Test ID:	1.3.6.1.4.1.25623.1.0.50736
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2003:066-2 (kernel)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kernel announced via advisory MDKSA-2003:066-2. Multiple vulnerabilities were discovered and fixed in the Linux kernel. For a complete list of fixes, please visit the referenced security advisory. MandrakeSoft encourages all users to upgrade to these new kernels. Updated kernels will be available shortly for other supported platforms and architectures. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. Update: The kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a problem where all files created on any filesystem other than XFS, and using any kernel other than kernel-secure, would be created with mode 0666, or world writeable. The 0.24mdk kernels have been removed from the mirrors and users are encouraged to upgrade and remove those kernels from their systems to prevent accidentally booting into them. That issue has been addressed and fixed with these new kernels. Affected versions: 9.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:066-2 http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0001 @stake Security Advisory: A010603-1 http://www.atstake.com/research/advisories/2003/a010603-1.txt Bugtraq: 20030106 Etherleak: Ethernet frame padding information leakage (A010603-1) (Google Search) http://www.securityfocus.com/archive/1/305335/30/26420/threaded Bugtraq: 20030110 More information regarding Etherleak (Google Search) http://marc.info/?l=bugtraq&m=104222046632243&w=2 Bugtraq: 20030117 Re: More information regarding Etherleak (Google Search) http://www.securityfocus.com/archive/1/307564/30/26270/threaded CERT/CC vulnerability note: VU#412115 http://www.kb.cert.org/vuls/id/412115 http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf http://www.osvdb.org/9962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665 http://www.redhat.com/support/errata/RHSA-2003-025.html http://www.redhat.com/support/errata/RHSA-2003-088.html http://www.securitytracker.com/id/1031583 http://www.securitytracker.com/id/1040185 http://secunia.com/advisories/7996 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0244 BugTraq ID: 7601 http://www.securityfocus.com/bid/7601 Bugtraq: 20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01) (Google Search) http://marc.info/?l=bugtraq&m=105595901923063&w=2 Debian Security Information: DSA-311 (Google Search) http://www.debian.org/security/2003/dsa-311 Debian Security Information: DSA-312 (Google Search) http://www.debian.org/security/2003/dsa-312 Debian Security Information: DSA-332 (Google Search) http://www.debian.org/security/2003/dsa-332 Debian Security Information: DSA-336 (Google Search) http://www.debian.org/security/2003/dsa-336 Debian Security Information: DSA-442 (Google Search) http://www.debian.org/security/2004/dsa-442 En Garde Linux Advisory: ESA-20030515-017 http://marc.info/?l=bugtraq&m=105301461726555&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:066 http://www.mandriva.com/security/advisories?name=MDKSA-2003:074 http://marc.info/?l=linux-kernel&m=104956079213417 http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A261 http://www.redhat.com/support/errata/RHSA-2003-145.html http://www.redhat.com/support/errata/RHSA-2003-147.html http://www.redhat.com/support/errata/RHSA-2003-172.html http://www.secunia.com/advisories/8786/ http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html XForce ISS Database: data-algorithmic-complexity-dos(15382) https://exchange.xforce.ibmcloud.com/vulnerabilities/15382 Common Vulnerability Exposure (CVE) ID: CVE-2003-0246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A278 TurboLinux Advisory: TLSA-2003-41 http://www.turbolinux.com/security/TLSA-2003-41.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0247 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A284 http://www.redhat.com/support/errata/RHSA-2003-187.html http://www.redhat.com/support/errata/RHSA-2003-195.html http://www.redhat.com/support/errata/RHSA-2003-198.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0248 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A292 Common Vulnerability Exposure (CVE) ID: CVE-2003-0462 Debian Security Information: DSA-358 (Google Search) http://www.debian.org/security/2004/dsa-358 Debian Security Information: DSA-423 (Google Search) http://www.debian.org/security/2004/dsa-423 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309 http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2003-239.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.