Mandriva Linux Security Advisory : kernel (MDVSA-2008:044)

high Nessus Plugin ID 36924
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third-party information. (CVE-2007-5500)

The tcp_sacktag_write_queue function in the Linux kernel 2.6.21 through 2.6.23.7 allowed remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference (CVE-2007-5501).

The do_corefump function in fs/exec.c in the Linux kernel prior to 2.6.24-rc3 did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which could possibly allow local users to obtain sensitive information (CVE-2007-6206).

VFS in the Linux kernel before 2.6.22.16 performed tests of access mode by using the flag variable instead of the acc_mode variable, which could possibly allow local users to bypass intended permissions and remove directories (CVE-2008-0001).

The Linux kernel prior to 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allowed local users to access kernel memory via an out-of-range offset (CVE-2008-0007).

A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges (CVE-2008-0600).

Mandriva urges all users to upgrade to these new kernels immediately as the CVE-2008-0600 flaw is being actively exploited. This issue only affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are affected.

Additionally, this kernel updates the version from 2.6.22.12 to 2.6.22.18 and fixes numerous other bugs, including :

- fix freeze when ejecting a cm40x0 PCMCIA card

- fix crash on unloading netrom

- fixes alsa-related sound issues on Dell XPS M1210 and M1330 models

- the HZ value was increased on the laptop kernel to increase interactivity and reduce latency

- netfilter ipset, psd, and ifwlog support was re-enabled

- unionfs was reverted to a working 1.4 branch that is less buggy

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 36924

File Name: mandriva_MDVSA-2008-044.nasl

Version: 1.24

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kernel-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:kernel-laptop-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-laptop-devel-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-laptop-devel-latest, p-cpe:/a:mandriva:linux:kernel-laptop-latest, p-cpe:/a:mandriva:linux:kernel-server-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-server-devel-latest, p-cpe:/a:mandriva:linux:kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.22.18-1mdv, p-cpe:/a:mandriva:linux:kernel-source-latest, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/12/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2007-5500, CVE-2007-5501, CVE-2007-6206, CVE-2008-0001, CVE-2008-0007, CVE-2008-0600

BID: 26474, 26477, 26701, 27280, 27686

MDVSA: 2008:044

CWE: 16, 94, 399