English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61885
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDVSA-2008:220-1 (kernel)
Summary:Mandrake Security Advisory MDVSA-2008:220-1 (kernel)
Description:
The remote host is missing an update to kernel
announced via advisory MDVSA-2008:220-1.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The snd_seq_oss_synth_make_info function in
sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux
kernel before 2.6.27-rc2 does not verify that the device number is
within the range defined by max_synthdev before returning certain
data to the caller, which allows local users to obtain sensitive
information. (CVE-2008-3272)

Unspecified vulnerability in the 32-bit and 64-bit emulation in the
Linux kernel 2.6.9, 2.6.18, and probably other versions allows local
users to read uninitialized memory via unknown vectors involving a
crafted binary. (CVE-2008-0598)

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c
in the vfs implementation in the Linux kernel before 2.6.25.15 does
not prevent creation of a child dentry for a deleted (aka S_DEAD)
directory, which allows local users to cause a denial of service
(overflow of the UBIFS orphan area) via a series of attempted file
creations within deleted directories. (CVE-2008-3275)

Integer overflow in the sctp_setsockopt_auth_key function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows
remote attackers to cause a denial of service (panic) or possibly have
unspecified other impact via a crafted sca_keylength field associated
with the SCTP_AUTH_KEY option. (CVE-2008-3525)

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23
does not properly zero out the dio struct, which allows local users
to cause a denial of service (OOPS), as demonstrated by a certain
fio test. (CVE-2007-6716)

fs/open.c in the Linux kernel before 2.6.22 does not properly strip
setuid and setgid bits when there is a write to a file, which allows
local users to gain the privileges of a different group, and obtain
sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped
I/O. (CVE-2008-4210)

Additionaly, support for Intel's ICH9 controller was added, and 'tg3'
driver was updated to version 3.71b.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Update:

Support for Intel's ICH9 controller and the updated 'tg3' driver were
actually missing in the previous update, this new update adds them.

Affected: Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:220-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3272
Debian Security Information: DSA-1636 (Google Search)
http://www.debian.org/security/2008/dsa-1636
Debian Security Information: DSA-1630 (Google Search)
http://www.debian.org/security/2008/dsa-1630
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
http://www.redhat.com/support/errata/RHSA-2008-0885.html
http://www.redhat.com/support/errata/RHSA-2008-0857.html
RedHat Security Advisories: RHSA-2008:0972
http://rhn.redhat.com/errata/RHSA-2008-0972.html
SuSE Security Announcement: SUSE-SA:2008:048 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
SuSE Security Announcement: SUSE-SA:2008:047 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
SuSE Security Announcement: SUSE-SA:2008:052 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
http://www.ubuntulinux.org/support/documentation/usn/usn-637-1
BugTraq ID: 30559
http://www.securityfocus.com/bid/30559
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11182
http://secunia.com/advisories/32370
http://www.vupen.com/english/advisories/2008/2307
http://www.securitytracker.com/id?1020636
http://secunia.com/advisories/31366
http://secunia.com/advisories/31614
http://secunia.com/advisories/31881
http://secunia.com/advisories/32023
http://secunia.com/advisories/32190
http://secunia.com/advisories/31836
http://secunia.com/advisories/31551
http://secunia.com/advisories/32799
http://secunia.com/advisories/32759
http://secunia.com/advisories/32103
http://secunia.com/advisories/32104
XForce ISS Database: linux-kernel-seqosssynth-info-disclosure(44225)
http://xforce.iss.net/xforce/xfdb/44225
Common Vulnerability Exposure (CVE) ID: CVE-2008-0598
RedHat Security Advisories: RHSA-2008:0508
http://rhn.redhat.com/errata/RHSA-2008-0508.html
http://www.redhat.com/support/errata/RHSA-2008-0519.html
http://www.redhat.com/support/errata/RHSA-2008-0973.html
http://www.redhat.com/support/errata/RHSA-2009-0009.html
http://www.ubuntu.com/usn/usn-625-1
BugTraq ID: 29942
http://www.securityfocus.com/bid/29942
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10721
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6201
http://www.securitytracker.com/id?1020367
http://secunia.com/advisories/30849
http://secunia.com/advisories/30850
http://secunia.com/advisories/31107
http://secunia.com/advisories/33586
http://secunia.com/advisories/33201
XForce ISS Database: linux-kernel-emulation-disclosure(43554)
http://xforce.iss.net/xforce/xfdb/43554
Common Vulnerability Exposure (CVE) ID: CVE-2008-3275
http://lkml.org/lkml/2008/7/2/83
http://www.redhat.com/support/errata/RHSA-2009-0014.html
http://www.redhat.com/support/errata/RHSA-2008-0787.html
BugTraq ID: 30647
http://www.securityfocus.com/bid/30647
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10744
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6551
http://secunia.com/advisories/32344
http://www.vupen.com/english/advisories/2008/2430
http://www.securitytracker.com/id?1020739
http://secunia.com/advisories/33556
http://secunia.com/advisories/33280
XForce ISS Database: linux-kernel-ubifs-dos(44410)
http://xforce.iss.net/xforce/xfdb/44410
Common Vulnerability Exposure (CVE) ID: CVE-2008-3525
http://www.openwall.com/lists/oss-security/2008/08/29/2
Debian Security Information: DSA-1655 (Google Search)
http://www.debian.org/security/2008/dsa-1655
Debian Security Information: DSA-1653 (Google Search)
http://www.debian.org/security/2008/dsa-1653
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:223
SuSE Security Announcement: SUSE-SA:2008:053 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
SuSE Security Announcement: SUSE-SA:2008:051 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
http://www.ubuntu.com/usn/usn-659-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5671
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9364
http://secunia.com/advisories/32315
http://secunia.com/advisories/32356
http://www.vupen.com/english/advisories/2008/2511
http://www.vupen.com/english/advisories/2008/2714
http://www.securitytracker.com/id?1020969
http://secunia.com/advisories/32393
http://secunia.com/advisories/32386
http://secunia.com/advisories/32237
Common Vulnerability Exposure (CVE) ID: CVE-2007-6716
http://lkml.org/lkml/2007/7/30/448
http://www.openwall.com/lists/oss-security/2008/09/04/1
SuSE Security Announcement: SUSE-SA:2008:056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html
BugTraq ID: 31515
http://www.securityfocus.com/bid/31515
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10053
Common Vulnerability Exposure (CVE) ID: CVE-2008-4210
http://www.openwall.com/lists/oss-security/2008/09/24/5
http://www.openwall.com/lists/oss-security/2008/09/24/8
http://www.redhat.com/support/errata/RHSA-2008-0957.html
SuSE Security Announcement: SUSE-SA:2008:057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html
http://www.ubuntu.com/usn/usn-679-1
BugTraq ID: 31368
http://www.securityfocus.com/bid/31368
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6386
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9511
http://secunia.com/advisories/32485
http://secunia.com/advisories/32918
XForce ISS Database: linux-kernel-open-privilege-escalation(45539)
http://xforce.iss.net/xforce/xfdb/45539
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.