Vulnerabilities > CVE-2003-0001 - Information Exposure vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Exploit-Db
description Ethernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak). CVE-2003-0001. Remote exploits for multiple platform id EDB-ID:3555 last seen 2016-01-31 modified 2007-03-23 published 2007-03-23 reporter Jon Hart source https://www.exploit-db.com/download/3555/ title Ethernet Device Drivers Frame Padding - Info Leakage Exploit Etherleak description Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure. CVE-2003-0001. Remote exploit for unix platform id EDB-ID:22131 last seen 2016-02-02 modified 2007-03-23 published 2007-03-23 reporter Jon Hart source https://www.exploit-db.com/download/22131/ title Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure description Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak. CVE-2003-0001. Dos exploit for hardware platform id EDB-ID:26076 last seen 2016-02-03 modified 2013-06-10 published 2013-06-10 reporter prdelka source https://www.exploit-db.com/download/26076/ title Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29244.NASL description s700_800 11.04 (VVOS) EISA 100BT cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001. last seen 2020-06-01 modified 2020-06-02 plugin id 16926 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16926 title HP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29244. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16926); script_version("$Revision: 1.13 $"); script_cvs_date("$Date: 2013/04/20 00:36:48 $"); script_cve_id("CVE-2003-0001"); script_xref(name:"CERT", value:"412115"); script_xref(name:"HP", value:"HPSBUX0305"); script_xref(name:"HP", value:"SSRT3451"); script_name(english:"HP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 (VVOS) EISA 100BT cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001." ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29244 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHNE_29244 applies to a different OS release."); } patches = make_list("PHNE_29244"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.04.01")) flag++; if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.04.02")) flag++; if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.04.03")) flag++; if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.04.04")) flag++; if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.04.01")) flag++; if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.04.02")) flag++; if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.04.03")) flag++; if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.04.04")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.04.01")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.04.02")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.04.03")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.04.04")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.04.01")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.04.02")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.04.03")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.04.04")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-442.NASL description Several security related problems have been fixed in the Linux kernel 2.4.17 used for the S/390 architecture, mostly by backporting fixes from 2.4.18 and incorporating recent security fixes. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CVE-2002-0429 : The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0244 : The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CAN-2003-0246 : The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247 : A vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ( last seen 2020-06-01 modified 2020-06-02 plugin id 15279 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15279 title Debian DSA-442-1 : linux-kernel-2.4.17-s390 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-442. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(15279); script_version("1.33"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0429", "CVE-2003-0001", "CVE-2003-0244", "CVE-2003-0246", "CVE-2003-0247", "CVE-2003-0248", "CVE-2003-0364", "CVE-2003-0961", "CVE-2003-0985", "CVE-2004-0077"); script_bugtraq_id(4259, 6535, 7600, 7601, 7791, 7793, 7797, 9138, 9356, 9686); script_xref(name:"CERT", value:"981222"); script_xref(name:"DSA", value:"442"); script_name(english:"Debian DSA-442-1 : linux-kernel-2.4.17-s390 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several security related problems have been fixed in the Linux kernel 2.4.17 used for the S/390 architecture, mostly by backporting fixes from 2.4.18 and incorporating recent security fixes. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CVE-2002-0429 : The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0244 : The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CAN-2003-0246 : The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247 : A vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops'). - CAN-2003-0248 : The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. - CAN-2003-0364 : The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions. - CAN-2003-0961 : An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23. - CAN-2003-0985 : Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24. - CAN-2004-0077 : Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3." ); script_set_attribute( attribute:"see_also", value:"http://isec.pl/vulnerabilities/isec-0013-mremap.txt" ); script_set_attribute( attribute:"see_also", value:"http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-442" ); script_set_attribute( attribute:"solution", value: "Upgrade the Linux kernel packages immediately. For the stable distribution (woody) these problems have been fixed in version 2.4.17-2.woody.3 of s390 images and in version 0.0.20020816-0.woody.2 of the patch packages. Vulnerability matrix for CAN-2004-0077" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.17-s390"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.17-s390"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17", reference:"2.4.17-2.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-s390", reference:"2.4.17-2.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-s390", reference:"0.0.20020816-0.woody.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125907.NASL description Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. This plugin has been deprecated and either replaced with individual 125907 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 69906 published 2013-09-15 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=69906 title Solaris 10 (x86) : 125907-02 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(69906); script_version("1.9"); script_cvs_date("Date: 2018/07/30 13:40:14"); script_cve_id("CVE-2003-0001"); script_name(english:"Solaris 10 (x86) : 125907-02 (deprecated)"); script_summary(english:"Check for patch 125907-02"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. This plugin has been deprecated and either replaced with individual 125907 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/125907-02" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 125907 instead.");
