Mandriva Linux Security Advisory : kernel (MDVSA-2009:205)

NASLDB: Mandriva Linux Security Advisory : kernel (MDVSA-2009:205)

General

ID: 40637
Name: Mandriva Linux Security Advisory : kernel (MDVSA-2009:205)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

A vulnerability was discovered and corrected in the Linux 2.6 kernel :

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4,
does not initialize all function pointers for socket operations in
proto_ops structures, which allows local users to trigger a NULL
pointer dereference and gain privileges by using mmap to map page
zero, placing arbitrary code on this page, and then invoking an
unavailable operation, as demonstrated by the sendpage operation on a
PF_PPPOX socket. (CVE-2009-2692)

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2009-2692
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2009/08/17
Plugin Release: 2009/08/20

Plugin

Version: 1.10
Filename: mandriva_MDVSA-2009-205.nasl
Filesize: 57358 bytes
MD5 Hash: b89d6f700e60acf12759107d17f7a5eb

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG