Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2009:118 First vendor Publication 2009-05-19
Vendor Mandriva Last vendor Modification 2009-05-19
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel:

The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. (CVE-2009-0028)

fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. (CVE-2009-0269)

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. (CVE-2009-0834)

The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343. (CVE-2009-0835)

The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21. (CVE-2009-1184)

Additionally, along with other things, this kernel update adds support for D-Link DWM 652 3.5G, some Intel gigabit network chipsets, Avermedia PCI pure analog (M135A), fixes a bug causing SQLite performance regression, and has some updated ALSA drivers. Check the package changelog for details.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:118

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-100 Overflow Buffers

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-264 Permissions, Privileges, and Access Controls
17 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
17 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11187
 
Oval ID: oval:org.mitre.oval:def:11187
Title: The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
Description: The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0028
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13265
 
Oval ID: oval:org.mitre.oval:def:13265
Title: DSA-1809-1 linux-2.6 -- denial of service, privilege escalation
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1630 Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. CVE-2009-1633 Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. CVE-2009-1758 Jan Beulich discovered an issue in Xen where local guest users may cause a denial of service. This update also fixes a regression introduced by the fix for CVE-2009-1184 in 2.6.26-15lenny3. This prevents a boot time panic on systems with SELinux enabled. For the stable distribution, these problems have been fixed in version 2.6.26-15lenny3. For the oldstable distribution, these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion.
Family: unix Class: patch
Reference(s): DSA-1809-1
CVE-2009-1630
CVE-2009-1633
CVE-2009-1758
CVE-2009-1184
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7947
 
Oval ID: oval:org.mitre.oval:def:7947
Title: VMware kernel clone system call vulnerability
Description: The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0028
 Version: 4
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8079
 
Oval ID: oval:org.mitre.oval:def:8079
Title: DSA-1809 linux-2.6 -- denial of service, privilege escalation
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. Jan Beulich discovered an issue in Xen where local guest users may cause a denial of service (oops). This update also fixes a regression introduced by the fix for CVE-2009-1184 in 2.6.26-15lenny3. This prevents a boot time panic on systems with SELinux enabled.
Family: unix Class: patch
Reference(s): DSA-1809
CVE-2009-1630
CVE-2009-1633
CVE-2009-1758
CVE-2009-1184
 Version: 3
Platform(s): Debian GNU/Linux 5.0
 Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8169
 
Oval ID: oval:org.mitre.oval:def:8169
Title: VMware kernel eCryptfs vulnerability
Description: fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0269
 Version: 4
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8508
 
Oval ID: oval:org.mitre.oval:def:8508
Title: VMware kernel audit_syscall_entry function vulnerability
Description: The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0834
 Version: 4
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8944
 
Oval ID: oval:org.mitre.oval:def:8944
Title: fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.
Description: fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0269
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9600
 
Oval ID: oval:org.mitre.oval:def:9600
Title: The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
Description: The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0834
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 11
Application 11
Os 4
Os 2
Os 1115
Os 3
Os 2
Os 2
Os 2
Os 1
Os 2
Os 1
Os 1
Os 1

