English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63285
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDVSA-2009:032 (kernel)
Summary:The remote host is missing an update to kernel;announced via advisory MDVSA-2009:032.
Description:Summary:
The remote host is missing an update to kernel
announced via advisory MDVSA-2009:032.

Vulnerability Insight:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8
and earlier allows local users to cause a denial of service (kernel
infinite loop) by making two calls to svc_listen for the same socket,
and then reading a /proc/net/atm/*vc file, related to corruption of
the vcc table. (CVE-2008-5079)

Linux kernel 2.6.28 allows local users to cause a denial of service
(soft lockup and process loss) via a large number of sendmsg function
calls, which does not block during AF_UNIX garbage collection
and triggers an OOM condition, a different vulnerability than
CVE-2008-5029. (CVE-2008-5300)

Additionally, wireless and hotkeys support for Asus EEE were fixed,
systems with HDA sound needing MSI support were added to the quirks
list to be autodetected, STAC92HD71Bx and STAC92HD75Bx based HDA
support was enhanced and fixed, support for HDA sound on Acer Aspire
8930 was added, Dell Inspiron Mini 9 HDA sound support was added, CIFS
filesystem should now work with Kerberos, and a few more things. Check
the package changelog for details.

To update your kernel, please follow the directions linked in the references.

Affected Software/OS:
Mandrake 2009.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5079
1021360
http://www.securitytracker.com/id?1021360
20081205 CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table
http://www.securityfocus.com/archive/1/498943/100/0/threaded
20081209 rPSA-2008-0332-1 kernel
http://www.securityfocus.com/archive/1/499044/100/0/threaded
32676
http://www.securityfocus.com/bid/32676
32913
http://secunia.com/advisories/32913
33083
http://secunia.com/advisories/33083
33348
http://secunia.com/advisories/33348
33623
http://secunia.com/advisories/33623
33641
http://secunia.com/advisories/33641
33704
http://secunia.com/advisories/33704
33706
http://secunia.com/advisories/33706
33756
http://secunia.com/advisories/33756
33854
http://secunia.com/advisories/33854
34981
http://secunia.com/advisories/34981
4694
http://securityreason.com/securityalert/4694
DSA-1787
http://www.debian.org/security/2009/dsa-1787
FEDORA-2008-11618
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html
MDVSA-2009:032
http://www.mandriva.com/security/advisories?name=MDVSA-2009:032
RHSA-2009:0053
http://www.redhat.com/support/errata/RHSA-2009-0053.html
RHSA-2009:0225
http://www.redhat.com/support/errata/RHSA-2009-0225.html
SUSE-SA:2009:004
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html
SUSE-SA:2009:008
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html
SUSE-SA:2009:010
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
USN-714-1
https://usn.ubuntu.com/714-1/
USN-715-1
http://www.ubuntu.com/usn/usn-715-1
[linux-netdev] 20081204 [PATCH] ATM: CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table
http://marc.info/?l=linux-netdev&m=122841256115780&w=2
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332
https://issues.rpath.com/browse/RPL-2915
oval:org.mitre.oval:def:11288
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11288
Common Vulnerability Exposure (CVE) ID: CVE-2008-5029
BugTraq ID: 32154
http://www.securityfocus.com/bid/32154
BugTraq ID: 33079
http://www.securityfocus.com/bid/33079
Bugtraq: 20090101 Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit (Google Search)
http://www.securityfocus.com/archive/1/499700/100/0/threaded
Bugtraq: 20090104 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2009-01/0006.html
http://www.securityfocus.com/archive/1/499744/100/0/threaded
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/512019/100/0/threaded
Debian Security Information: DSA-1681 (Google Search)
http://www.debian.org/security/2008/dsa-1681
Debian Security Information: DSA-1687 (Google Search)
http://www.debian.org/security/2008/dsa-1687
http://www.mandriva.com/security/advisories?name=MDVSA-2008:234
http://darkircop.org/unix.c
http://marc.info/?l=linux-netdev&m=122593044330973&w=2
http://www.openwall.com/lists/oss-security/2008/11/06/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11694
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9558
http://www.redhat.com/support/errata/RHSA-2009-0009.html
http://www.redhat.com/support/errata/RHSA-2009-0014.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
http://www.securitytracker.com/id?1021292
http://www.securitytracker.com/id?1021511
http://secunia.com/advisories/32918
http://secunia.com/advisories/32998
http://secunia.com/advisories/33180
http://secunia.com/advisories/33556
http://secunia.com/advisories/33586
http://securityreason.com/securityalert/4573
SuSE Security Announcement: SUSE-SA:2008:057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html
SuSE Security Announcement: SUSE-SA:2009:004 (Google Search)
SuSE Security Announcement: SUSE-SA:2009:008 (Google Search)
http://www.ubuntu.com/usn/usn-679-1
XForce ISS Database: linux-kernel-scmdestroy-dos(46538)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46538
Common Vulnerability Exposure (CVE) ID: CVE-2008-5300
BugTraq ID: 32516
http://www.securityfocus.com/bid/32516
Bugtraq: 20081209 rPSA-2008-0332-1 kernel (Google Search)
http://marc.info/?l=linux-netdev&m=122721862313564&w=2
http://marc.info/?l=linux-netdev&m=122765505415944&w=2
http://osvdb.org/50272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10283
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11427
http://securityreason.com/securityalert/4673
XForce ISS Database: linux-kernel-sendmsg-dos(46943)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46943
CopyrightCopyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.