exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-105

Mandriva Linux Security Advisory 2008-105
Posted May 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Denial of service, out of bounds, race condition, and various other vulnerabilities have been patched in the Linux 2.6 kernel.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3740, CVE-2007-3851, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2008-1375, CVE-2008-1669
SHA-256 | b348d7056d7c7999326caf977e83f0e7f35795711a865d85e90ae265f9a90eb3

Mandriva Linux Security Advisory 2008-105

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:105
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kernel
Date : May 21, 2008
Affected: 2007.1
_______________________________________________________________________

Problem Description:

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740)

The drm/i915 component in the Linux kernel before 2.6.22.2, when
used with i965G and later chipsets, allows local users with access
to an X11 session and Direct Rendering Manager (DRM) to write
to arbitrary memory locations and gain privileges via a crafted
batchbuffer. (CVE-2007-3851)

The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors. (CVE-2007-4133)

The IA32 system call emulation functionality in Linux kernel 2.4.x
and 2.6.x before 2.6.22.7, when running on the x86_64 architecture,
does not zero extend the eax register after the 32bit entry path to
ptrace is used, which might allow local users to gain privileges by
triggering an out-of-bounds access to the system call table using
the %RAX register. This vulnerability is now being fixed in the Xen
kernel too. (CVE-2007-4573)

Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before
2.6.23 allows remote attackers to cause a denial of service (crash)
via a crafted SKB length value in a runt IEEE 802.11 frame when
the IEEE80211_STYPE_QOS_DATA flag is set, aka an off-by-two
error. (CVE-2007-4997)

The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device. (CVE-2007-5093)

A race condition in the directory notification subsystem (dnotify)
in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1,
allows local users to cause a denial of service (OOPS) and possibly
gain privileges via unspecified vectors. (CVE-2008-1375)

The Linux kernel before 2.6.25.2 does not apply a certain protection
mechanism for fcntl functionality, which allows local users to (1)
execute code in parallel or (2) exploit a race condition to obtain
re-ordered access to the descriptor table. (CVE-2008-1669)

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
c4a2d4a2c510a0b264ecc556ae95d9c1 2007.1/i586/kernel-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
8a9067dced69f2a98d84a91b565d53b2 2007.1/i586/kernel-doc-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
3781406fba53b54e10f10c673ad54734 2007.1/i586/kernel-doc-latest-2.6.17-18mdv.i586.rpm
0ab62eecb317efb9f395067acff4f197 2007.1/i586/kernel-enterprise-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
fa94fc4948555ddae5f333e51c1edac5 2007.1/i586/kernel-enterprise-latest-2.6.17-18mdv.i586.rpm
0997abceef3793c25a8fa5fee56af005 2007.1/i586/kernel-latest-2.6.17-18mdv.i586.rpm
02b79be3ea9a145e8e264e2f104c27fb 2007.1/i586/kernel-legacy-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
53e8e4e029f99fede270f4a4e9b1f105 2007.1/i586/kernel-legacy-latest-2.6.17-18mdv.i586.rpm
b38fcb899cd7e473bd07ab296a0edc52 2007.1/i586/kernel-source-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
df638346ea8e84c542b5d54173ef40f7 2007.1/i586/kernel-source-latest-2.6.17-18mdv.i586.rpm
5749113a50606c4f81f1371150c59041 2007.1/i586/kernel-source-stripped-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
bb3e5dddd12bfc05809a83f9c5e5a568 2007.1/i586/kernel-source-stripped-latest-2.6.17-18mdv.i586.rpm
4d4708a7c62727c704db6fa7a244d426 2007.1/i586/kernel-xen0-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
44b7732796ed652fc66034a2e1983f29 2007.1/i586/kernel-xen0-latest-2.6.17-18mdv.i586.rpm
1d6b03aad48cbe295ad461605d234eac 2007.1/i586/kernel-xenU-2.6.17.18mdv-1-1mdv2007.1.i586.rpm
af2a8a7596097a04a22292686da8471f 2007.1/i586/kernel-xenU-latest-2.6.17-18mdv.i586.rpm
327a8315418ff84959418928fc9873a5 2007.1/SRPMS/kernel-2.6.17.18mdv-1-1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
4b114a0b6712df7b93582805489a0e18 2007.1/x86_64/kernel-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
fb4214952ca5cc240adaeec74e377181 2007.1/x86_64/kernel-doc-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
30744081c4e43f608359eea6e201a4cd 2007.1/x86_64/kernel-doc-latest-2.6.17-18mdv.x86_64.rpm
0e8a29bbe26469de5ec6e9ec44b02c13 2007.1/x86_64/kernel-latest-2.6.17-18mdv.x86_64.rpm
1f3a2aa6965565c2db3bb5ca823fb546 2007.1/x86_64/kernel-source-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
7f3564691ddacf4e8a7d4ce874b8a33e 2007.1/x86_64/kernel-source-latest-2.6.17-18mdv.x86_64.rpm
fe9ecda0a6ea8a0723898ccda5292bc8 2007.1/x86_64/kernel-source-stripped-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
f7c9adbabba9b8a56fec55715a1e4858 2007.1/x86_64/kernel-source-stripped-latest-2.6.17-18mdv.x86_64.rpm
3e9422670548692022834ac806204fb8 2007.1/x86_64/kernel-xen0-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
2c18b8148db64d58d2a076b0b0b13d21 2007.1/x86_64/kernel-xen0-latest-2.6.17-18mdv.x86_64.rpm
10f28963d97d785b4bbea94610e4d478 2007.1/x86_64/kernel-xenU-2.6.17.18mdv-1-1mdv2007.1.x86_64.rpm
efa8b29e7e3d5907ccdf917514797e07 2007.1/x86_64/kernel-xenU-latest-2.6.17-18mdv.x86_64.rpm
327a8315418ff84959418928fc9873a5 2007.1/SRPMS/kernel-2.6.17.18mdv-1-1mdv2007.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIM/QcmqjQ0CJFipgRAua3AKCyF+W5X84EyQ0rcplkQs8m3TeBDQCgvo2f
AEfloFQ4ShfC936g0fSh5vo=
=RHR2
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close