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for kernel CESA-2009:0473 centos5 i386
File : nvt/gb_CESA-2009_0473_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:0326 centos5 i386
File : nvt/gb_CESA-2009_0326_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:0459 centos4 i386
File : nvt/gb_CESA-2009_0459_kernel_centos4_i386.nasl
2009-10-13 Name : SLES10: Security update for the Linux kernel
File : nvt/sles10_kernel8.nasl
2009-10-13 Name : SLES10: Security update for Linux kernel
File : nvt/sles10_kernel1.nasl
2009-10-11 Name : SLES11: Security update for Linux kernel
File : nvt/sles11_ext4dev-kmp-def.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5046302.nasl
2009-06-23 Name : Mandrake Security Advisory MDVSA-2009:135 (kernel)
File : nvt/mdksa_2009_135.nasl
2009-06-09 Name : SuSE Security Advisory SUSE-SA:2009:031 (kernel)
File : nvt/suse_sa_2009_031.nasl
2009-06-09 Name : SuSE Security Advisory SUSE-SA:2009:030 (kernel)
File : nvt/suse_sa_2009_030.nasl
2009-06-05 Name : Ubuntu USN-776-2 (kvm)
File : nvt/ubuntu_776_2.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:119 (kernel)
File : nvt/mdksa_2009_119.nasl
2009-06-05 Name : Debian Security Advisory DSA 1809-1 (linux-2.6)
File : nvt/deb_1809_1.nasl
2009-05-25 Name : Mandrake Security Advisory MDVSA-2009:118 (kernel)
File : nvt/mdksa_2009_118.nasl
2009-05-25 Name : Debian Security Advisory DSA 1800-1 (linux-2.6)
File : nvt/deb_1800_1.nasl
2009-05-11 Name : RedHat Security Advisory RHSA-2009:0473
File : nvt/RHSA_2009_0473.nasl
2009-05-11 Name : CentOS Security Advisory CESA-2009:0473 (kernel)
File : nvt/ovcesa2009_0473.nasl
2009-05-11 Name : Debian Security Advisory DSA 1794-1 (linux-2.6)
File : nvt/deb_1794_1.nasl
2009-05-05 Name : CentOS Security Advisory CESA-2009:0459 (kernel)
File : nvt/ovcesa2009_0459.nasl
2009-05-05 Name : Debian Security Advisory DSA 1787-1 (linux-2.6.24)
File : nvt/deb_1787_1.nasl
2009-05-05 Name : RedHat Security Advisory RHSA-2009:0459
File : nvt/RHSA_2009_0459.nasl
2009-05-05 Name : RedHat Security Advisory RHSA-2009:0451
File : nvt/RHSA_2009_0451.nasl
2009-04-20 Name : SuSE Security Advisory SUSE-SA:2009:021 (kernel)
File : nvt/suse_sa_2009_021.nasl
2009-04-15 Name : Ubuntu USN-752-1 (linux-source-2.6.15)
File : nvt/ubuntu_752_1.nasl
2009-04-15 Name : Ubuntu USN-753-1 (postgresql-8.3)
File : nvt/ubuntu_753_1.nasl
2009-04-06 Name : CentOS Security Advisory CESA-2009:0326 (kernel)
File : nvt/ovcesa2009_0326.nasl
2009-04-06 Name : RedHat Security Advisory RHSA-2009:0326
File : nvt/RHSA_2009_0326.nasl
2009-03-31 Name : Debian Security Advisory DSA 1749-1 (linux-2.6)
File : nvt/deb_1749_1.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0360
File : nvt/RHSA_2009_0360.nasl
2009-03-02 Name : SuSE Security Advisory SUSE-SA:2009:010 (kernel)
File : nvt/suse_sa_2009_010.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54667 Linux Kernel SELinux Subsystem security/selinux/hooks.c selinux_ip_postroute_...
53535 Systrace on x86_64 Linux 64-bit Process Monitoring Race Condition Local Sysca...
53534 Systrace on x86_64 Linux Local Syscall Handling Access Restriction Bypass
52462 Linux Kernel seccomp Subsystem kernel/seccomp.c __secure_computing Function 3...
52461 Linux Kernel 32bit/64bit audit_syscall_entry Function 32/64 Bit Syscall Cross...
52204 Linux Kernel clone() System Call Privileged Process Termination
52201 Linux Kernel syscall Filtering 32/64-bit Switching Bypass
51606 Linux Kernel eCryptfs Subsystem fs/ecryptfs/inode.c readlink Call Handling Lo...

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0009.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0004.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0473.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0459.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0326.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0079.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090401_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090507_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090430_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6236.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6113.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-119.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0473.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0326.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6237.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6109.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-090402.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-090401.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-090225.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-090602.nasl - Type : ACT_GATHER_INFO
2009-07-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-793-1.nasl - Type : ACT_GATHER_INFO
2009-06-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-135.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-6274.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1809.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0459.nasl - Type : ACT_GATHER_INFO
2009-05-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-118.nasl - Type : ACT_GATHER_INFO
2009-05-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1800.nasl - Type : ACT_GATHER_INFO
2009-05-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1794.nasl - Type : ACT_GATHER_INFO
2009-05-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0473.nasl - Type : ACT_GATHER_INFO
2009-05-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1787.nasl - Type : ACT_GATHER_INFO
2009-05-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0459.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-751-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-752-1.nasl - Type : ACT_GATHER_INFO
2009-04-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0326.nasl - Type : ACT_GATHER_INFO
2009-03-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1749.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:40:18
  • Multiple Updates