Detections
Analytics

Mandriva Linux Security Advisory : kernel (MDVSA-2008:246)

high Nessus Plugin ID 37874

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.
(CVE-2008-5033)

Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. (CVE-2008-5025)

Additionally, added enhancements for a newer revision of Nokia models 6300, XpressMusic 5200, 5610 and 7610, the support for the ub USB module was disabled, added fixes for the Wake On LAN feature of the r8169 module, added fixes for suspend and resume on the i915 module, added ALSA fixes for Intel HDA, added workaround for a bug on iwlagn, added the m5602 driver, fixed a crash on the ppscsi module, added fixes to the uvcvideo module.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

See Also

https://qa.mandriva.com/41782

https://qa.mandriva.com/44891

https://qa.mandriva.com/44988

https://qa.mandriva.com/45393

https://qa.mandriva.com/45599

Plugin Details

Severity: High

ID: 37874

File Name: mandriva_MDVSA-2008-246.nasl

Version: 1.15

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hso-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hso-kernel-server-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-2.6.27.7-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-2.6.27.7-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.27.7-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.27.7-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.27.7-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omfs-kernel-server-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-server-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-server-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-server-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-server-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-server-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-server-latest, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vhba-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vhba-kernel-server-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest, cpe:/o:mandriva:linux:2009.0, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-server-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-server-latest, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-desktop-latest, p-cpe:/a:mandriva:linux:et131x-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:et131x-kernel-server-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-server-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:kernel-server-2.6.27.7-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.27.7-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-latest, p-cpe:/a:mandriva:linux:kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.27.7-1mnb, p-cpe:/a:mandriva:linux:kernel-source-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-server-latest, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lirc-kernel-server-latest, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.7-server-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.7-desktop-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.7-desktop586-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.7-server-1mnb

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/29/2008

Reference Information

CVE: CVE-2008-5025, CVE-2008-5033

BID: 32094, 32289

CWE: 119, 399

MDVSA: 2008:246