Mandrake Linux Security Advisory : kernel (MDKSA-2003:110)

High Nessus Plugin ID 14092


The remote Mandrake Linux host is missing one or more security updates.


A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous. A flaw in bounds checking in the do_brk() function can allow a local attacker to gain root privileges. This vulnerability is known to be exploitable; an exploit is in the wild at this time.

The Mandrake Linux 9.2 kernels are not vulnerable to this problem as the fix for it is already present in kernel version 2.4.22-21mdk (provided in MDKA-2003:021).

MandrakeSoft encourages all users to upgrade their systems immediately.

To upgrade your kernel, please use the documentation available online :


Update the affected packages.

Plugin Details

Severity: High

ID: 14092

File Name: mandrake_MDKSA-2003-110.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kernel-, p-cpe:/a:mandriva:linux:kernel-, p-cpe:/a:mandriva:linux:kernel-enterprise-, p-cpe:/a:mandriva:linux:kernel-enterprise-, p-cpe:/a:mandriva:linux:kernel-secure-, p-cpe:/a:mandriva:linux:kernel-secure-, p-cpe:/a:mandriva:linux:kernel-smp-, p-cpe:/a:mandriva:linux:kernel-smp-, p-cpe:/a:mandriva:linux:kernel-source, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/12/01

Reference Information

CVE: CVE-2003-0961

MDKSA: 2003:110