Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)

High Nessus Plugin ID 27561

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size (CVE-2007-3105).

The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption) (CVE-2007-3513).

The decode_choice function allowed remote attackers to cause a denial of service (crash) via an encoded out-of-range index value for a choice field which triggered a NULL pointer dereference (CVE-2007-3642).

The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG) (CVE-2007-3848).

The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges (CVE-2007-4308).

The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register (CVE-2007-4573).

In addition to these security fixes, other fixes have been included such as :

- More NVidia PCI ids wre added

- The 3w-9xxx module was updated to version 2.26.02.010

- Fixed the map entry for ICH8

- Added the TG3 5786 PCI id

- Reduced the log verbosity of cx88-mpeg

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 27561

File Name: mandrake_MDKSA-2007-195.nasl

Version: 1.20

Type: local

Published: 2007/10/25

Updated: 2021/01/06

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kernel-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-doc-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-doc-latest, p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-enterprise-latest, p-cpe:/a:mandriva:linux:kernel-latest, p-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-legacy-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-source-latest, p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-source-stripped-latest, p-cpe:/a:mandriva:linux:kernel-xen0-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-xen0-latest, p-cpe:/a:mandriva:linux:kernel-xenU-2.6.17.16mdv, p-cpe:/a:mandriva:linux:kernel-xenU-latest, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/10/15

Reference Information

CVE: CVE-2007-3105, CVE-2007-3513, CVE-2007-3642, CVE-2007-3848, CVE-2007-4308, CVE-2007-4573

BID: 24734, 25216, 25348, 25387, 25774

MDKSA: 2007:195

CWE: 119, 189, 264