Vulnerabilities > CVE-2003-0001 - Information Exposure vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
freebsd
linux
microsoft
netbsd
CWE-200
nessus
exploit available

Summary

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Exploit-Db

  • descriptionEthernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak). CVE-2003-0001. Remote exploits for multiple platform
    idEDB-ID:3555
    last seen2016-01-31
    modified2007-03-23
    published2007-03-23
    reporterJon Hart
    sourcehttps://www.exploit-db.com/download/3555/
    titleEthernet Device Drivers Frame Padding - Info Leakage Exploit Etherleak
  • descriptionLinux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure. CVE-2003-0001. Remote exploit for unix platform
    idEDB-ID:22131
    last seen2016-02-02
    modified2007-03-23
    published2007-03-23
    reporterJon Hart
    sourcehttps://www.exploit-db.com/download/22131/
    titleLinux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure
  • descriptionCisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak. CVE-2003-0001. Dos exploit for hardware platform
    idEDB-ID:26076
    last seen2016-02-03
    modified2013-06-10
    published2013-06-10
    reporterprdelka
    sourcehttps://www.exploit-db.com/download/26076/
    titleCisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak

Nessus

  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_29244.NASL
    descriptions700_800 11.04 (VVOS) EISA 100BT cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.
    last seen2020-06-01
    modified2020-06-02
    plugin id16926
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16926
    titleHP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_29244. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16926);
      script_version("$Revision: 1.13 $");
      script_cvs_date("$Date: 2013/04/20 00:36:48 $");
    
      script_cve_id("CVE-2003-0001");
      script_xref(name:"CERT", value:"412115");
      script_xref(name:"HP", value:"HPSBUX0305");
      script_xref(name:"HP", value:"SSRT3451");
    
      script_name(english:"HP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.04 (VVOS) EISA 100BT cumulative patch : 
    
    Potential for Ethernet device drivers to reuse packet data for
    padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_29244 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.04"))
    {
      exit(0, "The host is not affected since PHNE_29244 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_29244");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.04.01")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.04.02")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.04.03")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.04.04")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.04.01")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.04.02")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.04.03")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.04.04")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.04.01")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.04.02")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.04.03")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.04.04")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.04.01")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.04.02")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.04.03")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.04.04")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-442.NASL
    descriptionSeveral security related problems have been fixed in the Linux kernel 2.4.17 used for the S/390 architecture, mostly by backporting fixes from 2.4.18 and incorporating recent security fixes. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CVE-2002-0429 : The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0244 : The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CAN-2003-0246 : The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247 : A vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (
    last seen2020-06-01
    modified2020-06-02
    plugin id15279
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15279
    titleDebian DSA-442-1 : linux-kernel-2.4.17-s390 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-442. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15279);
      script_version("1.33");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2002-0429", "CVE-2003-0001", "CVE-2003-0244", "CVE-2003-0246", "CVE-2003-0247", "CVE-2003-0248", "CVE-2003-0364", "CVE-2003-0961", "CVE-2003-0985", "CVE-2004-0077");
      script_bugtraq_id(4259, 6535, 7600, 7601, 7791, 7793, 7797, 9138, 9356, 9686);
      script_xref(name:"CERT", value:"981222");
      script_xref(name:"DSA", value:"442");
    
      script_name(english:"Debian DSA-442-1 : linux-kernel-2.4.17-s390 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several security related problems have been fixed in the Linux kernel
    2.4.17 used for the S/390 architecture, mostly by backporting fixes
    from 2.4.18 and incorporating recent security fixes. The corrections
    are listed below with the identification from the Common
    Vulnerabilities and Exposures (CVE) project :
    
      - CVE-2002-0429 :
        The iBCS routines in arch/i386/kernel/traps.c for Linux
        kernels 2.4.18 and earlier on x86 systems allow local
        users to kill arbitrary processes via a binary
        compatibility interface (lcall).
    
