exploit the possibilities

Mandriva Linux Security Advisory 2007.025

Mandriva Linux Security Advisory 2007.025
Posted Jan 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A slew of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2005-3272, CVE-2006-0741, CVE-2006-2446, CVE-2006-3741, CVE-2006-4145, CVE-2006-4535, CVE-2006-4813, CVE-2006-4997, CVE-2006-5619, CVE-2006-5749, CVE-2006-5754, CVE-2006-6106
MD5 | 9dc785a338a7a22a6ebea219e0f480e0

Mandriva Linux Security Advisory 2007.025

Change Mirror Download

Hash: SHA1


Mandriva Linux Security Advisory MDKSA-2007:025

Package : kernel
Date : January 23, 2007
Affected: Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

Some vulnerabilities were discovered and corrected in the Linux 2.6

The 2.6 kernel prior to 2.6.12 allows remote attackers to poison the
bridge forwarding table using frames that have already been dropped by
filtering, which can cause the bridge to forward spoofed packets

Prior to, the kernel allows local users to cause a DoS
("endless recursive fault") via unknown attack vectors related to a
"bad elf entry address" on Intel processors (CVE-2006-0741).

A race condition in the socket buffer handling in the 2.6.9 kernel and
earlier versions could allow a remote attacker to cause a DoS (crash)

Stephane Eranian discovered an issue with permon2.0 where, under
certain circumstances, the perfmonctl() system call may not correctly
manage the file descriptor reference count, resulting in the system
possibly running out of file structure (CVE-2006-3741).

Prior to and including 2.6.17, the Universal Disk Format (UDF)
filesystem driver allowed local users to cause a DoS (hang and crash)
via certain operations involving truncated files (CVE-2006-4145).

Various versions of the Linux kernel allowed local users to cause a DoS
(crash) via an SCTP socket with a certain SO_LINGER value, which is
possibly related to the patch used to correct CVE-2006-3745

The __block_prepate_write function in the 2.6 kernel before 2.6.13 does
not properly clear buffers during certain error conditions, which
allows users to read portions of files that have been unlinked

The clip_mkip function of the ATM subsystem in the 2.6 kernel allows
remote attackers to dause a DoS (panic) via unknown vectors that cause
the ATM subsystem to access the memory of socket buffers after they are
freed (CVE-2006-4997).

The seqfile handling in the 2.6 kernel up to 2.6.18 allows local users
to cause a DoS (hang or oops) via unspecified manipulations that
trigger an infinite loop while searching for flowlabels

A missing call to init_timer() in the isdn_ppp code of the Linux kernel
can allow remote attackers to send a special kind of PPP pakcet which
may trigger a kernel oops (CVE-2006-5749).

The aio_setup_ring() function initializes a variable incorrectly which
can be used in error path to free allocated resources which could allow
a local user to crash the node (CVE-2006-5754).

A vulnerability in the bluetooth support could allow for overwriting
internal CMTP and CAPI data structures via malformed packets

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels immediately
and reboot to effect the fixes.

To update your kernel, please follow the directions located at:




Updated Packages:

Corporate 3.0:
c807857c820dae84bad9beac5ff132c2 corporate/3.0/i586/kernel-
9502a05c5049f394b50a4f2128ca7311 corporate/3.0/i586/kernel-BOOT-
26b4a92d5ed2c1953fb88fd304584281 corporate/3.0/i586/kernel-doc-2.6.3-36mdk.i586.rpm
c2f4619bf4b4d9d3952ccad7eb4be16d corporate/3.0/i586/kernel-enterprise-
20970c40ded39599c4ad6bc976447c8c corporate/3.0/i586/kernel-i686-up-4GB-
5856cd990d971667d673216603cc9b1f corporate/3.0/i586/kernel-p3-smp-64GB-
0e978fa73922d870b487c2f8d14eaff3 corporate/3.0/i586/kernel-secure-
fa9f0cdd42385ec68aa79198d2615617 corporate/3.0/i586/kernel-smp-
8f9766f48b56d6a56333dcec3cfa611d corporate/3.0/i586/kernel-source-2.6.3-36mdk.i586.rpm
841863d5446060606da060acf72afce0 corporate/3.0/i586/kernel-source-stripped-2.6.3-36mdk.i586.rpm
15c7992f878a9ebcf38694d5700d90af corporate/3.0/SRPMS/kernel-

Corporate 3.0/X86_64:
9f3bb7174878cc5044386356e1c4bc57 corporate/3.0/x86_64/kernel-
613608913f5dcb696b26e31ce5c01828 corporate/3.0/x86_64/kernel-BOOT-
b6daad6d8d1c8bb7b8053935434ccd4b corporate/3.0/x86_64/kernel-doc-2.6.3-36mdk.x86_64.rpm
19857cc0134d55a81cfecf099b5f1715 corporate/3.0/x86_64/kernel-secure-
b0cc99ea1220b2e3bd7922be994b3aef corporate/3.0/x86_64/kernel-smp-
8044690dcbf0a3a0c7b2e09bcc76a8d6 corporate/3.0/x86_64/kernel-source-2.6.3-36mdk.x86_64.rpm
b67484105e125306b4dd5fdb5b84d67d corporate/3.0/x86_64/kernel-source-stripped-2.6.3-36mdk.x86_64.rpm
15c7992f878a9ebcf38694d5700d90af corporate/3.0/SRPMS/kernel-

Multi Network Firewall 2.0:
c807857c820dae84bad9beac5ff132c2 mnf/2.0/i586/kernel-
20970c40ded39599c4ad6bc976447c8c mnf/2.0/i586/kernel-i686-up-4GB-
5856cd990d971667d673216603cc9b1f mnf/2.0/i586/kernel-p3-smp-64GB-
0e978fa73922d870b487c2f8d14eaff3 mnf/2.0/i586/kernel-secure-
fa9f0cdd42385ec68aa79198d2615617 mnf/2.0/i586/kernel-smp-
15c7992f878a9ebcf38694d5700d90af mnf/2.0/SRPMS/kernel-

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:


If you want to report vulnerabilities, please contact


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.6 (GNU/Linux)


Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    15 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By