Test ID:	1.3.6.1.4.1.25623.1.0.61137
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:113 (kernel)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kernel announced via advisory MDVSA-2008:113. A vulnerability was discovered and corrected in the Linux 2.6 kernel: The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules and (b) the gxsnmp package does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow (2) an oid length of zero, which can lead to an off-by-one error or (3) an indefinite length for a primitive encoding. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Affected: 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:113 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1673 1020210 http://www.securitytracker.com/id?1020210 20080611 rPSA-2008-0189-1 kernel xen http://www.securityfocus.com/archive/1/493300/100/0/threaded 29589 http://www.securityfocus.com/bid/29589 30000 http://secunia.com/advisories/30000 30580 http://secunia.com/advisories/30580 30644 http://secunia.com/advisories/30644 30658 http://secunia.com/advisories/30658 30982 http://secunia.com/advisories/30982 31107 http://secunia.com/advisories/31107 31836 http://secunia.com/advisories/31836 32103 http://secunia.com/advisories/32103 32104 http://secunia.com/advisories/32104 32370 http://secunia.com/advisories/32370 32759 http://secunia.com/advisories/32759 ADV-2008-1770 http://www.vupen.com/english/advisories/2008/1770 DSA-1592 http://www.debian.org/security/2008/dsa-1592 FEDORA-2008-5308 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00587.html MDVSA-2008:113 http://www.mandriva.com/security/advisories?name=MDVSA-2008:113 MDVSA-2008:174 http://www.mandriva.com/security/advisories?name=MDVSA-2008:174 SUSE-SA:2008:035 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html SUSE-SA:2008:038 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html SUSE-SA:2008:047 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html SUSE-SA:2008:048 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html SUSE-SA:2008:049 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html SUSE-SA:2008:052 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html SUSE-SR:2008:025 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html USN-625-1 http://www.ubuntu.com/usn/usn-625-1 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ddb2c43594f22843e9f3153da151deaba1a834c5 http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189 https://bugzilla.redhat.com/show_bug.cgi?id=443962 linux-kernel-ber-decoder-bo(42921) https://exchange.xforce.ibmcloud.com/vulnerabilities/42921
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.