      - CAN-2003-0001 :
    
        Multiple ethernet network interface card (NIC) device
        drivers do not pad frames with null bytes, which allows
        remote attackers to obtain information from previous
        packets or kernel memory by using malformed packets, as
        demonstrated by Etherleak.
    
      - CAN-2003-0244 :
    
        The route cache implementation in Linux 2.4, and the
        Netfilter IP conntrack module, allows remote attackers
        to cause a denial of service (CPU consumption) via
        packets with forged source addresses that cause a large
        number of hash table collisions related to the
        PREROUTING chain.
    
      - CAN-2003-0246 :
    
        The ioperm system call in Linux kernel 2.4.20 and
        earlier does not properly restrict privileges, which
        allows local users to gain read or write access to
        certain I/O ports.
    
      - CAN-2003-0247 :
    
        A vulnerability in the TTY layer of the Linux kernel 2.4
        allows attackers to cause a denial of service ('kernel
        oops').
    
      - CAN-2003-0248 :
    
        The mxcsr code in Linux kernel 2.4 allows attackers to
        modify CPU state registers via a malformed address.
    
      - CAN-2003-0364 :
    
        The TCP/IP fragment reassembly handling in the Linux
        kernel 2.4 allows remote attackers to cause a denial of
        service (CPU consumption) via certain packets that cause
        a large number of hash table collisions.
    
      - CAN-2003-0961 :
    
        An integer overflow in brk() system call (do_brk()
        function) for Linux allows a local attacker to gain root
        privileges. Fixed upstream in Linux 2.4.23.
    
      - CAN-2003-0985 :
    
        Paul Starzetz discovered a flaw in bounds checking in
        mremap() in the Linux kernel (present in version 2.4.x
        and 2.6.x) which may allow a local attacker to gain root
        privileges. Version 2.2 is not affected by this bug.
        Fixed upstream in Linux 2.4.24.
    
      - CAN-2004-0077 :
    
        Paul Starzetz and Wojciech Purczynski of isec.pl
        discovered a critical security vulnerability in the
        memory management code of Linux inside the mremap(2)
        system call. Due to missing function return value check
        of internal functions a local attacker can gain root
        privileges. Fixed upstream in Linux 2.4.25 and 2.6.3."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://isec.pl/vulnerabilities/isec-0013-mremap.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-442"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the Linux kernel packages immediately.
    
    For the stable distribution (woody) these problems have been fixed in
    version 2.4.17-2.woody.3 of s390 images and in version
    0.0.20020816-0.woody.2 of the patch packages.
    
     Vulnerability matrix for CAN-2004-0077"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.17-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.17-s390");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17", reference:"2.4.17-2.woody.3")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-s390", reference:"2.4.17-2.woody.3")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-s390", reference:"0.0.20020816-0.woody.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_125907.NASL
    descriptionVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. This plugin has been deprecated and either replaced with individual 125907 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id69906
    published2013-09-15
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=69906
    titleSolaris 10 (x86) : 125907-02 (deprecated)
    code
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2018/03/12. Deprecated and either replaced by
    # individual patch-revision plugins, or has been deemed a
    # non-security advisory.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(69906);
      script_version("1.9");
      script_cvs_date("Date: 2018/07/30 13:40:14");
    
      script_cve_id("CVE-2003-0001");
    
      script_name(english:"Solaris 10 (x86) : 125907-02 (deprecated)");
      script_summary(english:"Check for patch 125907-02");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Vulnerability in the Solaris component of Oracle Sun Systems Products
    Suite (subcomponent: AMD pcnet driver). Supported versions that are
    affected are 10 and 11. Easily exploitable vulnerability allows
    successful unauthenticated network attacks via TCP/IP. Successful
    attack of this vulnerability can result in unauthorized read access to
    a subset of Solaris accessible data.
    
