Mandriva Linux Security Advisory : kernel (MDVSA-2010:257)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability was discovered and corrected in the Linux 2.6 kernel :

The setup_arg_pages function in fs/exec.c in the Linux kernel before
2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly
restrict the stack memory consumption of the (1) arguments and (2)
environment for a 32-bit application on a 64-bit platform, which
allows local users to cause a denial of service (system crash) via a
crafted exec system call, a related issue to CVE-2010-2240.
(CVE-2010-3858)

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L)
implementation in the Linux kernel before 2.6.36 on 64-bit platforms
does not validate the destination of a memory copy operation, which
allows local users to write to arbitrary kernel memory locations, and
consequently gain privileges, via a VIDIOCSTUNER ioctl call on a
/dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this
device. (CVE-2010-2963)

Integer overflow in the do_io_submit function in fs/aio.c in the Linux
kernel before 2.6.36-rc4-next-20100915 allows local users to cause a
denial of service or possibly have unspecified other impact via
crafted use of the io_submit system call. (CVE-2010-3067)

Multiple integer overflows in the snd_ctl_new function in
sound/core/control.c in the Linux kernel before
2.6.36-rc5-next-20100929 allow local users to cause a denial of
service (heap memory corruption) or possibly have unspecified other
impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2)
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. (CVE-2010-3442)

A kernel stack overflow, a bad pointer dereference and a missing
permission check were corrected in the econet implementation
(CVE-2010-3848) (CVE-2010-3849) (CVE-2010-3850).

Additionally, the kernel has been updated to the stable upstream
version 2.6.27.56.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 51337 ()

Bugtraq ID: 43353
43787
44242
44301
45072

CVE ID: CVE-2010-2963
CVE-2010-3067
CVE-2010-3442
CVE-2010-3848
CVE-2010-3849
CVE-2010-3850
CVE-2010-3858

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now