2008-3496)

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem
in the Linux kernel does not check for the CAP_NET_ADMIN
capability before processing a (1) SIOCDEVRESINSTATS, (2)
request, which allows local users to bypass intended capability
restrictions. (CVE-2008-3525)

Integer overflow in the sctp_setsockopt_auth_key function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel 2.6.24-rc1 through allows
remote attackers to cause a denial of service (panic) or possibly have
unspecified other impact via a crafted sca_keylength field associated
with the SCTP_AUTH_KEY option. (CVE-2008-3526)

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux
kernel before, when the SCTP-AUTH extension is enabled, does
not verify that the identifier index is within the bounds established
by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive
information via a crafted SCTP_HMAC_IDENT IOCTL request involving the
sctp_getsockopt function, a different vulnerability than
CVE-2008-4113. (CVE-2008-4445)

Additionaly, fixes for sound on NEC Versa S9100 and others were added,
PATA and AHCI support for Intel ICH10 was added, a fix to allow better
disk transfer speeds was made for Hercules EC-900 mini-notebook, a
cyrus-imapd corruption issue in x86_64 arch was solved, RealTek
8169/8168/8101 support was improved, and a few other things. Check the
package changelog for details.

To update your kernel, please follow the directions located at :

See also :

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37065 (mandriva_MDVSA-2008-223.nasl)

Bugtraq ID:

CVE ID: CVE-2008-3496

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now