NASL family Junos Local Security Checks NASL id JUNIPER_JSA10773.NASL description According to its self-reported version number, the remote Juniper Junos QFX or EX series device is affected by a memory disclosure vulnerability, known as Etherleak, due to padding Ethernet packets with data from previous packets instead of padding them with null bytes. An unauthenticated, adjacent attacker can exploit this issue to disclose portions of system memory or data from previous packets. This issue is also often detected as CVE-2003-0001. Note that Nessus has not tested for this issue but has instead relied only on the device last seen 2020-03-18 modified 2017-01-20 plugin id 96662 published 2017-01-20 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96662 title Juniper Junos QFX / EX Series 'Etherleak' Improper Padding Memory Disclosure (JSA10773) code #TRUSTED aa11153edd27726138b4ec44c5c04646919ca9d707475505082aa3373b2b6a4afa3c09b9b6d270f0a28528669b06fa5863498839839bfcaed6219aff82eb98f41fde4e80a02c74bff663f949615a870ef655bbffeab113cca235b34eefec07bab058bc3a78842b2e90abe1cdf1f63a003b022c3b7cdd800829d3a5b3d15bc90f780f99ce51884779a17768148a5f860005f096b7dfadd31f40de1cf3d9ceb9d3c2da81134d8f54fd488bf1c05e8f0e6153cbc03e0f97074b1dc6216eaa3c211c71a4de47ccee4d12db73ecc53a14c20b23b172d5b2b94d6949b225bfab987d2cf06b5b03791008191525e9e522bb46a821a2e70dce90c7be0e58f967dbd3b6ff163c998d7241d076b4df08baedba0477cd63dc364dbb38ad63b78f54fc8d241fa156451067cbb863a5912294cc5ad5720ce4e64195f0c677b07c0c6a26594b783a9b3dcc3e9653c0fe5710ae8f3d6aca20ea5414b8456cf83ab09dd93a1089c584f014b91a7743330477807423fd437cca34747a5b5ae053a2c919b0e90e054bed68f74828af926874611580c2f51dba898815e61708d443735c0d06b3b79190a1259a6472dd5ddc600184cc6cd0dbf839313b0c8811cb39ba2ae50421bacc7314cd6d3e0fa40c83a6e4f84154418ce0278bb1771f5e58d686eeaf08656e1f43c801aeb3853336b010df4742317208c29cf9f55eaa26e13fc8ab9fb4a41d661c # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(96662); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/08/10"); script_cve_id("CVE-2017-2304"); script_bugtraq_id(95403); script_xref(name:"JSA", value:"JSA10773"); script_name(english:"Juniper Junos QFX / EX Series 'Etherleak' Improper Padding Memory Disclosure (JSA10773)"); script_summary(english:"Checks the Junos version and model."); script_set_attribute(attribute:"synopsis", value: "The remote device is affected by a memory disclosure vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Juniper Junos QFX or EX series device is affected by a memory disclosure vulnerability, known as Etherleak, due to padding Ethernet packets with data from previous packets instead of padding them with null bytes. An unauthenticated, adjacent attacker can exploit this issue to disclose portions of system memory or data from previous packets. This issue is also often detected as CVE-2003-0001. Note that Nessus has not tested for this issue but has instead relied only on the device's self-reported version and model"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10773"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10773."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/11"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/20"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include("audit.inc"); include("junos_kb_cmd_func.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); if (model !~ "^QFX(35|36|51|52)00($|[^0-9])" && model !~ "^EX4[36]00($|[^0-9])") audit(AUDIT_HOST_NOT, 'an affected QFX or EX device'); fixes = make_array(); fixes['14.1X53'] = '14.1X53-D40'; fixes['15.1X53'] = '15.1X53-D40'; fixes['15.1R'] = '15.1R2'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); junos_report(ver:ver, fix:fix, model:model, severity:SECURITY_NOTE);
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_28143.NASL description s700_800 11.00 LAN product cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001. last seen 2020-06-01 modified 2020-06-02 plugin id 16670 published 2005-02-16 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16670 title HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_28143. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(16670); script_version("$Revision: 1.13 $"); script_cvs_date("$Date: 2013/04/20 00:36:48 $"); script_cve_id("CVE-2003-0001"); script_xref(name:"CERT", value:"412115"); script_xref(name:"HP", value:"HPSBUX0305"); script_xref(name:"HP", value:"SSRT3451"); script_name(english:"HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 LAN product cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001." ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_28143 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_28143 applies to a different OS release."); } patches = make_list("PHNE_28143", "PHNE_29530", "PHNE_32643"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"Networking.LAN-RUN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Networking.LAN2-KRN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Networking.NW-ENG-A-MAN", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-039.NASL description A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release. A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute : echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content last seen 2020-06-01 modified 2020-06-02 plugin id 14023 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14023 title Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:039. