Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2009:119 First vendor Publication 2009-05-19
Vendor Mandriva Last vendor Modification 2009-05-19
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel:

The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. (CVE-2009-1337)

The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21. (CVE-2009-1184)

drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 does not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. (CVE-2009-1192)

Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes garbage memory to be sent. (CVE-2009-1265)

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:119

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-189 Numeric Errors (CWE/SANS Top 25)
33 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10567
 
Oval ID: oval:org.mitre.oval:def:10567
Title: The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
Description: The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1192
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10919
 
Oval ID: oval:org.mitre.oval:def:10919
Title: Service Console update for COS kernel
Description: The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1337
 Version: 3
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11206
 
Oval ID: oval:org.mitre.oval:def:11206
Title: The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
Description: The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1337
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13265
 
Oval ID: oval:org.mitre.oval:def:13265
Title: DSA-1809-1 linux-2.6 -- denial of service, privilege escalation
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1630 Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. CVE-2009-1633 Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. CVE-2009-1758 Jan Beulich discovered an issue in Xen where local guest users may cause a denial of service. This update also fixes a regression introduced by the fix for CVE-2009-1184 in 2.6.26-15lenny3. This prevents a boot time panic on systems with SELinux enabled. For the stable distribution, these problems have been fixed in version 2.6.26-15lenny3. For the oldstable distribution, these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion.
Family: unix Class: patch
Reference(s): DSA-1809-1
CVE-2009-1630
CVE-2009-1633
CVE-2009-1758
CVE-2009-1184
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22879
 
Oval ID: oval:org.mitre.oval:def:22879
Title: ELSA-2009:0473: kernel security and bug fix update (Important)
Description: The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
Family: unix Class: patch
Reference(s): ELSA-2009:0473-01
CVE-2008-4307
CVE-2009-0787
CVE-2009-0834
CVE-2009-1336
CVE-2009-1337
 Version: 25
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29446
 
Oval ID: oval:org.mitre.oval:def:29446
Title: RHSA-2009:0473 -- kernel security and bug fix update (Important)
Description: Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system.
Family: unix Class: patch
Reference(s): RHSA-2009:0473
CESA-2009:0473-CentOS 5
CVE-2008-4307
CVE-2009-0787
CVE-2009-0834
CVE-2009-1336
CVE-2009-1337
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8003
 
Oval ID: oval:org.mitre.oval:def:8003
Title: VMware kernel agp subsystem vulnerability
Description: The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1192
 Version: 4
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8079
 
Oval ID: oval:org.mitre.oval:def:8079
Title: DSA-1809 linux-2.6 -- denial of service, privilege escalation
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. Jan Beulich discovered an issue in Xen where local guest users may cause a denial of service (oops). This update also fixes a regression introduced by the fix for CVE-2009-1184 in 2.6.26-15lenny3. This prevents a boot time panic on systems with SELinux enabled.
Family: unix Class: patch
Reference(s): DSA-1809
CVE-2009-1630
CVE-2009-1633
CVE-2009-1758
CVE-2009-1184
 Version: 3
Platform(s): Debian GNU/Linux 5.0
 Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8295
 
Oval ID: oval:org.mitre.oval:def:8295
Title: VMware kernel exit_notify function vulnerability
Description: The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1337
 Version: 4
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1149

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for kernel CESA-2009:1550 centos3 i386
File : nvt/gb_CESA-2009_1550_kernel_centos3_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1106 centos5 i386
File : nvt/gb_CESA-2009_1106_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:0473 centos5 i386
File : nvt/gb_CESA-2009_0473_kernel_centos5_i386.nasl
2009-11-17 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5062456.nasl
2009-11-17 Name : SLES10: Security update for Linux kernel
File : nvt/sles10_kernel9.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1550
File : nvt/RHSA_2009_1550.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1550 (kernel)
File : nvt/ovcesa2009_1550.nasl
2009-10-13 Name : SLES10: Security update for the Linux kernel
File : nvt/sles10_kernel8.nasl
2009-10-11 Name : SLES11: Security update for the Linux kernel
File : nvt/sles11_ext4dev-kmp-def0.nasl
2009-10-10 Name : SLES9: Security update for the Linux kernel
File : nvt/sles9p5051763.nasl
2009-07-06 Name : RedHat Security Advisory RHSA-2009:1132
File : nvt/RHSA_2009_1132.nasl
2009-06-23 Name : Mandrake Security Advisory MDVSA-2009:135 (kernel)
File : nvt/mdksa_2009_135.nasl
2009-06-23 Name : CentOS Security Advisory CESA-2009:1106 (kernel)
File : nvt/ovcesa2009_1106.nasl
2009-06-23 Name : RedHat Security Advisory RHSA-2009:1106
File : nvt/RHSA_2009_1106.nasl
2009-06-09 Name : SuSE Security Advisory SUSE-SA:2009:030 (kernel)
File : nvt/suse_sa_2009_030.nasl
2009-06-09 Name : SuSE Security Advisory SUSE-SA:2009:031 (kernel)
File : nvt/suse_sa_2009_031.nasl
2009-06-09 Name : SuSE Security Advisory SUSE-SA:2009:032 (kernel)
File : nvt/suse_sa_2009_032.nasl
2009-06-05 Name : Ubuntu USN-776-2 (kvm)
File : nvt/ubuntu_776_2.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:119 (kernel)
File : nvt/mdksa_2009_119.nasl
2009-06-05 Name : Fedora Core 10 FEDORA-2009-5356 (kernel)
File : nvt/fcore_2009_5356.nasl
2009-06-05 Name : Debian Security Advisory DSA 1809-1 (linux-2.6)
File : nvt/deb_1809_1.nasl
2009-06-05 Name : RedHat Security Advisory RHSA-2009:1081
File : nvt/RHSA_2009_1081.nasl
2009-06-05 Name : RedHat Security Advisory RHSA-2009:1077
File : nvt/RHSA_2009_1077.nasl
2009-05-25 Name : Mandrake Security Advisory MDVSA-2009:118 (kernel)
File : nvt/mdksa_2009_118.nasl
2009-05-25 Name : Debian Security Advisory DSA 1800-1 (linux-2.6)
File : nvt/deb_1800_1.nasl
2009-05-20 Name : RedHat Security Advisory RHSA-2009:1024
File : nvt/RHSA_2009_1024.nasl
2009-05-11 Name : CentOS Security Advisory CESA-2009:0473 (kernel)
File : nvt/ovcesa2009_0473.nasl
2009-05-11 Name : Debian Security Advisory DSA 1794-1 (linux-2.6)
File : nvt/deb_1794_1.nasl
2009-05-11 Name : RedHat Security Advisory RHSA-2009:0473
File : nvt/RHSA_2009_0473.nasl
2009-05-05 Name : Debian Security Advisory DSA 1787-1 (linux-2.6.24)
File : nvt/deb_1787_1.nasl
2009-05-05 Name : RedHat Security Advisory RHSA-2009:0451
File : nvt/RHSA_2009_0451.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54667 Linux Kernel SELinux Subsystem security/selinux/hooks.c selinux_ip_postroute_...
54379 Linux Kernel agp Subsystem drivers/char/agp/generic.c Local Memory Disclosure
53631 Linux Kernel net/x25/af_x25.c x25_sendmsg() Function Length Value Handling Ov...
53630 Linux Kernel net/netrom/af_netrom.c nr_sendmsg() Function Length Value Handli...
53629 Linux Kernel kernel/exit.c exit_notify() Function CAP_KILL Capability Local P...
53571 Linux Kernel sys/net/af_rose.c rose_sendmsg() Function Length Value Handling ...

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-04-30 IAVM : 2009-T-0024 - Multiple Vulnerabilities in Linux Kernel
Severity : Category I - VMSKEY : V0018983

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0009.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1132.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0473.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1106.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1077.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090507_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091103_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090630_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090616_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6641.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6636.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6236.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6637.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-119.nasl - Type : ACT_GATHER_INFO
2010-06-28 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0010.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1106.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0473.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12541.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6632.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-090527.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6237.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-090602.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-090527.nasl - Type : ACT_GATHER_INFO
2009-07-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-793-1.nasl - Type : ACT_GATHER_INFO
2009-07-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1132.nasl - Type : ACT_GATHER_INFO
2009-06-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-135.nasl - Type : ACT_GATHER_INFO
2009-06-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1106.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-6274.nasl - Type : ACT_GATHER_INFO
2009-06-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1809.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5356.nasl - Type : ACT_GATHER_INFO
2009-05-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-118.nasl - Type : ACT_GATHER_INFO
2009-05-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1024.nasl - Type : ACT_GATHER_INFO
2009-05-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1800.nasl - Type : ACT_GATHER_INFO
2009-05-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1794.nasl - Type : ACT_GATHER_INFO
2009-05-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0473.nasl - Type : ACT_GATHER_INFO
2009-05-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1787.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:40:18
  • Multiple Updates