This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Some vulnerabilities were discovered and corrected in the Linux 2.6
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the
Linux kernel before 2.6.30 allows remote attackers to cause a denial
of service (kernel memory corruption and crash) via a long packet.
The inode double locking code in fs/ocfs2/file.c in the Linux kernel
2.6.30 before 2.6.30-rc3, 2.6.27 before 126.96.36.199, 2.6.29 before
188.8.131.52, and possibly other versions down to 2.6.19 allows local
users to cause a denial of service (prevention of file creation and
removal) via a series of splice system calls that trigger a deadlock
between the generic_file_splice_write, splice_from_pipe, and
ocfs2_file_splice_write functions. (CVE-2009-1961)
The nfs_permission function in fs/nfs/dir.c in the NFS client
implementation in the Linux kernel 184.108.40.206 and earlier, when
atomic_open is available, does not check execute (aka EXEC or
MAY_EXEC) permission bits, which allows local users to bypass
permissions and execute files, as demonstrated by files on an NFSv4
Integer underflow in the e1000_clean_rx_irq function in
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel
before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel
Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to
cause a denial of service (panic) via a crafted frame size.
Multiple buffer overflows in the cifs subsystem in the Linux kernel
before 220.127.116.11 allow remote CIFS servers to cause a denial of service
(memory corruption) and possibly have unspecified other impact via (1)
a malformed Unicode string, related to Unicode string area alignment
in fs/cifs/sess.c; or (2) long Unicode characters, related to
fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
Additionally, the kernel package was updated to the Linux upstream
stable version 18.104.22.168.
To update your kernel, please follow the directions located at :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 48149 (mandriva_MDVSA-2009-148.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now