Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2008:223 First vendor Publication 2008-10-31
Vendor Mandriva Last vendor Modification 2008-10-31
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel:

Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors. (CVE-2008-3496)

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. (CVE-2008-3525)

Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. (CVE-2008-3526)

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113. (CVE-2008-4445)

Additionaly, fixes for sound on NEC Versa S9100 and others were added, PATA and AHCI support for Intel ICH10 was added, a fix to allow better disk transfer speeds was made for Hercules EC-900 mini-notebook, a cyrus-imapd corruption issue in x86_64 arch was solved, RealTek 8169/8168/8101 support was improved, and a few other things. Check the package changelog for details.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:223

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-100 Overflow Buffers

CWE : Common Weakness Enumeration

% Id Name
40 % CWE-200 Information Exposure
20 % CWE-264 Permissions, Privileges, and Access Controls
20 % CWE-189 Numeric Errors (CWE/SANS Top 25)
20 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20316
 
Oval ID: oval:org.mitre.oval:def:20316
Title: DSA-1655-1 linux-2.6.24 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data.
Family: unix Class: patch
Reference(s): DSA-1655-1
CVE-2008-1514
CVE-2008-3525
CVE-2008-3831
CVE-2008-4113
CVE-2008-4445
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): linux-2.6.24
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5671
 
Oval ID: oval:org.mitre.oval:def:5671
Title: Linux Kernel SBNI WAN Driver Privilege Check Bugs May Let Local Users Gain Elevated Privileges
Description: The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3525
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8075
 
Oval ID: oval:org.mitre.oval:def:8075
Title: DSA-1655 linux-2.6.24 -- denial of service/information leak/privilege escalation
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems: Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations. Olaf Kirch discovered an issue with the i915 driver that may allow local users to cause memory corruption by use of an ioctl with insufficient privilege restrictions. Eugene Teo discovered two issues in the SCTP subsystem which allow local users to obtain access to sensitive memory when the SCTP-AUTH extension is enabled.
Family: unix Class: patch
Reference(s): DSA-1655
CVE-2008-1514
CVE-2008-3525
CVE-2008-3831
CVE-2008-4113
CVE-2008-4445
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): linux-2.6.24
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9364
 
Oval ID: oval:org.mitre.oval:def:9364
Title: The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.
Description: The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3525
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1018

ExploitDB Exploits

id Description
2008-12-29 Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure Exploit

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for kernel CESA-2009:0001-01 centos2 i386
File : nvt/gb_CESA-2009_0001-01_kernel_centos2_i386.nasl
2009-10-13 Name : SLES10: Security update for Linux kernel
File : nvt/sles10_kernel6.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5036146.nasl
2009-06-30 Name : Fedora Core 9 FEDORA-2009-6846 (kernel)
File : nvt/fcore_2009_6846.nasl
2009-06-05 Name : Fedora Core 9 FEDORA-2009-5383 (kernel)
File : nvt/fcore_2009_5383.nasl
2009-04-09 Name : Mandriva Update for kernel MDVSA-2008:223 (kernel)
File : nvt/gb_mandriva_MDVSA_2008_223.nasl
2009-03-23 Name : Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-659-1
File : nvt/gb_ubuntu_USN_659_1.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0973-03
File : nvt/gb_RHSA-2008_0973-03_kernel.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0973 centos3 i386
File : nvt/gb_CESA-2008_0973_kernel_centos3_i386.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0973 centos3 x86_64
File : nvt/gb_CESA-2008_0973_kernel_centos3_x86_64.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-8980
File : nvt/gb_fedora_2008_8980_kernel_fc8.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-8929
File : nvt/gb_fedora_2008_8929_kernel_fc9.nasl
2009-02-13 Name : Fedora Update for kernel FEDORA-2008-11618
File : nvt/gb_fedora_2008_11618_kernel_fc9.nasl
2009-02-10 Name : CentOS Security Advisory CESA-2009:0001-01 (kernel)
File : nvt/ovcesa2009_0001_01.nasl
2009-02-02 Name : Fedora Core 9 FEDORA-2009-0816 (kernel)
File : nvt/fcore_2009_0816.nasl
2009-01-23 Name : SuSE Update for kernel SUSE-SA:2008:047
File : nvt/gb_suse_2008_047.nasl
2009-01-23 Name : SuSE Update for kernel SUSE-SA:2008:051
File : nvt/gb_suse_2008_051.nasl
2009-01-23 Name : SuSE Update for kernel SUSE-SA:2008:052
File : nvt/gb_suse_2008_052.nasl
2009-01-23 Name : SuSE Update for kernel SUSE-SA:2008:053
File : nvt/gb_suse_2008_053.nasl
2009-01-13 Name : RedHat Security Advisory RHSA-2009:0001
File : nvt/RHSA_2009_0001.nasl
2009-01-07 Name : RedHat Security Advisory RHSA-2008:0787
File : nvt/RHSA_2008_0787.nasl
2008-11-01 Name : Debian Security Advisory DSA 1655-1 (linux-2.6.24)
File : nvt/deb_1655_1.nasl
2008-11-01 Name : Debian Security Advisory DSA 1653-1 (linux-2.6)
File : nvt/deb_1653_1.nasl
2008-09-17 Name : Debian Security Advisory DSA 1636-1 (linux-2.6.24)
File : nvt/deb_1636_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
48902 Linux Kernel SCTP net/sctp/auth.c sctp_auth_ep_set_hmacs Function Crafted IOC...
48432 Linux Kernel wan Subsystem drivers/net/wan/sbni.c sbni_ioctl Function Local C...
48420 Linux Kernel sctp Implementation net/sctp/socket.c sctp_getsockopt_hmac_ident...
48120 Linux Kernel video4linux (V4L) uvcvideo uvc_driver.c uvc_parse_format Functio...
47960 Linux Kernel net/sctp/socket.c sctp_setsockopt_auth_key Function SCTP Remote ...

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0973.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081216_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-5667.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-5608.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_uvcvideo-kmp-bigsmp-5514.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-5668.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_uvcvideo-kmp-bigsmp-080818.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-081022.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-223.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-659-1.nasl - Type : ACT_GATHER_INFO
2009-01-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0001.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0973.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0973.nasl - Type : ACT_GATHER_INFO
2008-11-12 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-5751.nasl - Type : ACT_GATHER_INFO
2008-10-24 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8980.nasl - Type : ACT_GATHER_INFO
2008-10-24 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8929.nasl - Type : ACT_GATHER_INFO
2008-10-21 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-5700.nasl - Type : ACT_GATHER_INFO
2008-10-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1655.nasl - Type : ACT_GATHER_INFO
2008-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1653.nasl - Type : ACT_GATHER_INFO
2008-10-02 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-5566.nasl - Type : ACT_GATHER_INFO
2008-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_uvcvideo-kmp-bigsmp-5513.nasl - Type : ACT_GATHER_INFO
2008-09-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1636.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:39:46
  • Multiple Updates