FrSIRT - Mandriva Security Update Fixes Kernel Code Execution and DoS Issues / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes Kernel Code Execution and DoS Issues

Title : Mandriva Security Update Fixes Kernel Code Execution and DoS Issues
Advisory ID : FrSIRT/ADV-2007-3509
CVE ID : CVE-2007-3105 - CVE-2007-3513 - CVE-2007-3642 - CVE-2007-3848 - CVE-2007-4308 - CVE-2007-4573
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-16

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to disclose sensitive information, cause a denial of service or gain elevated privileges [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
f99dbf1673d8a021cc34846f1638867b 2007.0/i586/kernel-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
50be9069d1764675309639acb2b40d56 2007.0/i586/kernel-doc-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
d21ea9807b3439ac1b5dad14dd079b14 2007.0/i586/kernel-enterprise-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
9580a6361e4d673ac8b0aaf03232007b 2007.0/i586/kernel-legacy-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
ce58edd917bbbd868ef1ce1bb128c8d1 2007.0/i586/kernel-source-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
b9177102e20d0f64b5cbff13cae899c5 2007.0/i586/kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
27682940a2c1885df7ada7dd68fe9efa 2007.0/i586/kernel-xen0-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
f96636a80d0779e84f1caa8b3d92f723 2007.0/i586/kernel-xenU-2.6.17.16mdv-1-1mdv2007.0.i586.rpm
34cb36342f866a44d34627a809db2ee5 2007.0/SRPMS/kernel-2.6.17.16mdv-1-1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
6eebbdf78fac9ef6092be3f4f07e0fec 2007.0/x86_64/kernel-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
b84feb968f88b161efd96711738eabb2 2007.0/x86_64/kernel-doc-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
24f8db96f8c023208b9d3b5e9d161f5d 2007.0/x86_64/kernel-source-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
37b99c870cc4e4aaecd17594559a2b04 2007.0/x86_64/kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
f318ae4d1d7f758ceed3c28a28bf0d7f 2007.0/x86_64/kernel-xen0-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
bd571bf3e47a687fcd114c6c104979c1 2007.0/x86_64/kernel-xenU-2.6.17.16mdv-1-1mdv2007.0.x86_64.rpm
34cb36342f866a44d34627a809db2ee5 2007.0/SRPMS/kernel-2.6.17.16mdv-1-1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
03c90fe390f2ae9d7ceedb9dd266cfb2 2007.1/i586/kernel-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
4070fd24952fbcc9e0d8eba63a1a0c22 2007.1/i586/kernel-doc-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
a6585e8a4e5b2aa7e809760bc86be173 2007.1/i586/kernel-doc-latest-2.6.17-16mdv.i586.rpm
e0b8a91221cb923b0e403770d54ed5c2 2007.1/i586/kernel-enterprise-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
c55e70042ca111ba1a479fab7412b488 2007.1/i586/kernel-enterprise-latest-2.6.17-16mdv.i586.rpm
e90e9e003a100f28946967838b75a2ac 2007.1/i586/kernel-latest-2.6.17-16mdv.i586.rpm
deebf4ee45c5c49982b371c616d1d80c 2007.1/i586/kernel-legacy-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
afc7017f980ee6530ad613dbbd657242 2007.1/i586/kernel-legacy-latest-2.6.17-16mdv.i586.rpm
f568fbb3f175e6a21982c75b3d5d42fa 2007.1/i586/kernel-source-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
2c3eaa1460f8ef5f89457e67a336addf 2007.1/i586/kernel-source-latest-2.6.17-16mdv.i586.rpm
a4dfaa5eb09bce6067269880bb5e78be 2007.1/i586/kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
5aac10bfc905b78a10c1f2bbee5e93c4 2007.1/i586/kernel-source-stripped-latest-2.6.17-16mdv.i586.rpm
62b77e1b1a8dc2ce3b9b259217f7819b 2007.1/i586/kernel-xen0-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
fa5877ae7b2a6184a44d8f2fc49ff57b 2007.1/i586/kernel-xen0-latest-2.6.17-16mdv.i586.rpm
eb1c600edc37ea22bcec5332b7a97bbe 2007.1/i586/kernel-xenU-2.6.17.16mdv-1-1mdv2007.1.i586.rpm
6b7f9b5fe6c0412747fa330a0156f9e8 2007.1/i586/kernel-xenU-latest-2.6.17-16mdv.i586.rpm
5f4702ebdfed6fbc6a836f08964c911e 2007.1/SRPMS/kernel-2.6.17.16mdv-1-1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
1432d1fbdba194acdcc48a99b9bd4724 2007.1/x86_64/kernel-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
2d32edff36cedd8e249496cfa82e4719 2007.1/x86_64/kernel-doc-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
1f0af512f928130e18eafd2e12bd0b15 2007.1/x86_64/kernel-doc-latest-2.6.17-16mdv.x86_64.rpm
55ff10072e971b7ee826bd5724ce92f6 2007.1/x86_64/kernel-latest-2.6.17-16mdv.x86_64.rpm
267f256e300350db12399c80c5bd76c7 2007.1/x86_64/kernel-source-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
c53bb5feb090da9625b0e4c9872c6e25 2007.1/x86_64/kernel-source-latest-2.6.17-16mdv.x86_64.rpm
cdb950f30f11337728c600a2e99a361a 2007.1/x86_64/kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
2ce0d1ce74d7a87a9cb926aa24d9c68d 2007.1/x86_64/kernel-source-stripped-latest-2.6.17-16mdv.x86_64.rpm
bafc17acacad6204732b025157495c1a 2007.1/x86_64/kernel-xen0-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
21f2c70634abce8dd9417d6dbd177207 2007.1/x86_64/kernel-xen0-latest-2.6.17-16mdv.x86_64.rpm
17078611f2cdbe9ec8a4baa37c7974a1 2007.1/x86_64/kernel-xenU-2.6.17.16mdv-1-1mdv2007.1.x86_64.rpm
6f6c78f6156fa5be6a0c9396657df315 2007.1/x86_64/kernel-xenU-latest-2.6.17-16mdv.x86_64.rpm
5f4702ebdfed6fbc6a836f08964c911e 2007.1/SRPMS/kernel-2.6.17.16mdv-1-1mdv2007.1.src.rpm

ChangeLog

2007-10-16 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)

	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities
	Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities