English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58108
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2007:060 (kernel)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to kernel
announced via advisory MDKSA-2007:060.

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel:

The 2.6.17 kernel and earlier, when running on IA64 and SPARC platforms
would allow a local user to cause a DoS (crash) via a malformed ELF file
(CVE-2006-4538).

The mincore function in the Linux kernel did not properly lock access to
user space, which has unspecified impact and attack vectors, possibly
related to a deadlock (CVE-2006-4814).

An unspecified vulnerability in the listxattr system call, when a bad
inode is present, could allow a local user to cause a DoS (data
corruption) and possibly gain privileges via unknown vectors
(CVE-2006-5753).

The zlib_inflate function allows local users to cause a crash via a
malformed filesystem that uses zlib compression that triggers memory
corruption (CVE-2006-5823).

The ext3fs_dirhash function could allow local users to cause a DoS
(crash) via an ext3 stream with malformed data structures
(CVE-2006-6053).

When SELinux hooks are enabled, the kernel could allow a local user to
cause a DoS (crash) via a malformed file stream that triggers a NULL
pointer derefernece (CVE-2006-6056).

The key serial number collision avoidance code in the key_alloc_serial
function in kernels 2.6.9 up to 2.6.20 allows local users to cause a
crash via vectors thatr trigger a null dereference (CVE-2007-0006).

The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker
to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that
triggered a free of an incorrect pointer (CVE-2007-0772).

A local user could read unreadable binaries by using the interpreter
(PT_INTERP) functionality and triggering a core dump
a variant of
CVE-2004-1073 (CVE-2007-0958).

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels immediately
and reboot to effect the fixes.

In addition to these security fixes, other fixes have been included
such as:

- add PCI IDs for cciss driver (HP ML370G5 / DL360G5)
- fixed a mssive SCSI reset on megasas (Dell PE2960)
- increased port-reset completion delay for HP controllers (HP ML350)
- NUMA rnage fixes for x86_64
- various netfilter fixes

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: 2006.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:060
http://qa.mandriva.com/show_bug.cgi?id=28461

