INFORMATION

Name : MDVSA-2010:034 First Publication : 2010-02-08
Vendor : Last Modification : 2010-02-08
Revision : N/A
Severity (Vendor) : N/A

SECURITY-DATABASE SCORING CVSS v2

Cvss Base Score : 7.2 Attack Range : Local
Cvss Impact Score : 10 Attack Complexity : Low
Cvss Expoit Score : 3.9 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

: Problem Description:

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

Array index error in the gdth_read_event function in
drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows
local users to cause a denial of service or possibly gain privileges
via a negative event index in an IOCTL request. (CVE-2009-3080)

The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the
Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified
impact via a crafted HDLC packet that arrives over ISDN and triggers
a buffer under-read. (CVE-2009-4005)

Additionally, the Linux kernel was updated to the stable release
2.6.27.45.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate



ORIGINALSOURCES

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:034


CWE COMMON WEAKNESS ENUMERATION

CWE-119 - Failure to Constrain Operations within the Bounds of a Memory Buffer


OVAL ID

oval:org.mitre.oval:def:10989, Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
oval:org.mitre.oval:def:7101, Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
oval:org.mitre.oval:def:11155, The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.

oval:org.mitre.oval:def:11831, The operating system installed on the system is Red Hat Enterprise Linux 4
oval:org.mitre.oval:def:11414, The operating system installed on the system is Red Hat Enterprise Linux 5
oval:org.mitre.oval:def:5506, VMware ESX Server 4.0 is installed


CPE COMMON PLATFORM ENUMERATION


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

60426 : Linux Kernel drivers/isdn/hisax/hfc_usb.c collect_rx_frame Function Crafted HDLC Packet Handling Overflow.
60311 : Linux Kernel drivers/scsi/gdth.c gdth_read_event() Function IOCTL Handling Local DoS.


INTERNAL SOURCES (Detail)

CVSS v2
Name Severity Base Score Impact Score Exploit Score Attack Range Attack Complexity Auth
MDVSA-2010:034-2 High (High) 7.2 10 3.9 Local Low None Required
MDVSA-2010:034-1 High (High) 7.2 10 3.9 Local Low None Required
CVE-2009-4005 High (High) 7.2 10 3.9 Local Low None Required
CVE-2009-3080 High (High) 7.2 10 3.9 Local Low None Required