English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58728
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2007:216 (kernel)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to kernel
announced via advisory MDKSA-2007:216.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

A typo in the Linux kernel caused RTA_MAX to be used as an array size
instead of RTN_MAX, which lead to an out of bounds access by certain
functions (CVE-2007-2172).

The IPv6 protocol allowed remote attackers to cause a denial of
service via crafted IPv6 type 0 route headers that create network
amplification between two routers (CVE-2007-2242).

The random number feature did not properly seed pools when there was
no entropy, or used an incorrect cast when extracting entropy, which
could cause the random number generator to provide the same values
after reboots on systems without an entropy source (CVE-2007-2453).

A memory leak in the PPPoE socket implementation allowed local users
to cause a denial of service (memory consumption) by creating a
socket using connect, and releasing it before the PPPIOCGCHAN ioctl
is initialized (CVE-2007-2525).

A stack-based buffer overflow in the random number generator could
allow local root users to cause a denial of service or gain privileges
by setting the default wakeup threshold to a value greater than the
output pool size (CVE-2007-3105).

The hugetlb_vmtruncate_list() and hugetlb_vmtruncate() functions in the
Linux kernel perform certain pio_tree calculations using HPAGE_SIZE
intead of PAGE_SIZE units, which may allow local users to cause a
denial of service (panic) via unspecified vectors (CVE-2007-4133).

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: Corporate 3.0, Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:216

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2172
BugTraq ID: 23447
http://www.securityfocus.com/bid/23447
Debian Security Information: DSA-1356 (Google Search)
http://www.debian.org/security/2007/dsa-1356
Debian Security Information: DSA-1363 (Google Search)
http://www.debian.org/security/2007/dsa-1363
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10764
http://www.redhat.com/support/errata/RHSA-2007-0347.html
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
http://www.redhat.com/support/errata/RHSA-2007-1049.html
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://secunia.com/advisories/25068
http://secunia.com/advisories/25288
http://secunia.com/advisories/25392
http://secunia.com/advisories/25838
http://secunia.com/advisories/26289
http://secunia.com/advisories/26450
http://secunia.com/advisories/26620
http://secunia.com/advisories/26647
http://secunia.com/advisories/27913
http://secunia.com/advisories/29058
http://secunia.com/advisories/33280
http://www.ubuntu.com/usn/usn-464-1
http://www.vupen.com/english/advisories/2007/2690
XForce ISS Database: kernel-dnfibprops-fibprops-dos(33979)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33979
Common Vulnerability Exposure (CVE) ID: CVE-2007-2242
BugTraq ID: 23615
http://www.securityfocus.com/bid/23615
Bugtraq: 20070508 FLEA-2007-0016-1: kernel (Google Search)
http://www.securityfocus.com/archive/1/467939/30/6690/threaded
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
http://www.securityfocus.com/archive/1/471457
CERT/CC vulnerability note: VU#267289
http://www.kb.cert.org/vuls/id/267289
FreeBSD Security Advisory: FreeBSD-SA-07:03.ipv6
http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc
http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
OpenBSD Security Advisory: [3.9] 20070423 022: SECURITY FIX: April 23, 2007
http://openbsd.org/errata39.html#022_route6
OpenBSD Security Advisory: [4.0] 20070423 012: SECURITY FIX: April 23, 2007
http://openbsd.org/errata40.html#012_route6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9574
http://www.securitytracker.com/id?1017949
http://secunia.com/advisories/24978
http://secunia.com/advisories/25033
http://secunia.com/advisories/25083
http://secunia.com/advisories/25691
http://secunia.com/advisories/25770
http://secunia.com/advisories/26133
http://secunia.com/advisories/26651
http://secunia.com/advisories/26664
http://secunia.com/advisories/26703
http://secunia.com/advisories/28806
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
SuSE Security Announcement: SUSE-SA:2008:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
http://www.ubuntu.com/usn/usn-486-1
http://www.ubuntu.com/usn/usn-508-1
http://www.vupen.com/english/advisories/2007/1563
http://www.vupen.com/english/advisories/2007/2270
http://www.vupen.com/english/advisories/2007/3050
XForce ISS Database: openbsd-ipv6-type0-dos(33851)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33851
Common Vulnerability Exposure (CVE) ID: CVE-2007-2453
BugTraq ID: 24390
http://www.securityfocus.com/bid/24390
http://marc.info/?l=linux-kernel&m=118128610219959&w=2
http://marc.info/?l=linux-kernel&m=118128622431272&w=2
http://osvdb.org/37114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9960
RedHat Security Advisories: RHSA-2007:0376
https://rhn.redhat.com/errata/RHSA-2007-0376.html
http://www.securitytracker.com/id?1018248
http://secunia.com/advisories/25596
http://secunia.com/advisories/25700
http://secunia.com/advisories/25961
http://secunia.com/advisories/26139
SuSE Security Announcement: SUSE-SA:2007:043 (Google Search)
http://www.novell.com/linux/security/advisories/2007_43_kernel.html
http://www.ubuntu.com/usn/usn-470-1
http://www.ubuntu.com/usn/usn-489-1
http://www.vupen.com/english/advisories/2007/2105
XForce ISS Database: kernel-randomnumber-weak-security(34781)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34781
Common Vulnerability Exposure (CVE) ID: CVE-2007-2525
BugTraq ID: 23870
http://www.securityfocus.com/bid/23870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10594
http://secunia.com/advisories/25163
http://secunia.com/advisories/27227
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.ubuntu.com/usn/usn-510-1
http://www.vupen.com/english/advisories/2007/1703
XForce ISS Database: kernel-pppoe-dos(34150)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34150
Common Vulnerability Exposure (CVE) ID: CVE-2007-3105
25348
http://www.securityfocus.com/bid/25348
26500
http://secunia.com/advisories/26500
26643
http://secunia.com/advisories/26643
26647
26651
26664
27212
http://secunia.com/advisories/27212
27227
27322
http://secunia.com/advisories/27322
27436
http://secunia.com/advisories/27436
27747
http://secunia.com/advisories/27747
29058
DSA-1363
DSA-1504
MDKSA-2007:195
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
MDKSA-2007:196
MDKSA-2007:216
RHSA-2007:0939
http://www.redhat.com/support/errata/RHSA-2007-0939.html
RHSA-2007:0940
http://www.redhat.com/support/errata/RHSA-2007-0940.html
SUSE-SA:2007:051
SUSE-SA:2007:053
USN-508-1
USN-509-1
http://www.ubuntu.com/usn/usn-509-1
USN-510-1
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log
https://issues.rpath.com/browse/RPL-1650
oval:org.mitre.oval:def:10371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10371
Common Vulnerability Exposure (CVE) ID: CVE-2007-4133
25904
http://www.securityfocus.com/bid/25904
26994
http://secunia.com/advisories/26994
28170
http://secunia.com/advisories/28170
28971
http://secunia.com/advisories/28971
DSA-1381
http://www.debian.org/security/2007/dsa-1381
MDVSA-2008:008
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
MDVSA-2008:105
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
USN-558-1
http://www.ubuntu.com/usn/usn-558-1
USN-578-1
http://www.ubuntu.com/usn/usn-578-1
http://tree.celinuxforum.org/gitstat/commit-detail.php?commit=856fc29505556cf263f3dcda2533cf3766c14ab6
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.19-rc4
kernel-hugetlbfs-dos(36925)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36925
oval:org.mitre.oval:def:10451
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10451
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.