    This plugin has been deprecated and either replaced with individual
    125907 patch-revision plugins, or deemed non-security related."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/125907-02"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"n/a"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 125907 instead.");
    
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10773.NASL
    descriptionAccording to its self-reported version number, the remote Juniper Junos QFX or EX series device is affected by a memory disclosure vulnerability, known as Etherleak, due to padding Ethernet packets with data from previous packets instead of padding them with null bytes. An unauthenticated, adjacent attacker can exploit this issue to disclose portions of system memory or data from previous packets. This issue is also often detected as CVE-2003-0001. Note that Nessus has not tested for this issue but has instead relied only on the device
    last seen2020-03-18
    modified2017-01-20
    plugin id96662
    published2017-01-20
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96662
    titleJuniper Junos QFX / EX Series 'Etherleak' Improper Padding Memory Disclosure (JSA10773)
    code
    #TRUSTED aa11153edd27726138b4ec44c5c04646919ca9d707475505082aa3373b2b6a4afa3c09b9b6d270f0a28528669b06fa5863498839839bfcaed6219aff82eb98f41fde4e80a02c74bff663f949615a870ef655bbffeab113cca235b34eefec07bab058bc3a78842b2e90abe1cdf1f63a003b022c3b7cdd800829d3a5b3d15bc90f780f99ce51884779a17768148a5f860005f096b7dfadd31f40de1cf3d9ceb9d3c2da81134d8f54fd488bf1c05e8f0e6153cbc03e0f97074b1dc6216eaa3c211c71a4de47ccee4d12db73ecc53a14c20b23b172d5b2b94d6949b225bfab987d2cf06b5b03791008191525e9e522bb46a821a2e70dce90c7be0e58f967dbd3b6ff163c998d7241d076b4df08baedba0477cd63dc364dbb38ad63b78f54fc8d241fa156451067cbb863a5912294cc5ad5720ce4e64195f0c677b07c0c6a26594b783a9b3dcc3e9653c0fe5710ae8f3d6aca20ea5414b8456cf83ab09dd93a1089c584f014b91a7743330477807423fd437cca34747a5b5ae053a2c919b0e90e054bed68f74828af926874611580c2f51dba898815e61708d443735c0d06b3b79190a1259a6472dd5ddc600184cc6cd0dbf839313b0c8811cb39ba2ae50421bacc7314cd6d3e0fa40c83a6e4f84154418ce0278bb1771f5e58d686eeaf08656e1f43c801aeb3853336b010df4742317208c29cf9f55eaa26e13fc8ab9fb4a41d661c
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96662);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2018/08/10");
    
      script_cve_id("CVE-2017-2304");
      script_bugtraq_id(95403);
      script_xref(name:"JSA", value:"JSA10773");
    
      script_name(english:"Juniper Junos QFX / EX Series 'Etherleak' Improper Padding Memory Disclosure (JSA10773)");
      script_summary(english:"Checks the Junos version and model.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is affected by a memory disclosure vulnerability.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the remote Juniper
    Junos QFX or EX series device is affected by a memory disclosure
    vulnerability, known as Etherleak, due to padding Ethernet packets
    with data from previous packets instead of padding them with null
    bytes. An unauthenticated, adjacent attacker can exploit this issue to
    disclose portions of system memory or data from previous packets. This
    issue is also often detected as CVE-2003-0001.
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the device's self-reported version and model"); 
      script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10773");
      script_set_attribute(attribute:"solution", value:
    "Apply the relevant Junos software release referenced in Juniper
    advisory JSA10773.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/20");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Junos Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
    
      script_dependencies("junos_version.nasl");
      script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
    
      exit(0);
    }
    
    include("audit.inc");
    include("junos_kb_cmd_func.inc");
    include("misc_func.inc");
    
    ver   = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
    model = get_kb_item_or_exit('Host/Juniper/model');
    
