LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: kernel mulitple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake Multiple vulnerabilities were discovered and fixed in the Linux kernel.

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           kernel
Advisory ID:            MDKSA-2003:074
Date:                   July 15th, 2003

Affected versions:	8.2, 9.0, Corporate Server 2.1,
			Multi Network Firewall 8.2
________________________________________________________________________

Problem Description:

 Multiple vulnerabilities were discovered and fixed in the Linux kernel.
 
 * CAN-2003-0001: Multiple ethernet network card drivers do not pad
   frames with null bytes which allows remote attackers to obtain
   information from previous packets or kernel memory by using
   special malformed packets.
 
 * CAN-2003-0244: The route cache implementation in the 2.4 kernel and
   the Netfilter IP conntrack module allows remote attackers to cause a
   Denial of Service (DoS) via CPU consumption due to packets with
   forged source addresses that cause a large number of hash table
   collisions related to the PREROUTING chain.
 
 * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier
   kernels does not properly restrict privileges, which allows local
   users to gain read or write access to certain I/O ports.
 
 * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel
   allows attackers to cause a kernel oops resulting in a DoS.
 
 * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to
   modify CPU state registers via a malformed address.
 
 * CAN-2003-0462: A file read race existed in the execve() system call.
 
 Kernels for 9.1/x86 are also available (see MDKSA-2003:066).
 
 MandrakeSoft encourages all users to upgrade to these new kernels.
 
 For full instructions on how to properly upgrade your kernel, please
 review  http://www.mandrakesecure.net/en/docs/magic.php.
________________________________________________________________________

References:
  
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0462
   http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2
________________________________________________________________________

Updated Packages:
  
 Corporate Server 2.1:
 7d1353ce3e9fb208432efbdd2b88ce1d  corporate/2.1/RPMS/kernel-2.4.19.35mdk-1-1mdk.i586.rpm
 0326b72151288d0019f8931c00ee0e09  corporate/2.1/RPMS/kernel-BOOT-2.4.19.35mdk-1-1mdk.i586.rpm
 32b1a09f83f47f5ff1a5d57a80ccb20a  corporate/2.1/RPMS/kernel-enterprise-2.4.19.35mdk-1-1mdk.i586.rpm
 980ba2d5c0a1d8a9912c2a69acbbfe78  corporate/2.1/RPMS/kernel-secure-2.4.19.35mdk-1-1mdk.i586.rpm
 958b18995fe86327c810f61f4f0dde19  corporate/2.1/RPMS/kernel-smp-2.4.19.35mdk-1-1mdk.i586.rpm
 8820530236f374ef7785894da1d9d335  corporate/2.1/RPMS/kernel-source-2.4.19-35mdk.i586.rpm
 32603ada685f5e679c4be90942bb3a82  corporate/2.1/SRPMS/kernel-2.4.19.35mdk-1-1mdk.src.rpm

 Mandrake Linux 8.2:
 2619584b889187747e02fea73a4f1a8e  8.2/RPMS/kernel-2.4.19.35mdk-1-1mdk.i586.rpm
 3eaea1e08d39961b53d5738b29aea33e  8.2/RPMS/kernel-BOOT-2.4.19.35mdk-1-1mdk.i586.rpm
 b4692c3e92c7e6a43f96bd1f6d7f9358  8.2/RPMS/kernel-doc-2.4.19-35mdk.i586.rpm
 e84542a0bdb5b41cec474bf4e4e3c604  8.2/RPMS/kernel-enterprise-2.4.19.35mdk-1-1mdk.i586.rpm
 491ae5f0690d23df6219cca1ed1eba18  8.2/RPMS/kernel-secure-2.4.19.35mdk-1-1mdk.i586.rpm
 c776ded96b8a2c348243f2597dd86502  8.2/RPMS/kernel-smp-2.4.19.35mdk-1-1mdk.i586.rpm
 cef13c1241944b7bd2d7504cb7352305  8.2/RPMS/kernel-source-2.4.19-35mdk.i586.rpm
 32603ada685f5e679c4be90942bb3a82  8.2/SRPMS/kernel-2.4.19.35mdk-1-1mdk.src.rpm

 Mandrake Linux 8.2/PPC:
 be46c251cf9c926a343d4669a841ea2c  ppc/8.2/RPMS/kernel-2.4.19.35mdk-1-1mdk.ppc.rpm
 b89668f6f92f1066f5cbdd04780fa7b5  ppc/8.2/RPMS/kernel-doc-2.4.19-35mdk.ppc.rpm
 da58d7320c3a22304e00a1a2498d9062  ppc/8.2/RPMS/kernel-enterprise-2.4.19.35mdk-1-1mdk.ppc.rpm
 128aff5750789a51db0985ee17ad466b  ppc/8.2/RPMS/kernel-smp-2.4.19.35mdk-1-1mdk.ppc.rpm
 82eab7a11ded653b85f741f1d5892338  ppc/8.2/RPMS/kernel-source-2.4.19-35mdk.ppc.rpm
 32603ada685f5e679c4be90942bb3a82  ppc/8.2/SRPMS/kernel-2.4.19.35mdk-1-1mdk.src.rpm

 Mandrake Linux 9.0:
 7d1353ce3e9fb208432efbdd2b88ce1d  9.0/RPMS/kernel-2.4.19.35mdk-1-1mdk.i586.rpm
 0326b72151288d0019f8931c00ee0e09  9.0/RPMS/kernel-BOOT-2.4.19.35mdk-1-1mdk.i586.rpm
 efb37c9fe34a782d4bc9425e0ac19dda  9.0/RPMS/kernel-doc-2.4.19-35mdk.i586.rpm
 32b1a09f83f47f5ff1a5d57a80ccb20a  9.0/RPMS/kernel-enterprise-2.4.19.35mdk-1-1mdk.i586.rpm
 980ba2d5c0a1d8a9912c2a69acbbfe78  9.0/RPMS/kernel-secure-2.4.19.35mdk-1-1mdk.i586.rpm
 958b18995fe86327c810f61f4f0dde19  9.0/RPMS/kernel-smp-2.4.19.35mdk-1-1mdk.i586.rpm
 8820530236f374ef7785894da1d9d335  9.0/RPMS/kernel-source-2.4.19-35mdk.i586.rpm
 32603ada685f5e679c4be90942bb3a82  9.0/SRPMS/kernel-2.4.19.35mdk-1-1mdk.src.rpm

 Multi Network Firewall 8.2:
 491ae5f0690d23df6219cca1ed1eba18  mnf8.2/RPMS/kernel-secure-2.4.19.35mdk-1-1mdk.i586.rpm
 32603ada685f5e679c4be90942bb3a82  mnf8.2/SRPMS/kernel-2.4.19.35mdk-1-1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

   http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security@mandrake.com>

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System
Internet of things big security worry, says HP
Boffins build FREE SUPERCOMPUTER from free cloud server trials
Insecure Connections: Enterprises hacked after neglecting third-party risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.