Mandrake Linux Security Advisory : kernel (MDKSA-2006:123)

critical Nessus Plugin ID 22058

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

The kernel did not clear sockaddr_in.sin_zero before returning IPv4 socket names for the getsockopt function, which could allow a local user to obtain portions of potentially sensitive memory if getsockopt() is called with SO_ORIGINAL_DST (CVE-2006-1343).

Prior to 2.6.16, a buffer overflow in the USB Gadget RNDIS implementation could allow a remote attacker to cause a Denial of Service via a remote NDIS response (CVE-2006-1368).

Prior to 2.6.13, local users could cause a Denial of Service (crash) via a dio transfer from the sg driver to memory mapped IO space (CVE-2006-1528).

Prior to and including 2.6.16, the kernel did not add the appropriate LSM file_permission hooks to the readv and writev functions, which could allow an attacker to bypass intended access restrictions (CVE-2006-1856).

Prior to 2.6.16.17, a buffer oveflow in SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk (CVE-2006-1857).

Prior to 2.6.16.17, SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters (CVE-2006-1858).

Prior to 2.6.16.16, a memory leak in fs/locks.c could allow an attacker to cause a DoS (memory consumption) via unspecified actions (CVE-2006-1859).

Prior to 2.6.16.16, lease_init in fs/locks.c could allow an attacker to cause a DoS (fcntl_setlease lockup) via certain actions (CVE-2006-1860).

Prior to 2.6.17, SCTP allowed remote attackers to cause a DoS (infinite recursion and crash) via a packet that contains two or more DATA fragments (CVE-2006-2274).

Prior to 2.6.16.21, a race condition in run_posix_cpu timers could allow a local user to cause a DoS (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting (CVE-2006-2445).

Prior to 2.6.17.1, xt_sctp in netfilter could allow an attacker to cause a DoS (infinite loop) via an SCTP chunk with a 0 length (CVE-2006-3085).

As well, an issue where IPC could hit an unmapped vmalloc page when near the page boundary has been corrected.

In addition to these security fixes, other fixes have been included such as :

- avoid automatic update of kernel-source without updating the kernel

- fix USB EHCI handoff code, which made some machines hang while booting

- disable USB_BANDWIDTH which corrects a known problem in some USB sound devices

- fix a bluetooth refcounting bug which could hang the machine

- fix a NULL pointer dereference in USB-Serial's serial_open() function

- add missing wakeup in pl2303 TIOCMIWAIT handling

- fix a possible user-after-free in USB-Serial core

- suspend/resume fixes

- HPET timer fixes

- prevent fixed button event to reach userspace on S3 resume

- add sysfs support in ide-tape

- fix ASUS P5S800 reboot

Finally, a new drbd-utils package is provided that is a required upgrade with this new kernel due to a logic bug in the previously shipped version of drbd-utils that could cause a kernel panic on the master when a slave went offline.

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 22058

File Name: mandrake_MDKSA-2006-123.nasl

Version: 1.17

Type: local

Published: 7/18/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:drbd-utils, p-cpe:/a:mandriva:linux:drbd-utils-heartbeat, p-cpe:/a:mandriva:linux:kernel-2.6.12.23mdk, p-cpe:/a:mandriva:linux:kernel-boot-2.6.12.23mdk, p-cpe:/a:mandriva:linux:kernel-i586-up-1gb-2.6.12.23mdk, p-cpe:/a:mandriva:linux:kernel-i686-up-4gb-2.6.12.23mdk, p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.23mdk, p-cpe:/a:mandriva:linux:kernel-source-2.6.12.23mdk, p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.12.23mdk, p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.23mdk, p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.23mdk, p-cpe:/a:mandriva:linux:kernel-xenu-2.6.12.23mdk, cpe:/o:mandriva:linux:2006

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 7/13/2006

Reference Information

CVE: CVE-2006-1342, CVE-2006-1343, CVE-2006-1368, CVE-2006-1528, CVE-2006-1856, CVE-2006-1857, CVE-2006-1858, CVE-2006-1859, CVE-2006-1860, CVE-2006-2274, CVE-2006-2445, CVE-2006-3085

CWE: 119, 20

MDKSA: 2006:123