Mandriva Linux Security Advisory : kernel (MDVSA-2010:088)

medium Nessus Plugin ID 48181

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. (CVE-2009-3620)

fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount symlinks, which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)

The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. (CVE-2010-0622)

drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. (CVE-2010-0410)

The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. (CVE-2010-0623)

Aditionally, the kernel was updated to the 2.6.31.13 stable release, it was added support for Cirrus Logic CS420x HDA codec, Wacom driver was updated to version 0.8.5-12 and there is a fix in the driver for backlight on Eee PC 1201HA.

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 48181

File Name: mandriva_MDVSA-2010-088.nasl

Version: 1.14

Type: local

Published: 7/30/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:vboxadditions-kernel-server-latest, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.31.13-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:libafs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest, p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop-latest, p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:em8300-kernel-desktop-latest, p-cpe:/a:mandriva:linux:libafs-kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.31.13-1mnb, p-cpe:/a:mandriva:linux:kernel-2.6.31.13-1mnb, p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.31.13-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-server-2.6.31.13-1mnb, p-cpe:/a:mandriva:linux:kernel-source-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lirc-kernel-server-latest, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop-2.6.31.13-1mnb, p-cpe:/a:mandriva:linux:em8300-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.31.13-1mnb, p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest, p-cpe:/a:mandriva:linux:kernel-server-devel-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-server-latest, p-cpe:/a:mandriva:linux:em8300-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:libafs-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:em8300-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:libafs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.31.13-1mnb, p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.31.13-desktop-1mnb, cpe:/o:mandriva:linux:2010.0, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.13-server-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:broadcom-wl-kernel-server-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.31.13-desktop586-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.31.13-desktop-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/30/2010

Reference Information

CVE: CVE-2009-3620, CVE-2010-0410, CVE-2010-0622, CVE-2010-0623, CVE-2010-1088

BID: 36824, 38058, 38165, 39044

CWE: 20, 399

MDVSA: 2010:088