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14023); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-1380", "CVE-2003-0001", "CVE-2003-0127"); script_xref(name:"MDKSA", value:"2003:039"); script_name(english:"Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release. A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute : echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content '/sbin/modprobe' in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place. As well, multiple ethernet device drivers do not pad frames with null bytes, which could allow remote attackers to obtain information from previous packets or kernel memory by using malformed packets. Finally, the 2.2 kernel allows local users to cause a crash of the host system by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. All users are encouraged to upgrade to the latest kernel version provided. For instructions on how to upgrade your kernel in Mandrake Linux, please refer to : http://www.mandrakesecure.net/en/kernelupdate.php" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:alsa-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-pcmcia-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel22"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel22-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel22-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:reiserfs-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"patch_publication_date", value:"2003/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"alsa-2.2.25_0.5.11-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"alsa-source-2.2.25_0.5.11-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-doc-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-headers-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-pcmcia-cs-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-secure-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-smp-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-source-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-utils-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"reiserfs-utils-2.2.25_3.5.29-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kernel22-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kernel22-smp-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kernel22-source-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kernel22-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kernel22-smp-2.2.25-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kernel22-source-2.2.25-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_28636.NASL description s700_800 11.00 EISA 100BT cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001. last seen 2020-06-01 modified 2020-06-02 plugin id 17417 published 2005-03-18 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17417 title HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_28636. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17417); script_version("$Revision: 1.13 $"); script_cvs_date("$Date: 2013/04/20 00:36:48 $"); script_cve_id("CVE-2003-0001"); script_xref(name:"CERT", value:"412115"); script_xref(name:"HP", value:"HPSBUX0305"); script_xref(name:"HP", value:"SSRT3451"); script_name(english:"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 EISA 100BT cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001." ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_28636 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHNE_28636 applies to a different OS release."); } patches = make_list("PHNE_28636"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.01")) flag++; if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.02")) flag++; if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.03")) flag++; if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.04")) flag++; if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.01")) flag++; if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.02")) flag++; if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.03")) flag++; if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.04")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.01")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.02")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.03")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.04")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.01")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.02")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.03")) flag++; if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.04")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-311.NASL description A number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ( last seen 2020-06-01 modified 2020-06-02 plugin id 15148 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15148 title Debian DSA-311-1 : linux-kernel-2.4.18 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-311. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(15148); script_version("1.24"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0429", "CVE-2003-0001", "CVE-2003-0127", "CVE-2003-0244", "CVE-2003-0246", "CVE-2003-0247", "CVE-2003-0248", "CVE-2003-0364"); script_xref(name:"DSA", value:"311"); script_name(english:"Debian DSA-311-1 : linux-kernel-2.4.18 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops'). CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions. This advisory covers only the i386 (Intel IA32) architectures. Other architectures will be covered by separate advisories." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-311" ); script_set_attribute( attribute:"solution", value: "For the stable distribution (woody) on the i386 architecture, these problems have been fixed in kernel-source-2.4.18 version 2.4.18-9, kernel-image-2.4.18-1-i386 version 2.4.18-8, and kernel-image-2.4.18-i386bf version 2.4.18-5woody1. We recommend that you update your kernel packages. If you are using the kernel installed by the installation system when the 'bf24' option is selected (for a 2.4.x kernel), you should install the kernel-image-2.4.18-bf2.4 package. If you installed a different kernel-image package after installation, you should install the corresponding 2.4.18-1 kernel. You may use the table below as a guide. | If 'uname -r' shows: | Install this package: | 2.4.18-bf2.4 | kernel-image-2.4.18-bf2.4 | 2.4.18-386 | kernel-image-2.4.18-1-386 | 2.4.18-586tsc | kernel-image-2.4.18-1-586tsc | 2.4.18-686 | kernel-image-2.4.18-1-686 | 2.4.18-686-smp | kernel-image-2.4.18-1-686-smp | 2.4.18-k6 | kernel-image-2.4.18-1-k6 | 2.4.18-k7 | kernel-image-2.4.18-1-k7 NOTE: that this kernel is not binary compatible with the previous version. For this reason, the kernel has a different version number and will not be installed automatically as part of the normal upgrade process. Any custom modules will need to be rebuilt in order to work with the new kernel. New PCMCIA modules are provided for all of the above