Mandriva Linux Security Advisory : kernel (MDVSA-2010:030)

High Nessus Plugin ID 44356

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080)

The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005)

An issue was discovered in 2.6.32.x kernels, which sets unsecure permission for devtmpfs file system by default. (CVE-2010-0299)

Additionally, it was added support for Atheros AR2427 Wireless Network Adapter.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 44356

File Name: mandriva_MDVSA-2010-030.nasl

Version: 1.21

Type: local

Published: 2010/02/02

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop-latest, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-server-latest, p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:em8300-kernel-desktop-latest, p-cpe:/a:mandriva:linux:em8300-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:em8300-kernel-server-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-2.6.31.12-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-2.6.31.12-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.31.12-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.31.12-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.31.12-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:kernel-server-2.6.31.12-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.31.12-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-latest, p-cpe:/a:mandriva:linux:kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.31.12-1mnb, p-cpe:/a:mandriva:linux:kernel-source-latest, p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:libafs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:libafs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:libafs-kernel-server-latest, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lirc-kernel-server-latest, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxadditions-kernel-server-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.12-desktop-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.12-desktop586-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.12-server-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest, cpe:/o:mandriva:linux:2010.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/02/01

Reference Information

CVE: CVE-2009-3080, CVE-2009-4005

BID: 37036, 37068

MDVSA: 2010:030

CWE: 119