Mandrake Linux Security Advisory : kernel (MDKSA-2004:050)

high Nessus Plugin ID 14149

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Brad Spender discovered an exploitable bug in the cpufreq code in the Linux 2.6 kernel (CVE-2004-0228).

As well, a permissions problem existed on some SCSI drivers; a fix from Olaf Kirch is provided that changes the mode from 0777 to 0600.

This update also provides a 10.0/amd64 kernel with fixes for the previous MDKSA-2004:037 advisory as well as the above-noted fixes.

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at :

http://www.mandrakesoft.com/security/kernelupdate

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 14149

File Name: mandrake_MDKSA-2004-050.nasl

Version: 1.20

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kernel-2.4.22.32mdk, p-cpe:/a:mandriva:linux:kernel-2.4.25.5mdk, p-cpe:/a:mandriva:linux:kernel-2.6.3.13mdk, p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.22.32mdk, p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.25.5mdk, p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.3.13mdk, p-cpe:/a:mandriva:linux:kernel-i686-up-4gb-2.4.22.32mdk, p-cpe:/a:mandriva:linux:kernel-i686-up-4gb-2.4.25.5mdk, p-cpe:/a:mandriva:linux:kernel-i686-up-4gb-2.6.3.13mdk, p-cpe:/a:mandriva:linux:kernel-p3-smp-64gb-2.4.22.32mdk, p-cpe:/a:mandriva:linux:kernel-p3-smp-64gb-2.4.25.5mdk, p-cpe:/a:mandriva:linux:kernel-p3-smp-64gb-2.6.3.13mdk, p-cpe:/a:mandriva:linux:kernel-secure-2.4.22.32mdk, p-cpe:/a:mandriva:linux:kernel-secure-2.6.3.13mdk, p-cpe:/a:mandriva:linux:kernel-smp-2.4.22.32mdk, p-cpe:/a:mandriva:linux:kernel-smp-2.4.25.5mdk, p-cpe:/a:mandriva:linux:kernel-smp-2.6.3.13mdk, p-cpe:/a:mandriva:linux:kernel-source, p-cpe:/a:mandriva:linux:kernel-source-stripped, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 5/21/2004

Reference Information

CVE: CVE-2004-0228

MDKSA: 2004:050