Vulnerability Assessment & Network Security Forums
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.
Vulnerability Assessment Details
Check for the version of the kernel package
Detailed Explanation for this Vulnerability Assessment
The remote host is missing the patch for the advisory MDKSA-2002:041 (kernel).
A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux
kernel where a malformed packet could cause a crash.
Andrew Griffiths discovered a vulnerability that permits remote machines to read
random memory by utilizing a bug in the ICMP implementation of Linux kernels.
This only affects kernels prior to 2.4.0-test6 and 2.2.18
all Mandrake Linux
2.4 kernels are not vulnerable to this problem.
Another problem was discovered by the Linux Netfilter team in the IRC connection
tracking component of netfilter in Linux 2.4 kernels. It consists of a very
broad netmask setting which is applied to check if an IRC DCC connection through
a masqueraded firewall should be permited. This would lead to unwanted ports
being opened on the firewall which could possibly permit inbound connections
depending on the firewall rules in use.
The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as
routines from the compression library are used by functions that uncompress
filesystems loaded into ramdisks and other occassions that are not
security-critical. The kernel also uses the compression library in the PPP layer
as well as the freeswan IPSec kernel module.
As well, a number of other non-security fixes are present in these kernels,
including new and enhanced drivers, LSB compliance, and more.
MandrakeSoft encourages all users to upgrade their kernel as soon as possible to
these new 2.2 and 2.4 kernels.
NOTE: This update cannot be accomplished via MandrakeUpdate
it must be done on
the console. This prevents one from upgrading a kernel instead of installing a
new kernel. To upgrade, please ensure that you have first upgraded iptables,
mkinitrd, and initscripts packages if they are applicable to your platform. Use
'rpm -ivh kernel_package' to install the new kernel. Prior to rebooting,
double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC
users only) to ensure that you are able to boot properly into both old and new
kernels (this will permit you to boot into the old kernel if the new kernel does
not work to your liking).
LILO users should execute '/sbin/lilo -v', GRUB users should execute 'sh
/boot/grun/install.sh', and PPC users must type '/sbin/ybin -v' to write the
boot record in order to reboot into the new kernel if you made any changes to
the respective boot configuration files.
New kernels for Mandrake Linux 8.1/IA64 will be available shortly.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:041
Network Security Threat Level: High
Networks Security ID:
Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security
|Dell PowerEdge R510 2x L5640 2.26GHz 6 Core 64GB 12x 300GB 15K SAS PERC H700
|Dell PowerEdge R410 2x X5660 2.8GHz 6 Core 32GB 4X 450GB 15K SAS PERC 6/i
|Dell PowerEdge R410 2x X5550 2.66GHz Quad Core 32GB 4x 1TB 7.2K SATA PERC 6/i
|Dell 1TB 2.5'' SAS SED 6G 7.2K Server Hard Drive 0XKGH0 XKGH0 Self-Encrypting
No Discussions have been posted on this vulnerability.