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4538
BugTraq ID: 19702
http://www.securityfocus.com/bid/19702
Debian Security Information: DSA-1233 (Google Search)
http://www.us.debian.org/security/2006/dsa-1233
Debian Security Information: DSA-1237 (Google Search)
http://www.us.debian.org/security/2006/dsa-1237
http://www.mandriva.com/security/advisories?name=MDKSA-2007:060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10301
RedHat Security Advisories: RHSA-2007:0014
http://rhn.redhat.com/errata/RHSA-2007-0014.html
http://www.redhat.com/support/errata/RHSA-2007-1049.html
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://secunia.com/advisories/21967
http://secunia.com/advisories/21999
http://secunia.com/advisories/23370
http://secunia.com/advisories/23395
http://secunia.com/advisories/23474
http://secunia.com/advisories/23997
http://secunia.com/advisories/24206
http://secunia.com/advisories/24482
http://secunia.com/advisories/27913
http://secunia.com/advisories/33280
SuSE Security Announcement: SUSE-SA:2006:079 (Google Search)
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
http://www.ubuntu.com/usn/usn-347-1
http://www.vupen.com/english/advisories/2006/3670
Common Vulnerability Exposure (CVE) ID: CVE-2006-4814
2007-0002
http://www.trustix.org/errata/2007/0002/
20070615 rPSA-2007-0124-1 kernel xen
http://www.securityfocus.com/archive/1/471457
21663
http://www.securityfocus.com/bid/21663
23436
http://secunia.com/advisories/23436
23609
http://secunia.com/advisories/23609
23997
24098
http://secunia.com/advisories/24098
24100
http://secunia.com/advisories/24100
24206
24482
25691
http://secunia.com/advisories/25691
25714
http://secunia.com/advisories/25714
29058
http://secunia.com/advisories/29058
30110
http://secunia.com/advisories/30110
31246
http://secunia.com/advisories/31246
33280
ADV-2006-5082
http://www.vupen.com/english/advisories/2006/5082
ADV-2008-2222
http://www.vupen.com/english/advisories/2008/2222/references
DSA-1304
http://www.debian.org/security/2007/dsa-1304
DSA-1503
http://www.debian.org/security/2008/dsa-1503
MDKSA-2007:040
http://www.mandriva.com/security/advisories?name=MDKSA-2007:040
MDKSA-2007:060
RHSA-2007:0014
RHSA-2008:0211
http://www.redhat.com/support/errata/RHSA-2008-0211.html
RHSA-2008:0787
SUSE-SA:2007:018
http://www.novell.com/linux/security/advisories/2007_18_kernel.html
USN-416-1
http://www.ubuntu.com/usn/usn-416-1
[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.6
oval:org.mitre.oval:def:9648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9648
Common Vulnerability Exposure (CVE) ID: CVE-2006-5753
22316
http://www.securityfocus.com/bid/22316
23955
http://secunia.com/advisories/23955
24400
http://secunia.com/advisories/24400
24429
http://secunia.com/advisories/24429
24547
http://secunia.com/advisories/24547
25226
http://secunia.com/advisories/25226
25683
http://secunia.com/advisories/25683
33020
http://osvdb.org/33020
FEDORA-2007-277
http://fedoranews.org/cms/node/2739
FEDORA-2007-291
http://fedoranews.org/cms/node/2740
SUSE-SA:2007:021
http://www.novell.com/linux/security/advisories/2007_21_kernel.html
SUSE-SA:2007:030
http://www.novell.com/linux/security/advisories/2007_30_kernel.html
SUSE-SA:2007:035
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
http://lkml.org/lkml/2007/1/3/150
https://issues.rpath.com/browse/RPL-1106
oval:org.mitre.oval:def:9371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9371
Common Vulnerability Exposure (CVE) ID: CVE-2006-5823
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
Debian Security Information: DSA-1503 (Google Search)
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:047
http://projects.info-pull.com/mokb/MOKB-07-11-2006.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10588
RedHat Security Advisories: RHSA-2007:0436
http://rhn.redhat.com/errata/RHSA-2007-0436.html
http://secunia.com/advisories/22767
http://secunia.com/advisories/24259
http://secunia.com/advisories/25630
Common Vulnerability Exposure (CVE) ID: CVE-2006-6053
Debian Security Information: DSA-1304 (Google Search)
http://projects.info-pull.com/mokb/MOKB-10-11-2006.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10992
http://secunia.com/advisories/22776
http://www.vupen.com/english/advisories/2006/4458
Common Vulnerability Exposure (CVE) ID: CVE-2006-6056
http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
http://projects.info-pull.com/mokb/MOKB-14-11-2006.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9949
http://secunia.com/advisories/22887
http://secunia.com/advisories/24777
XForce ISS Database: linux-superblockdoinit-dos(30278)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30278
Common Vulnerability Exposure (CVE) ID: CVE-2007-0006
22539
http://www.securityfocus.com/bid/22539
24109
http://secunia.com/advisories/24109
24259
24300
http://secunia.com/advisories/24300
24752
http://secunia.com/advisories/24752
MDKSA-2007:047
RHSA-2007:0085
http://www.redhat.com/support/errata/RHSA-2007-0085.html
RHSA-2007:0099
http://www.redhat.com/support/errata/RHSA-2007-0099.html
USN-451-1
http://www.ubuntu.com/usn/usn-451-1
http://bugzilla.kernel.org/show_bug.cgi?id=7727
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227495
https://issues.rpath.com/browse/RPL-1097
oval:org.mitre.oval:def:9829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9829
Common Vulnerability Exposure (CVE) ID: CVE-2007-0772
BugTraq ID: 22625
http://www.securityfocus.com/bid/22625
http://osvdb.org/33022
http://secunia.com/advisories/24201
http://secunia.com/advisories/24215
SuSE Security Announcement: SUSE-SA:2007:018 (Google Search)
SuSE Security Announcement: SUSE-SA:2007:021 (Google Search)
http://www.vupen.com/english/advisories/2007/0660
XForce ISS Database: kernel-nfsaclsvc-dos(32578)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32578
Common Vulnerability Exposure (CVE) ID: CVE-2004-1073
BugTraq ID: 11646
http://www.securityfocus.com/bid/11646
Debian Security Information: DSA-1067 (Google Search)
http://www.debian.org/security/2006/dsa-1067
Debian Security Information: DSA-1069 (Google Search)
http://www.debian.org/security/2006/dsa-1069
Debian Security Information: DSA-1070 (Google Search)
http://www.debian.org/security/2006/dsa-1070
Debian Security Information: DSA-1082 (Google Search)
http://www.debian.org/security/2006/dsa-1082
https://bugzilla.fedora.us/show_bug.cgi?id=2336
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11503
http://www.redhat.com/support/errata/RHSA-2004-504.html
http://www.redhat.com/support/errata/RHSA-2004-505.html
http://www.redhat.com/support/errata/RHSA-2004-549.html
http://www.redhat.com/support/errata/RHSA-2005-293.html
http://www.redhat.com/support/errata/RHSA-2006-0190.html
http://www.redhat.com/support/errata/RHSA-2006-0191.html
http://secunia.com/advisories/18684
http://secunia.com/advisories/20162
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
XForce ISS Database: linux-elf-setuid-gain-privileges(18025)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18025
Common Vulnerability Exposure (CVE) ID: CVE-2007-0958
BugTraq ID: 22903
http://www.securityfocus.com/bid/22903
Debian Security Information: DSA-1286 (Google Search)
http://www.debian.org/security/2007/dsa-1286
http://osvdb.org/35930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10343
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
http://secunia.com/advisories/25078
http://secunia.com/advisories/25838
http://secunia.com/advisories/26289
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.