French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Private Exploit & PoC Codes Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Kernel Security Bypass and DoS Issues

Title : Mandriva Security Update Fixes Kernel Security Bypass and DoS Issues
Advisory ID : FrSIRT/ADV-2008-0122
CVE ID : CVE-2006-6058 - CVE-2007-3740 - CVE-2007-4133 - CVE-2007-4573 - CVE-2007-4997 - CVE-2007-5093 - CVE-2007-5500 - CVE-2007-6063
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-01-14

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers or malicious users to bypass security restrictions, disclose sensitive information or cause a denial of service [...]

Solution

Upgrade the affected packages :

Corporate 4.0:
07fa3648c4fcad266094de58ee5f7976 corporate/4.0/i586/kernel-2.6.12.33mdk-1-1mdk.i586.rpm
e252e134fca461feeee210bc85fe0b66 corporate/4.0/i586/kernel-BOOT-2.6.12.33mdk-1-1mdk.i586.rpm
2364ec022ffd41f61ef19aa4da196584 corporate/4.0/i586/kernel-doc-2.6.12.33mdk-1-1mdk.i586.rpm
56b9c725e2370594ea37bff83bec8adf corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.33mdk-1-1mdk.i586.rpm
ac5b435ab4b230da799b12b06054e3e5 corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.33mdk-1-1mdk.i586.rpm
4bd260613b29981fd3b0a742707c6785 corporate/4.0/i586/kernel-smp-2.6.12.33mdk-1-1mdk.i586.rpm
4111453b8da035fa44428f7d79b77c64 corporate/4.0/i586/kernel-source-2.6.12.33mdk-1-1mdk.i586.rpm
c31d879b0becf2c84569ad18615fbe7c corporate/4.0/i586/kernel-source-stripped-2.6.12.33mdk-1-1mdk.i586.rpm
9e8f1b4d991c1b144b5e999b647bbce6 corporate/4.0/i586/kernel-xbox-2.6.12.33mdk-1-1mdk.i586.rpm
895efcf862e5e8428ceec714f29666da corporate/4.0/i586/kernel-xen0-2.6.12.33mdk-1-1mdk.i586.rpm
bab9c0071d482b0e3c03c181b8cca71a corporate/4.0/i586/kernel-xenU-2.6.12.33mdk-1-1mdk.i586.rpm
877a5d94905829128211ecc1dd538138 corporate/4.0/SRPMS/kernel-2.6.12.33mdk-1-1mdk.src.rpm

Corporate 4.0/X86_64:
d2e4070842e4a6ea4d9e029a5977d929 corporate/4.0/x86_64/kernel-2.6.12.33mdk-1-1mdk.x86_64.rpm
bf3014e8afe93ab0a8877e1d80d921e4 corporate/4.0/x86_64/kernel-BOOT-2.6.12.33mdk-1-1mdk.x86_64.rpm
ac4c529077ff74e82362c1b7d4404233 corporate/4.0/x86_64/kernel-doc-2.6.12.33mdk-1-1mdk.x86_64.rpm
fe2963758a2fbef0ed561dd41741f1f0 corporate/4.0/x86_64/kernel-smp-2.6.12.33mdk-1-1mdk.x86_64.rpm
f8ea4d85518c1e2e6a8b163febbb39f8 corporate/4.0/x86_64/kernel-source-2.6.12.33mdk-1-1mdk.x86_64.rpm
773dd4eb7e4ebbe76c49817399bdfb23 corporate/4.0/x86_64/kernel-source-stripped-2.6.12.33mdk-1-1mdk.x86_64.rpm
83c8eb396798958d3a0581f7610973e8 corporate/4.0/x86_64/kernel-xen0-2.6.12.33mdk-1-1mdk.x86_64.rpm
e3a4fc8ac6984d283aebcbf8c733942f corporate/4.0/x86_64/kernel-xenU-2.6.12.33mdk-1-1mdk.x86_64.rpm
877a5d94905829128211ecc1dd538138 corporate/4.0/SRPMS/kernel-2.6.12.33mdk-1-1mdk.src.rpm

ChangeLog

2008-01-14 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Apple Safari Code Execution and Security Bypass Vulnerabilities

Apple iLife and Aperture Image Handling Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple TV Multiple File Processing Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone Code Execution and Security Bypass Vulnerabilities

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Mozilla Firefox Shortcut Handlingg Information Disclosure Vulnerability

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Sun Logical Domain Manager Local Privilege Escalation Vulnerability

Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability

Sun Java Messaging Server Cross Site Scripting Vulnerability

Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability

Sun Java System Identity Manager Security Bypass Vulnerabilities

Sun Solaris DHCP Buffer Overflow and Denial of Service

Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy