|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2006:040: kernel Vulnerability Assessment Details
|
MDKSA-2006:040: kernel |
||
Check for the version of the kernel package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2006:040 (kernel). A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The udp_v6_get_port function in udp.c, when running IPv6, permits local users to cause a Denial of Service (infinite loop and crash) (CVE-2005-2973). The mq_open system call in certain situations can decrement a counter twice as a result of multiple calls to the mntput function when the dentry_open function call fails, permiting a local user to cause a DoS (panic) via unspecified attack vectors (CVE-2005-3356). The procfs code permits attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value (CVE-2005-4605). A buffer overflow in sysctl permits local users to cause a DoS and possibly execute arbitrary code via a long string, which causes sysctl to write a zero byte outside the buffer (CVE-2005-4618). A buffer overflow in the CA-driver for TwinHan DST Frontend/Card permits local users to cause a DoS (crash) and possibly execute arbitrary code by reading more than eight bytes into an eight byte long array (CVE-2005-4639). dm-crypt does not clear a structure before it is freed, which leads to a memory disclosure that could permit local users to obtain sensitive information about a cryptographic key (CVE-2006-0095). Remote attackers can cause a DoS via unknown attack vectors related to an 'extra dst release when ip_options_echo fails' in icmp.c (CVE-2006-0454). In addition to these security fixes, other fixes have been included such as: - support for mptsas - fix for IPv6 with sis190 - a problem with the time progressing twice as fast - a fix for Audigy 2 ZS Video Editor sample rates - a fix for a supermount crash when accessing a supermount-ed CD/ DVD drive - a fix for improperly unloading sbp2 module The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:040 Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security |
||
Cables, Connectors |
~CLEARANCE~ 15.6" Dell Latitude Laptop: 8GB RAM 256GB SSD Backlit Keyboard
$199.99
Team T-FORCE VULCAN Z 16GB (2 x 8GB) 288-Pin PC RAM DDR4 3200 (PC4 25600) XMP
$35.99
A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G
$13.99
HyperX FURY DDR3 8GB 16GB 32GB 1600 MHz PC3-12800 Desktop RAM Memory DIMM 240pin
$12.90
Crucial DDR3L 16GB 1600 2x 8GB PC3-12800 Laptop SODIMM Memory RAM PC3 16G DDR3
$21.50
Crucial 16GB (2x 8GB) Kit DDR3L 1600MHz PC3-12800 UDIMM Desktop 240-Pin CL11 RAM
$23.33
8GB PC3L-12800S 1600MHz SODIMM DDR3 RAM | Grade A
$12.00
CORSAIR Vengeance RGB Pro 32GB (2 x 16GB) 288-Pin PC RAM DDR4 3600 (PC4 28800)
$79.95
Kingston HyperX FURY DDR3 8GB 16GB 32G 1600 1866 1333 Desktop Memory RAM DIMM
$39.95
Dell Wyse 5060 Thin Client | AMD 2.4GHz | 4GB RAM | 8GB Flash |
$29.99
|
||
No Discussions have been posted on this vulnerability. |