kernels. NOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/06/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.18", reference:"2.4.18-9")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-386", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-586tsc", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-686", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-686-smp", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-k6", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-k7", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-bf2.4", reference:"2.4.18-5woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-386", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-586tsc", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-686", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-686-smp", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-k6", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-k7", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-bf2.4", reference:"2.4.18-5woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-386", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-586tsc", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-686", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-686-smp", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-k6", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-k7", reference:"2.4.18-8")) flag++; if (deb_check(release:"3.0", prefix:"kernel-source-2.4.18", reference:"2.4.18-9")) flag++; if (deb_check(release:"3.0", prefix:"pcmcia-modules-2.4.18-bf2.4", reference:"3.1.33-6woody1k5woody1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_29267.NASL description s700_800 11.04 (VVOS) LAN product cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001. last seen 2020-06-01 modified 2020-06-02 plugin id 17420 published 2005-03-18 reporter This script is Copyright (C) 2005-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17420 title HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHNE_29267. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(17420); script_version("$Revision: 1.13 $"); script_cvs_date("$Date: 2013/04/20 00:36:48 $"); script_cve_id("CVE-2003-0001"); script_xref(name:"CERT", value:"412115"); script_xref(name:"HP", value:"HPSBUX0305"); script_xref(name:"HP", value:"SSRT3451"); script_name(english:"HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.04 (VVOS) LAN product cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001." ); script_set_attribute( attribute:"solution", value:"Install patch PHNE_29267 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.04")) { exit(0, "The host is not affected since PHNE_29267 applies to a different OS release."); } patches = make_list("PHNE_29267"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"Networking.LAN-RUN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"Networking.LAN2-KRN", version:"B.11.04")) flag++; if (hpux_check_patch(app:"Networking.NW-ENG-A-MAN", version:"B.11.04")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-312.NASL description A number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ( last seen 2020-06-01 modified 2020-06-02 plugin id 15149 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15149 title Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-312. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15149); script_version("1.25"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-0429", "CVE-2003-0001", "CVE-2003-0127", "CVE-2003-0244", "CVE-2003-0246", "CVE-2003-0247", "CVE-2003-0248", "CVE-2003-0364"); script_bugtraq_id(6535, 7112, 7600, 7601, 7791, 7793, 7797); script_xref(name:"DSA", value:"312"); script_name(english:"Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops'). CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions. This advisory covers only the powerpc architecture. Other architectures will be covered by separate advisories." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-312" ); script_set_attribute( attribute:"solution", value: "For the stable distribution (woody) on the powerpc architecture, these problems have been fixed in version 2.4.18-1woody1. We recommend that you update your kernel packages. NOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.18-powerpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18", reference:"2.4.18-1woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-newpmac", reference:"2.4.18-1woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc", reference:"2.4.18-1woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc-smp", reference:"2.4.18-1woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.18-powerpc", reference:"2.4.18-1woody1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-074.NASL description Multiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. - CVE-2003-0462: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. last seen 2020-06-01 modified 2020-06-02 plugin id 14057 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14057 title Mandrake Linux Security Advisory : kernel (MDKSA-2003:074) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-066.NASL description Multiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. - CVE-2003-0462: A file read race existed in the execve() system call. As well, a number of bug fixes were made in the 9.1 kernel including : - Support for more machines that did not work with APIC - Audigy2 support - New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine, - Fixed SiS IOAPIC - IRQ balancing has been fixed for SMP - Updates to ext3 - The previous ptrace fix has been redone to work better - Bugs with compiling kernels using xconfig have been fixed - Problems with ipsec have been corrected - XFS ACLs are now present - gdb not working on XFS root filesystems has been fixed MandrakeSoft encourages all users to upgrade to these new kernels. Updated kernels will be available shortly for other supported platforms and architectures. