Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0103
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0103)
Summary:	The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia304, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2014-0103 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel, kernel-userspace-headers, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia304, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2014-0103 advisory. Vulnerability Insight: This kernel update provides an update to the upstream stable 3.12.13 maintenance release and fixes the following security issues: A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev() during uncached writes. An unprivileged local user with access to cifs share could use this flaw to crash the system or leak kernel memory. Privilege escalation cannot be ruled out (since memory corruption is involved), but is unlikely. (CVE-2014-0069) Linux kernel build with the NFS file system(CONFIG_NFS_FS) along with the support for NFSv4 protocol(CONFIG_NFS_V4) is vulnerable to an information leakage flaw. It could occur while writing to a file wherein NFS server has offered write delegation to the client. Such delegation allows NFS client to perform the said operation locally without instant interaction with the server. A user/program could use this flaw to at least leak kernel memory bytes. (CVE-2014-2038) This update also enables MEMCG on server kernels (mga#12629) For other changes, see the referenced changelogs. Affected Software/OS: 'kernel, kernel-userspace-headers, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia304, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0069 65588 http://www.securityfocus.com/bid/65588 RHSA-2014:0328 http://rhn.redhat.com/errata/RHSA-2014-0328.html SUSE-SU-2014:0459 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html [linux-cifs] 20140214 [PATCH] cifs: ensure that uncached writes handle unmapped areas correctly http://article.gmane.org/gmane.linux.kernel.cifs/9401 [oss-security] 20140217 CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes http://www.openwall.com/lists/oss-security/2014/02/17/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f https://bugzilla.redhat.com/show_bug.cgi?id=1064253 https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f Common Vulnerability Exposure (CVE) ID: CVE-2014-2038 USN-2137-1 http://www.ubuntu.com/usn/USN-2137-1 USN-2140-1 http://www.ubuntu.com/usn/USN-2140-1 [oss-security] 20140221 Re: Re: CVE request: Linux kernel: nfs: information leakage http://www.openwall.com/lists/oss-security/2014/02/20/16 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=263b4509ec4d47e0da3e753f85a39ea12d1eff24 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3 https://bugzilla.redhat.com/show_bug.cgi?id=1066939 https://github.com/torvalds/linux/commit/263b4509ec4d47e0da3e753f85a39ea12d1eff24
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.