Executive Summary
Summary | |
---|---|
Title | Updated kernel packages fix multiple vulnerabilities and bugs |
Informations | |||
---|---|---|---|
Name | MDVSA-2008:043 | First vendor Publication | 2008-02-11 |
Vendor | Mandriva | Last vendor Modification | 2008-02-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges. Mandriva urges all users to upgrade to these new kernels immediately as this flaw is being actively exploited. This issue only affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are affected. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:043 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CAPEC-73 | User-Controlled Filename |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
CAPEC-81 | Web Logs Tampering |
CAPEC-83 | XPath Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-91 | XSS in IMG Tags |
CAPEC-99 | XML Parser Attack |
CAPEC-101 | Server Side Include (SSI) Injection |
CAPEC-104 | Cross Zone Scripting |
CAPEC-106 | Cross Site Scripting through Log Files |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-109 | Object Relational Mapping Injection |
CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
CAPEC-171 | Variable Manipulation |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11358 | |||
Oval ID: | oval:org.mitre.oval:def:11358 | ||
Title: | The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010. | ||
Description: | The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0600 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:044 (kernel) File : nvt/gb_mandriva_MDVSA_2008_044.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:043 (kernel) File : nvt/gb_mandriva_MDVSA_2008_043.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerability USN-577-1 File : nvt/gb_ubuntu_USN_577_1.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0129-01 File : nvt/gb_RHSA-2008_0129-01_kernel.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0129 centos5 i386 File : nvt/gb_CESA-2008_0129_kernel_centos5_i386.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0129 centos5 x86_64 File : nvt/gb_CESA-2008_0129_kernel_centos5_x86_64.nasl |
2009-02-17 | Name : Fedora Update for kernel FEDORA-2008-5454 File : nvt/gb_fedora_2008_5454_kernel_fc8.nasl |
2009-02-17 | Name : Fedora Update for kernel FEDORA-2008-4043 File : nvt/gb_fedora_2008_4043_kernel_fc7.nasl |
2009-02-17 | Name : Fedora Update for kernel FEDORA-2008-3873 File : nvt/gb_fedora_2008_3873_kernel_fc8.nasl |
2009-02-16 | Name : Fedora Update for kernel-xen-2.6 FEDORA-2008-1629 File : nvt/gb_fedora_2008_1629_kernel-xen-2.6_fc7.nasl |
2009-02-16 | Name : Fedora Update for kernel-xen-2.6 FEDORA-2008-1433 File : nvt/gb_fedora_2008_1433_kernel-xen-2.6_fc8.nasl |
2009-02-16 | Name : Fedora Update for kernel FEDORA-2008-1423 File : nvt/gb_fedora_2008_1423_kernel_fc8.nasl |
2009-02-16 | Name : Fedora Update for kernel FEDORA-2008-1422 File : nvt/gb_fedora_2008_1422_kernel_fc7.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:007 File : nvt/gb_suse_2008_007.nasl |
2009-01-23 | Name : SuSE Update for kernel-rt SUSE-SA:2008:013 File : nvt/gb_suse_2008_013.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:030 File : nvt/gb_suse_2008_030.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1494-1 (linux-2.6) File : nvt/deb_1494_1.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1494-2 (linux-2.6) File : nvt/deb_1494_2.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-042-01 kernel exploit fix File : nvt/esoft_slk_ssa_2008_042_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41853 | Linux Kernel vmsplice_to_pipe Function vmsplice System Call Local Privilege E... Linux kernel prior to version 2.6.24.2 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The vulnerability exists because the "vmsplice_to_pipe" function does not properly validate user supplied input. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2008-2002.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0129.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080212_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-044.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-043.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-5339.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1433.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1629.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0129.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4986.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4987.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-577-1.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0129.nasl - Type : ACT_GATHER_INFO |
2008-02-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1423.nasl - Type : ACT_GATHER_INFO |
2008-02-12 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-042-01.nasl - Type : ACT_GATHER_INFO |
2008-02-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1422.nasl - Type : ACT_GATHER_INFO |
2008-02-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1494.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:39:13 |
|