Detections
Analytics
Mandriva Linux Security Advisory : kernel (MDVSA-2010:257)
medium Nessus Plugin ID 51337
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A vulnerability was discovered and corrected in the Linux 2.6 kernel :The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
(CVE-2010-3858)
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. (CVE-2010-2963)
Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. (CVE-2010-3067)
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. (CVE-2010-3442)
A kernel stack overflow, a bad pointer dereference and a missing permission check were corrected in the econet implementation (CVE-2010-3848) (CVE-2010-3849) (CVE-2010-3850).
Additionally, the kernel has been updated to the stable upstream version 2.6.27.56.
To update your kernel, please follow the directions located at :
http://www.mandriva.com/en/security/kernelupdate
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 51337
File Name: mandriva_MDVSA-2010-257.nasl
Version: 1.15
Type: local
Family: Mandriva Local Security Checks
Published: 12/17/2010
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 5.4
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:gnbd-kernel-server-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:hso-kernel-desktop-latest, p-cpe:/a:mandriva:linux:hso-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:hso-kernel-server-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:iscsitarget-kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-2.6.27.56-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-2.6.27.56-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.27.56-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.27.56-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.27.56-1mnb, p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest, p-cpe:/a:mandriva:linux:kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kernel-doc, p-cpe:/a:mandriva:linux:kernel-server-2.6.27.56-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.27.56-1mnb, p-cpe:/a:mandriva:linux:kernel-server-devel-latest, p-cpe:/a:mandriva:linux:kernel-server-latest, p-cpe:/a:mandriva:linux:kernel-source-2.6.27.56-1mnb, p-cpe:/a:mandriva:linux:kernel-source-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:kqemu-kernel-server-latest, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lirc-kernel-server-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-server-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:drm-experimental-kernel-server-latest, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:et131x-kernel-desktop-latest, p-cpe:/a:mandriva:linux:et131x-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:et131x-kernel-server-latest, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2860-kernel-server-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rt2870-kernel-server-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:rtl8187se-kernel-server-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:tp_smapi-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxadd-kernel-server-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vboxvfs-kernel-server-latest, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:vhba-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia71xx-kernel-server-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:omfs-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omfs-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omfs-kernel-server-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:omnibook-kernel-server-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:opencbm-kernel-server-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:ov51x-jpeg-kernel-server-latest, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:qc-usb-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vhba-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vhba-kernel-server-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.56-desktop-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.56-desktop586-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.27.56-server-1mnb, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest, p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest, cpe:/o:mandriva:linux:2009.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/29/2010
Reference Information
CVE: CVE-2010-2963, CVE-2010-3067, CVE-2010-3442, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-3858
BID: 43353, 43787, 44242, 44301, 45072
MDVSA: 2010:257