Mandrake Linux Security Advisory : kernel (MDKSA-2003:074)

critical Nessus Plugin ID 14057

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Multiple vulnerabilities were discovered and fixed in the Linux kernel.

- CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets.

- CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.

- CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.

- CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS.

- CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address.

- CVE-2003-0462: A file read race existed in the execve() system call.

Kernels for 9.1/x86 are also available (see MDKSA-2003:066).

MandrakeSoft encourages all users to upgrade to these new kernels.

For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php.

Solution

Update the affected packages.

See Also

https://marc.info/?l=bugtraq&m=105664924024009&w=2

Plugin Details

Severity: Critical

ID: 14057

File Name: mandrake_MDKSA-2003-074.nasl

Version: 1.20

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kernel-2.4.19.35mdk, p-cpe:/a:mandriva:linux:kernel-boot-2.4.19.35mdk, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.19.35mdk, p-cpe:/a:mandriva:linux:kernel-secure-2.4.19.35mdk, p-cpe:/a:mandriva:linux:kernel-smp-2.4.19.35mdk, p-cpe:/a:mandriva:linux:kernel-source, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 7/15/2003

Reference Information

CVE: CVE-2003-0001, CVE-2003-0244, CVE-2003-0246, CVE-2003-0247, CVE-2003-0248, CVE-2003-0462, CVE-2003-0476

MDKSA: 2003:074