Mandriva Linux Security Advisory : kernel (MDVSA-2009:032)

medium Nessus Plugin ID 37078
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.6

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. (CVE-2008-5079)

Linux kernel 2.6.28 allows local users to cause a denial of service (soft lockup and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. (CVE-2008-5300)

Additionaly, wireless and hotkeys support for Asus EEE were fixed, systems with HDA sound needing MSI support were added to the quirks list to be autodetected, STAC92HD71Bx and STAC92HD75Bx based HDA support was enhanced and fixed, support for HDA sound on Acer Aspire 8930 was added, Dell Inspiron Mini 9 HDA sound support was added, CIFS filesystem should now work with Kerberos, and a few more things. Check the package changelog for details.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

See Also

https://qa.mandriva.com/43332

https://qa.mandriva.com/44855

https://qa.mandriva.com/44988

https://qa.mandriva.com/45136

https://qa.mandriva.com/45838

https://qa.mandriva.com/46164

Plugin Details

Severity: Medium

ID: 37078

File Name: mandriva_MDVSA-2009-032.nasl

Version: 1.16

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Medium

VPR Score: 6.6

CVSS v2.0

Base Score: 4.9

Temporal Score: 3.8

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-server-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-server-latest, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-desktop-latest, p-cpe:/a:mandriva:linux:et131x-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:et131x-kernel-server-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-server-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hso-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hso-kernel-server-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-2.6.27.10-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-2.6.27.10-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.27.10-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.27.10-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.27.10-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:kernel-server-2.6.27.10-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.27.10-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-latest, p-cpe:/a:mandriva:linux:kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.27.10-1mnb, p-cpe:/a:mandriva:linux:kernel-source-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-server-latest, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lirc-kernel-server-latest, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omfs-kernel-server-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-server-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-server-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-server-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-server-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-server-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-server-latest, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vhba-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vhba-kernel-server-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.10-desktop-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.10-desktop586-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.10-server-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest, cpe:/o:mandriva:linux:2009.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/30/2009

Reference Information

CVE: CVE-2008-5079, CVE-2008-5300

BID: 32676

MDVSA: 2009:032

CWE: 399