English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58004
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2007:040 (kernel)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to kernel
announced via advisory MDKSA-2007:040.

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel:

The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c
in the Linux 2.4 kernel before 2.4.34-rc4, as well as the 2.6 kernel,
does not call the init_timer function for the ISDN PPP CCP reset state
timer, which has unknown attack vectors and results in a system crash.
(CVE-2006-5749)

The listxattr syscall can corrupt user space under certain
circumstances. The problem seems to be related to signed/unsigned
conversion during size promotion. (CVE-2006-5753)

The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to
cause a denial of service (crash) via an ext3 stream with malformed
data structures. (CVE-2006-6053)

The mincore function in the Linux kernel before 2.4.33.6, as well as
the 2.6 kernel, does not properly lock access to user space, which has
unspecified impact and attack vectors, possibly related to a deadlock.
(CVE-2006-4814)

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels immediately
and reboot to effect the fixes.

In addition to these security fixes, other fixes have been included
such as:

- Add Ralink RT2571W/RT2671 WLAN USB support (rt73 module) - Fix
sys_msync() to report -ENOMEM as before when an unmapped area falls
within its range, and not to overshoot (LSB regression) - Avoid disk
sector_t overflow for >2TB ext3 filesystem - USB: workaround to fix HP
scanners detection (#26728) - USB: unusual_devs.h for Sony floppy
(#28378) - Add preliminary ICH9 support - Add TI sd card reader
support - Add RT61 driver - KVM update - Fix bttv vbi offset

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: 2007.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:040

Risk factor : High

CVSS Score:
7.2

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-5749
2007-0002
http://www.trustix.org/errata/2007/0002/
20070615 rPSA-2007-0124-1 kernel xen
http://www.securityfocus.com/archive/1/471457
21835
http://www.securityfocus.com/bid/21835
21883
http://www.securityfocus.com/bid/21883
23529
http://secunia.com/advisories/23529
23609
http://secunia.com/advisories/23609
23752
http://secunia.com/advisories/23752
24098
http://secunia.com/advisories/24098
24100
http://secunia.com/advisories/24100
24547
http://secunia.com/advisories/24547
25226
http://secunia.com/advisories/25226
25683
http://secunia.com/advisories/25683
25691
http://secunia.com/advisories/25691
MDKSA-2007:012
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
MDKSA-2007:025
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
MDKSA-2007:040
http://www.mandriva.com/security/advisories?name=MDKSA-2007:040
SUSE-SA:2007:018
http://www.novell.com/linux/security/advisories/2007_18_kernel.html
SUSE-SA:2007:021
http://www.novell.com/linux/security/advisories/2007_21_kernel.html
SUSE-SA:2007:030
http://www.novell.com/linux/security/advisories/2007_30_kernel.html
SUSE-SA:2007:035
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
USN-416-1
http://www.ubuntu.com/usn/usn-416-1
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34
http://www.kernel.org/git/?p=linux/kernel/git/wtarreau/linux-2.4.git%3Ba=commitdiff%3Bh=05dca9b77f99d80cf615075624666106d5b61727
Common Vulnerability Exposure (CVE) ID: CVE-2006-5753
22316
http://www.securityfocus.com/bid/22316
23955
http://secunia.com/advisories/23955
23997
http://secunia.com/advisories/23997
24206
http://secunia.com/advisories/24206
24400
http://secunia.com/advisories/24400
24429
http://secunia.com/advisories/24429
24482
http://secunia.com/advisories/24482
25714
http://secunia.com/advisories/25714
29058
http://secunia.com/advisories/29058
33020
http://osvdb.org/33020
DSA-1304
http://www.debian.org/security/2007/dsa-1304
DSA-1503
http://www.debian.org/security/2008/dsa-1503
FEDORA-2007-277
http://fedoranews.org/cms/node/2739
FEDORA-2007-291
http://fedoranews.org/cms/node/2740
MDKSA-2007:060
http://www.mandriva.com/security/advisories?name=MDKSA-2007:060
RHSA-2007:0014
RedHat Security Advisories: RHSA-2007:0014
http://lkml.org/lkml/2007/1/3/150
http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm
https://issues.rpath.com/browse/RPL-1106
oval:org.mitre.oval:def:9371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9371
Common Vulnerability Exposure (CVE) ID: CVE-2006-6053
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
Debian Security Information: DSA-1304 (Google Search)
Debian Security Information: DSA-1503 (Google Search)
http://projects.info-pull.com/mokb/MOKB-10-11-2006.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10992
http://rhn.redhat.com/errata/RHSA-2007-0014.html
http://secunia.com/advisories/22776
http://secunia.com/advisories/23474
SuSE Security Announcement: SUSE-SA:2006:079 (Google Search)
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
http://www.vupen.com/english/advisories/2006/4458
Common Vulnerability Exposure (CVE) ID: CVE-2006-4814
21663
http://www.securityfocus.com/bid/21663
23436
http://secunia.com/advisories/23436
30110
http://secunia.com/advisories/30110
31246
http://secunia.com/advisories/31246
33280
http://secunia.com/advisories/33280
ADV-2006-5082
http://www.vupen.com/english/advisories/2006/5082
ADV-2008-2222
http://www.vupen.com/english/advisories/2008/2222/references
RHSA-2008:0211
http://www.redhat.com/support/errata/RHSA-2008-0211.html
RHSA-2008:0787
http://www.redhat.com/support/errata/RHSA-2008-0787.html
[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.6
oval:org.mitre.oval:def:9648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9648
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.