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. Update : The kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a problem where all files created on any filesystem other than XFS, and using any kernel other than kernel-secure, would be created with mode 0666, or world writeable. The 0.24mdk kernels have been removed from the mirrors and users are encouraged to upgrade and remove those kernels from their systems to prevent accidentally booting into them. That issue has been addressed and fixed with these new kernels. last seen 2020-06-01 modified 2020-06-02 plugin id 14049 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14049 title Mandrake Linux Security Advisory : kernel (MDKSA-2003:066-2) NASL family Solaris Local Security Checks NASL id SOLARIS_JAN2015_SRU11_1_11_4_0.NASL description This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. (CVE-2003-0001) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2015-0429) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. (CVE-2015-0430) last seen 2020-06-01 modified 2020-06-02 plugin id 80936 published 2015-01-23 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80936 title Oracle Solaris Critical Patch Update : jan2015_SRU11_1_11_4_0 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-336.NASL description A number of vulnerabilities have been discovered in the Linux kernel. - CAN-2002-1380: Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets - CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel - CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ( last seen 2020-06-01 modified 2020-06-02 plugin id 15173 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15173 title Debian DSA-336-1 : linux-kernel-2.2.20 - several vulnerabilities NASL family Junos Local Security Checks NASL id JUNIPER_JSA10579.NASL description According to its self-reported version number, the remote Junos device has an information disclosure vulnerability. SRX1400, SRX3400, and SRX3600 services gateways pad Ethernet packets with data from previous packets instead of padding them with null bytes. A remote, unauthenticated attacker could exploit this to gain access to sensitive information, which could be used to mount further attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 68912 published 2013-07-16 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68912 title Juniper Junos SRX1400/3400/3600 Etherleak Information Disclosure (JSA10579) NASL family Misc. NASL id ETHERLEAK.NASL description The remote host uses a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card. Known as last seen 2020-06-01 modified 2020-06-02 plugin id 11197 published 2003-01-14 reporter This script is Copyright (C) 2003-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11197 title Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-423.NASL description The IA-64 maintainers fixed several security related bugs in the Linux kernel 2.4.17 used for the IA-64 architecture, mostly by backporting fixes from 2.4.18. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0018 : Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. - CAN-2003-0127 : The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process which is spawned by the kernel. - CAN-2003-0461 : The virtual file /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. - CAN-2003-0462 : A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). - CAN-2003-0476 : The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. - CAN-2003-0501 : The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. - CAN-2003-0550 : The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. - CAN-2003-0551 : The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. - CAN-2003-0552 : Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. - CAN-2003-0961 : An integer overflow in brk system call (do_brk function) for Linux kernel 2.4.22 and earlier allows local users to gain root privileges. - CAN-2003-0985 : The mremap system call (do_mremap) in Linux kernel 2.4 and 2.6 does not properly perform boundary checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA. last seen 2020-06-01 modified 2020-06-02 plugin id 15260 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15260 title Debian DSA-423-1 : linux-kernel-2.4.17-ia64 - several vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125907-02.NASL description Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. last seen 2020-06-01 modified 2020-06-02 plugin id 107944 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107944 title Solaris 10 (x86) : 125907-02 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-332.NASL description A number of vulnerabilities have been discovered in the Linux kernel. - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets - CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel - CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ( last seen 2020-06-01 modified 2020-06-02 plugin id 15169 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15169 title Debian DSA-332-1 : linux-kernel-2.4.17 - several vulnerabilities
Oval
accepted | 2016-02-19T10:00:00.000-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
description | Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | ||||||||
family | unix | ||||||||
id | oval:org.mitre.oval:def:2665 | ||||||||
status | accepted | ||||||||
submitted | 2004-12-30T12:00:00.000-04:00 | ||||||||
title | Data Leak in NIC | ||||||||
version | 35 |
Packetstorm
data source https://packetstormsecurity.com/files/download/55335/etherleak.txt id PACKETSTORM:55335 last seen 2016-12-05 published 2007-03-24 reporter Jon Hart source https://packetstormsecurity.com/files/55335/etherleak.txt.html title etherleak.txt data source https://packetstormsecurity.com/files/download/121969/ciscoasa-leak.txt id PACKETSTORM:121969 last seen 2016-12-05 published 2013-06-10 reporter prdelka source https://packetstormsecurity.com/files/121969/Cisco-ASA-Ethernet-Information-Leak.html title Cisco ASA Ethernet Information Leak
Redhat
advisories |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:79723 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-79723 title Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak bulletinFamily exploit description No description provided by source. id SSV:64575 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-64575 title Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak) bulletinFamily exploit description No description provided by source. id SSV:75942 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-75942 title Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure bulletinFamily exploit description No description provided by source. id SSV:6453 last seen 2017-11-19 modified 2007-03-24 published 2007-03-24 reporter Root source https://www.seebug.org/vuldb/ssvid-6453 title Ethernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak)
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
- http://marc.info/?l=bugtraq&m=104222046632243&w=2
- http://secunia.com/advisories/7996
- http://www.atstake.com/research/advisories/2003/a010603-1.txt
- http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
- http://www.kb.cert.org/vuls/id/412115
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.osvdb.org/9962
- http://www.redhat.com/support/errata/RHSA-2003-025.html
- http://www.redhat.com/support/errata/RHSA-2003-088.html
- http://www.securityfocus.com/archive/1/305335/30/26420/threaded
- http://www.securityfocus.com/archive/1/307564/30/26270/threaded
- http://www.securitytracker.com/id/1031583
- http://www.securitytracker.com/id/1040185
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665