|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2006:151: kernel Vulnerability Assessment Details
|
MDKSA-2006:151: kernel |
||
Check for the version of the kernel package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2006:151 (kernel). A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Prior to and including 2.6.16-rc2, when running on x86_64 systems with preemption enabled, local users can cause a DoS (oops) via multiple ptrace tasks that perform single steps (CVE-2006-1066). Prior to 2.6.16, a directory traversal vulnerability in CIFS could permit a local user to escape chroot restrictions for an SMB-mounted filesystem via '..\' sequences (CVE-2006-1863). Prior to 2.6.16, a directory traversal vulnerability in smbfs could permit a local user to escape chroot restrictions for an SMB-mounted filesystem via '..\' sequences (CVE-2006-1864). Prior to to 2.6.16.23, SCTP conntrack in netfilter permits remote attackers to cause a DoS (crash) via a packet without any chunks, causing a variable to contain an invalid value that is later used to dereference a pointer (CVE-2006-2934). The dvd_read_bca function in the DVD handling code assigns the wrong value to a length variable, which could permit local users to execute arbitrary code via a crafted USB storage device that triggers a buffer overflow (CVE-2006-2935). Prior to 2.6.17, the ftdi_sio driver could permit local users to cause a DoS (memory consumption) by writing more data to the serial port than the hardware can handle, causing the data to be queued (CVE-2006-2936). The 2.6 kernel, when using both NFS and EXT3, permited remote attackers to cause a DoS (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), triggering an error and causing an exported directory to be remounted read-only (CVE-2006-3468). The 2.6 kernel's SCTP was found to cause system crashes and permit for the possibility of local privilege escalation due to a bug in the get_user_iov_size() function that doesn't properly handle overflow when calculating the length of iovec (CVE-2006-3745). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as: - added support for new devices: o Testo products in usb-serial o ATI SB600 IDE o ULI M-1573 south Bridge o PATA and SATA support for nVidia MCP55, MCP61, MCP65, and AMD CS5536 o Asus W6A motherboard in snd-hda-intel o bcm 5780 - fixed ip_gre module unload OOPS - enabled opti621 driver for x86 and x86_64 - fixed a local DoS introduced by an imcomplete fix for CVE-2006-2445 - updated to Xen 3.0.1 with selected fixes - enable hugetlbfs To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:151 Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security |
||
Cables, Connectors |
HGST Ultrastar HE10 HUH721010ALE600 10TB SATA 6Gb/s 7200RPM 3.5" Enterprise HDD
$74.99
WD4000FYYZ Western Digital 4TB SATA 3.5 Hard Drive
$149.99
WF12F DELL 1TB 7.2K 6GBPS SATA 2.5'' HDD HARD DRIVE ST91000640NS 0WF12F
$25.00
Western Digital WD60PURZ 6TB Hard Drive SATA6 Gb/s 64MB Cache 3.5 Inch
$109.99
HGST Ultrastar DC HC520 12TB SATA 6Gb 256MB 3.5" Enterprise HDD- HUH721212ALE601
$82.99
Seagate Exos 7E10 ST2000NM000B 2TB 7200RPM SATA 6.0Gb/s 3.5" Internal Hard Drive
$29.99
TOSHIBA MD04ABA400V 4TB 128MB Cache SATA 6. 0Gb/s 3. 5"
$18.00
2 PACK Seagate ST1000LM035 Mobile HDD 1TB 2.5" SATA III Laptop Hard Drive
$27.25
WD 16TB Elements Desktop, Certified Refurbished Hard Drive - RWDBWLG0160HBK-NESN
$174.99
HDD-T10T-SM0F27495 - Supermicro 10TB 7.2K 6G SATA 3.5" HDD HUH721010ALE604
$43.77
|
||
No Discussions have been posted on this vulnerability. |