Vulnerability Assessment & Network Security Forums
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.
Vulnerability Assessment Details
Check for the version of the kernel package
Detailed Explanation for this Vulnerability Assessment
The remote host is missing the patch for the advisory MDKSA-2001:082-1 (kernel).
Rafal Wojtczuk found a vulnerability in the 2.2.19 and 2.4.11 Linux kernels with
the ptrace code and deeply nested symlinks spending an arbitrary amount of time
in the kernel code. The ptrace vulnerability could be used by local users to
gain root privilege, the symlink vulnerability could result in a local DoS.
There is an additional vulnerability in the kernel's syncookie code which could
potentially permit a remote attacker to guess the cookie and bypass existing
firewall rules. The discovery was found by Manfred Spraul and Andi Kleen.
NOTE: This update is *not* meant to be done via MandrakeUpdate! You must
download the necessary RPMs and upgrade manually by following these steps:
1. Type: rpm -ivh kernel-[version].i586.rpm 2. Type: mv
kernel-[version].i586.rpm /tmp 3. Type: rpm -Fvh *.rpm 4a. You may wish to edit
/etc/lilo.conf to ensure a new entry is in place. The new kernel will be the
last entry. Change any options you need to change. You will also want to create
a new entry with the initrd and image directives pointing to the old kernel's
vmlinuz and initrd images so you may also boot from the old images if required.
4b. PPC users must execute some additional instructions. First edit
/etc/yaboot.conf and add a new entry for the kernel and change any options that
you need to change. You must also create a new initrd image to enable USB
support for keyboards and mice by typing: mkinitrd --with=usb-ohci
/boot/initrd-2.2.19-19.1mdk 2.2.19-19.1mdk 5a. Type: /sbin/lilo -v 5b. PPC users
must type: /sbin/ybin -v
You may then reboot and use the new kernel and remove the older kernel when you
are comfortable using the upgraded one.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2001:082-1
Network Security Threat Level: High
Networks Security ID:
Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security
|IBM DX360 M3 SERVER E5506 2.13GHZ 16GB 2 X 600GB 10K SAS NO GPU CONNECTX-2
|IBM HS22 BLADECENTER SERVER TWO E5645 2.40GHZ 64GB 2 X 1.6TB SSD
|Server RAM 32GB 8x 4GB PC2-5300F FB DIMM Fully Buffered DDR2 667 FIT Dell HP IBM
|IBM HS22 BLADECENTER SERVER TWO E5506 2.13GHZ 32GB 1.6TB SSD
No Discussions have been posted on this vulnerability.