MDVSA-2008:044 -- Mandriva kernelID: oval:org.secpod.oval:def:301433 | Date: (C)2012-01-07 (M)2023-11-09 |
Class: PATCH | Family: unix |
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service via unspecified vectors. NOTE: some of these details are obtained from third party information. The tcp_sacktag_write_queue function in the Linux kernel 2.6.21 through 2.6.23.7 allowed remote attackers to cause a denial of service via crafted ACK responses that trigger a NULL pointer dereference . The do_corefump function in fs/exec.c in the Linux kernel prior to 2.6.24-rc3 did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which could possibly allow local users to obtain sensitive information . VFS in the Linux kernel before 2.6.22.16 performed tests of access mode by using the flag variable instead of the acc_mode variable, which could possibly allow local users to bypass intended permissions and remove directories . The Linux kernel prior to 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allowed local users to access kernel memory via an out-of-range offset . A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges . Mandriva urges all users to upgrade to these new kernels immediately as the CVE-2008-0600 flaw is being actively exploited. This issue only affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are affected
Platform: |
Mandriva Linux 2008.0 |