Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)

high Nessus Plugin ID 27561
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size (CVE-2007-3105).

The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption) (CVE-2007-3513).

The decode_choice function allowed remote attackers to cause a denial of service (crash) via an encoded out-of-range index value for a choice field which triggered a NULL pointer dereference (CVE-2007-3642).

The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG) (CVE-2007-3848).

The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges (CVE-2007-4308).

The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register (CVE-2007-4573).

In addition to these security fixes, other fixes have been included such as :

- More NVidia PCI ids wre added

- The 3w-9xxx module was updated to version 2.26.02.010

- Fixed the map entry for ICH8

- Added the TG3 5786 PCI id

- Reduced the log verbosity of cx88-mpeg

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 27561

File Name: mandrake_MDKSA-2007-195.nasl

Version: 1.20

Type: local

Published: 10/25/2007

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kernel-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-doc-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-doc-latest, p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-enterprise-latest, p-cpe:/a:mandriva:linux:kernel-latest, p-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-legacy-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-source-latest, p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-source-stripped-latest, p-cpe:/a:mandriva:linux:kernel-xen0-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-xen0-latest, p-cpe:/a:mandriva:linux:kernel-xenU-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-xenU-latest, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/15/2007

Reference Information

CVE: CVE-2007-3105, CVE-2007-3513, CVE-2007-3642, CVE-2007-3848, CVE-2007-4308, CVE-2007-4573

BID: 24734, 25216, 25348, 25387, 25774

MDKSA: 2007:195

CWE: 119, 189, 264