Mandriva Linux Security Advisory : kernel (MDVSA-2010:247)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability was discovered and corrected in the Linux 2.6 kernel :

The compat_alloc_user_space functions in include/asm/compat.h files in
the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not
properly allocate the userspace memory required for the 32-bit
compatibility layer, which allows local users to gain privileges by
leveraging the ability of the compat_mc_getsockopt function (aka the
MCAST_MSFILTER getsockopt support) to control a certain length value,
related to a stack pointer underflow issue, as exploited in the wild
in September 2010. (CVE-2010-3081)

The IA32 system call emulation functionality in
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2
on the x86_64 platform does not zero extend the %eax register after
the 32-bit entry path to ptrace is used, which allows local users to
gain privileges by triggering an out-of-bounds access to the system
call table using the %rax register. NOTE: this vulnerability exists
because of a CVE-2007-4573 regression. (CVE-2010-3301)

Integer overflow in the ext4_ext_get_blocks function in
fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users
to cause a denial of service (BUG and system crash) via a write
operation on the last block of a large file, followed by a sync
operation. (CVE-2010-3015)

Additionally, the kernel has been updated to the stable version
2.6.31.14. A timeout bug in bnx2 has been fixed. Muting and unmuting
on VT1812/VT2002P now should work correctly. A fix for ACL decoding on
NFS was added. Rebooting on Dell Precision WorkStation T7400 was
corrected. Read balancing with RAID0 and RAID1 on drives larger then
2TB was also fixed. A more detailed description is available in the
package changelog and related tickets.

Thanks to Thomas Backlund and Herton Ronaldo Krzesinski for
contributions in this update.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 50981 ()

Bugtraq ID: 42477
43239
43355

CVE ID: CVE-2010-3015
CVE-2010-3081
CVE-2010-3301

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now