Detections
Analytics
Mandriva Linux Security Advisory : kernel (MDVSA-2009:289)
high Nessus Plugin ID 42284
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). (CVE-2009-1895)
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. (CVE-2009-2406)
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. (CVE-2009-2407)
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a negative dentry and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
(CVE-2009-2908)
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified random addresses. (CVE-2009-3290)
Additionaly, it includes the fixes from the stable kernel version 2.6.27.37. It also fixes also fixes IBM x3650 M2 hanging when using both network interfaces and Wake on Lan problems on r8169. For details, check the package changelog.
To update your kernel, please follow the directions located at :
http://www.mandriva.com/en/security/kernelupdate
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 42284
File Name: mandriva_MDVSA-2009-289.nasl
Version: 1.20
Type: local
Family: Mandriva Local Security Checks
Published: 10/28/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:kernel-desktop-2.6.27.37-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.27.37-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.27.37-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.27.37-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:kernel-server-2.6.27.37-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.27.37-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-latest, p-cpe:/a:mandriva:linux:kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.27.37-1mnb, p-cpe:/a:mandriva:linux:kernel-source-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-server-latest, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lirc-kernel-server-latest, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omfs-kernel-server-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-server-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-server-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-server-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-server-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-server-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-server-latest, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vhba-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vhba-kernel-server-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest, cpe:/o:mandriva:linux:2009.0, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-server-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-server-latest, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-desktop-latest, p-cpe:/a:mandriva:linux:et131x-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:et131x-kernel-server-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-server-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hso-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hso-kernel-server-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.37-desktop-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.37-desktop586-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.37-server-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-2.6.27.37-1mnb
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/27/2009
Reference Information
CVE: CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2908, CVE-2009-3290