Detections
Analytics
Mandrake Linux Security Advisory : kernel (MDKSA-2003:110)
high Nessus Plugin ID 14092
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous. A flaw in bounds checking in the do_brk() function can allow a local attacker to gain root privileges. This vulnerability is known to be exploitable; an exploit is in the wild at this time.The Mandrake Linux 9.2 kernels are not vulnerable to this problem as the fix for it is already present in kernel version 2.4.22-21mdk (provided in MDKA-2003:021).
MandrakeSoft encourages all users to upgrade their systems immediately.
To upgrade your kernel, please use the documentation available online :
http://www.mandrakesecure.net/en/kernelupdate.php
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 14092
File Name: mandrake_MDKSA-2003-110.nasl
Version: 1.19
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:kernel-2.4.19.36mdk, p-cpe:/a:mandriva:linux:kernel-2.4.21.0.26mdk, p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.19.36mdk, p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.21.0.26mdk, p-cpe:/a:mandriva:linux:kernel-secure-2.4.19.36mdk, p-cpe:/a:mandriva:linux:kernel-secure-2.4.21.0.26mdk, p-cpe:/a:mandriva:linux:kernel-smp-2.4.19.36mdk, p-cpe:/a:mandriva:linux:kernel-smp-2.4.21.0.26mdk, p-cpe:/a:mandriva:linux:kernel-source, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 12/1/2003
Reference Information
CVE: CVE-2003-0961
MDKSA: 2003:110