| Description: | Summary:
The remote host is missing an update to linux-2.6 announced via advisory DSA 1428-1.
This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1428)' (OID: 1.3.6.1.4.1.25623.1.0.60011).
Vulnerability Insight:
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-3104
Eric Sandeen provided a backport of Tejun Heo's fix for a local denial
of service vulnerability in sysfs. Under memory pressure, a dentry
structure maybe reclaimed resulting in a bad pointer dereference causing
an oops during a readdir.
CVE-2007-4997
Chris Evans discovered an issue with certain drivers that make use of the
Linux kernel's ieee80211 layer. A remote user could generate a malicious
802.11 frame that could result in a denial of service (crash). The ipw2100
driver is known to be affected by this issue, while the ipw2200 is
believed not to be.
CVE-2007-5500
Scott James Remnant diagnosed a coding error in the implementation of
ptrace which could be used by a local user to cause the kernel to enter
an infinite loop.
These problems have been fixed in the stable distribution in version
2.6.18.dfsg.1-13etch5.
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 4.0 (etch)
fai-kernels 1.17+etch.13etch5
user-mode-linux 2.6.18-1um-2etch.13etch5
Solution:
We recommend that you upgrade your kernel package immediately and reboot
CVSS Score:
7.1
CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
