Test ID:	1.3.6.1.4.1.25623.1.0.60750
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:086 (kernel)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kernel announced via advisory MDVSA-2008:086. The isdn_ioctl function in isdn_common.c in the Linux kernel prior to 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which trigger a buffer overflow (CVE-2007-6151). The do_corefump function in fs/exec.c in the Linux kernel prior to 2.6.24-rc3 did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which could possibly allow local users to obtain sensitive information (CVE-2007-6206). The shmem_getpage function in mm/shmem.c in the Linux kernel versions 2.6.11 through 2.6.23 did not properly clear allocated memory in certain rare circumstances related to tmps, which could possibly allow local users to read sensitive kernel data or cause a crash (CVE-2007-6417). Additionally, this kernel provides a fix for megaraid_sas and updates it to version 3.13, updates mptsas to version 3.12.19, and updates e1000-ng to version 7.6.12, as well as adds igb version 1.0.8. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:086 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6151 BugTraq ID: 27497 http://www.securityfocus.com/bid/27497 Debian Security Information: DSA-1479 (Google Search) http://www.debian.org/security/2008/dsa-1479 Debian Security Information: DSA-1503 (Google Search) http://www.debian.org/security/2008/dsa-1503 Debian Security Information: DSA-1504 (Google Search) http://www.debian.org/security/2008/dsa-1504 http://www.mandriva.com/security/advisories?name=MDVSA-2008:086 http://www.mandriva.com/security/advisories?name=MDVSA-2008:112 http://lists.vmware.com/pipermail/security-announce/2008/000023.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10971 RedHat Security Advisories: RHSA-2008:0055 http://rhn.redhat.com/errata/RHSA-2008-0055.html http://www.redhat.com/support/errata/RHSA-2008-0211.html http://www.redhat.com/support/errata/RHSA-2008-0787.html http://secunia.com/advisories/28626 http://secunia.com/advisories/28706 http://secunia.com/advisories/28748 http://secunia.com/advisories/28889 http://secunia.com/advisories/28971 http://secunia.com/advisories/29058 http://secunia.com/advisories/29570 http://secunia.com/advisories/30110 http://secunia.com/advisories/30962 http://secunia.com/advisories/31246 http://secunia.com/advisories/33280 SuSE Security Announcement: SUSE-SA:2008:007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html SuSE Security Announcement: SUSE-SA:2008:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html SuSE Security Announcement: SUSE-SA:2008:032 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://www.ubuntu.com/usn/usn-574-1 http://www.ubuntu.com/usn/usn-578-1 http://www.vupen.com/english/advisories/2008/2222/references Common Vulnerability Exposure (CVE) ID: CVE-2007-6206 BugTraq ID: 26701 http://www.securityfocus.com/bid/26701 Bugtraq: 20080208 rPSA-2008-0048-1 kernel (Google Search) http://www.securityfocus.com/archive/1/487808/100/0/threaded Debian Security Information: DSA-1436 (Google Search) http://www.debian.org/security/2007/dsa-1436 http://www.mandriva.com/security/advisories?name=MDVSA-2008:044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10719 http://www.redhat.com/support/errata/RHSA-2008-0089.html http://secunia.com/advisories/27908 http://secunia.com/advisories/28141 http://secunia.com/advisories/28643 http://secunia.com/advisories/28826 http://secunia.com/advisories/30818 SuSE Security Announcement: SUSE-SA:2008:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://www.vupen.com/english/advisories/2007/4090 XForce ISS Database: kernel-core-dump-information-disclosure(38841) https://exchange.xforce.ibmcloud.com/vulnerabilities/38841 Common Vulnerability Exposure (CVE) ID: CVE-2007-6417 BugTraq ID: 27694 http://www.securityfocus.com/bid/27694 http://marc.info/?l=linux-kernel&m=119627664702379&w=2 http://marc.info/?l=linux-kernel&m=119743651829347&w=2 http://marc.info/?l=linux-kernel&m=119769771026243&w=2 http://osvdb.org/44120 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8920 http://www.redhat.com/support/errata/RHSA-2008-0885.html http://secunia.com/advisories/28806 http://secunia.com/advisories/32023 SuSE Security Announcement: SUSE-SA:2008:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.