Get the LinuxSecurity news you want faster with RSS
Powered By
Mandrake: iproute2 temporary file vulnerability
Posted by Joe Shakespeare
Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack.
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: iproute2
Advisory ID: MDKSA-2004:148
Date: December 13th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
Herbert Xu discovered that iproute can accept spoofed messages sent
via the kernel netlink interface by other users on the local machine.
This could lead to a local Denial of Service attack.
The updated packages have been patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
290adad6e69300fa2781331090b9710f 10.0/RPMS/iproute2-2.4.7-11.1.100mdk.i586.rpm
44b2961ae2973264493bd34dbabd298f 10.0/SRPMS/iproute2-2.4.7-11.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
0f077f6057ded8de93567b9f4381bb36 amd64/10.0/RPMS/iproute2-2.4.7-11.1.100mdk.amd64.rpm
44b2961ae2973264493bd34dbabd298f amd64/10.0/SRPMS/iproute2-2.4.7-11.1.100mdk.src.rpm
Corporate Server 2.1:
40151a76e2858db11fa0222da80b07e7 corporate/2.1/RPMS/iproute2-2.4.7-4.2.C21mdk.i586.rpm
675c40d02db789e13254a2dabd246887 corporate/2.1/SRPMS/iproute2-2.4.7-4.2.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
2c12ed5a57a03d3fc5817dbb82db9101 x86_64/corporate/2.1/RPMS/iproute2-2.4.7-4.2.C21mdk.x86_64.rpm
675c40d02db789e13254a2dabd246887 x86_64/corporate/2.1/SRPMS/iproute2-2.4.7-4.2.C21mdk.src.rpm
Mandrakelinux 9.2:
bd787588ff4f13c7f01d1ff72468a58d 9.2/RPMS/iproute2-2.4.7-11.1.92mdk.i586.rpm
8a514462f7df3790a83f3459529b570b 9.2/SRPMS/iproute2-2.4.7-11.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
8eabf21a5800311960c1a0c624095dea amd64/9.2/RPMS/iproute2-2.4.7-11.1.92mdk.amd64.rpm
8a514462f7df3790a83f3459529b570b amd64/9.2/SRPMS/iproute2-2.4.7-11.1.92mdk.src.rpm
Multi Network Firewall 8.2:
9db0dd8abc802c56b6d080267419c605 mnf8.2/RPMS/iproute2-2.2.4-13.1.M82mdk.i586.rpm
028f2565993c862fe24c862d536cec71 mnf8.2/SRPMS/iproute2-2.2.4-13.1.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
