|
Mandrake update for kernel
|
|
Secunia Advisory:
|
SA9011
|
|
|
Release Date:
|
2003-06-12
|
|
Popularity:
|
5,892 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of sensitive information
Privilege escalation
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Mandrake Linux 9.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2003-0001
CVE-2003-0244
CVE-2003-0246
CVE-2003-0247
CVE-2003-0248
|
|
Description:
MandrakeSoft has issued updated packages for the kernel. These fix multiple vulnerabilities, which are listed below.
1) Many ethernet NIC (Network Interface Card) device drivers pad frames with content from previous packets or kernel memory instead of using NULL-bytes. This may be exploited by malicious people to obtain potentially sensitive information by sending specially crafted packets to a vulnerable system.
2) An error in the way that the Linux Kernel handles caching of routing information can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system.
3) An error in the "ioperm" system call can allow unprivileged, local users to gain read and write access to I/O ports in the I/O address range 0x000-0x3FF (0-1023) on a system, which includes access to serial ports, parallel port, diskette drive controller, graphics controller, and keyboard.
4) An unspecified error in the TTY layer allows malicious people to cause a DoS.
5) An error in the "mxcsr" code allows manipulation of CPU state registers.
For more information:
http://secunia.com/advisories/8786/
http://secunia.com/advisories/8823/
http://secunia.com/advisories/8936/
Solution:
Upgrade automatically using MandrakeUpdate or manually by downloading the updated packages from one of MandrakeSoft's FTP server mirrors:
http://www.mandrakesecure.net/en/ftp.php
Updated packages:
-- Mandrake Linux 9.1 --
bca5bada0476e53911f157e9ec5ca504 9.1/RPMS/kernel-2.4.21.0.18mdk-1-1mdk.i586.rpm
57ee4b2b038598cbd020f1e0752a61dd 9.1/RPMS/kernel-BOOT-2.4.21.0.18mdk-1-1mdk.i586.rpm
b14c3291fab83bd1894c8b5217311dfa 9.1/RPMS/kernel-doc-2.4.21-0.18mdk.i586.rpm
ed766922171751e1f05c6ce590af9755 9.1/RPMS/kernel-enterprise-2.4.21.0.18mdk-1-1mdk.i586.rpm
64c554564115626ff86cf3fd5e40ece1 9.1/RPMS/kernel-secure-2.4.21.0.18mdk-1-1mdk.i586.rpm
944017f71e79714767d94517cd41110d 9.1/RPMS/kernel-smp-2.4.21.0.18mdk-1-1mdk.i586.rpm
9621bebecb94bc6031ffaa073c4967f1 9.1/RPMS/kernel-source-2.4.21-0.18mdk.i586.rpm
9d0c651808a2874256489f3a90ad6fdb 9.1/SRPMS/kernel-2.4.21.0.18mdk-1-1mdk.src.rpm
Original Advisory:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:066
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