    if (model !~ "^QFX(35|36|51|52)00($|[^0-9])" && model !~ "^EX4[36]00($|[^0-9])")
      audit(AUDIT_HOST_NOT, 'an affected QFX or EX device');
    
    fixes = make_array();
    fixes['14.1X53'] = '14.1X53-D40';
    fixes['15.1X53'] = '15.1X53-D40';
    fixes['15.1R']   = '15.1R2';
    
    fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
    junos_report(ver:ver, fix:fix, model:model, severity:SECURITY_NOTE);
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_28143.NASL
    descriptions700_800 11.00 LAN product cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.
    last seen2020-06-01
    modified2020-06-02
    plugin id16670
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16670
    titleHP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_28143. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16670);
      script_version("$Revision: 1.13 $");
      script_cvs_date("$Date: 2013/04/20 00:36:48 $");
    
      script_cve_id("CVE-2003-0001");
      script_xref(name:"CERT", value:"412115");
      script_xref(name:"HP", value:"HPSBUX0305");
      script_xref(name:"HP", value:"SSRT3451");
    
      script_name(english:"HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.00 LAN product cumulative patch : 
    
    Potential for Ethernet device drivers to reuse packet data for
    padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_28143 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.00"))
    {
      exit(0, "The host is not affected since PHNE_28143 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_28143", "PHNE_29530", "PHNE_32643");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"Networking.LAN-RUN", version:"B.11.00")) flag++;
    if (hpux_check_patch(app:"Networking.LAN2-KRN", version:"B.11.00")) flag++;
    if (hpux_check_patch(app:"Networking.NW-ENG-A-MAN", version:"B.11.00")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-039.NASL
    descriptionA number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release. A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module. A temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute : echo /no/such/file >/proc/sys/kernel/modprobe To automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content
    last seen2020-06-01
    modified2020-06-02
    plugin id14023
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14023
    titleMandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2003:039. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14023);
      script_version ("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2002-1380", "CVE-2003-0001", "CVE-2003-0127");
      script_xref(name:"MDKSA", value:"2003:039");
    
      script_name(english:"Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of vulnerabilities have been found in the Linux 2.2 kernel
    that have been addressed with the latest 2.2.25 release.
    
    A bug in the kernel module loader code could allow a local user to
    gain root privileges. This is done by a local user using ptrace and
    attaching to a modprobe process that is spawned if the user triggers
    the loading of a kernel module.
    
    A temporary workaround can be used to defend against this flaw. It is
    possible to temporarily disable the kmod kernel module loading
    subsystem in the kernel after all of the required kernel modules have
    been loaded. Be sure that you do not need to load additional kernel
    modules after implementing this workaround. To use it, as root 
    execute :
    
    echo /no/such/file >/proc/sys/kernel/modprobe
    
    To automate this, you may wish to add it as the last line of the
    /etc/rc.d/rc.local file. You can revert this change by replacing the
    content '/sbin/modprobe' in the /proc/sys/kernel/modprobe file. The
    root user can still manually load kernel modules with this workaround
    in place.
    
    As well, multiple ethernet device drivers do not pad frames with null
    bytes, which could allow remote attackers to obtain information from
    previous packets or kernel memory by using malformed packets.
    
    Finally, the 2.2 kernel allows local users to cause a crash of the
    host system by using the mmap() function with a PROT_READ parameter to
    access non-readable memory pages through the /proc/pid/mem interface.
    
    All users are encouraged to upgrade to the latest kernel version
    provided.
    
    For instructions on how to upgrade your kernel in Mandrake Linux,
    please refer to :
    
    http://www.mandrakesecure.net/en/kernelupdate.php"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:alsa-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-pcmcia-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel22");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel22-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel22-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:reiserfs-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"alsa-2.2.25_0.5.11-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"alsa-source-2.2.25_0.5.11-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-doc-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-headers-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-pcmcia-cs-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-secure-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-smp-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-source-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"kernel-utils-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"reiserfs-utils-2.2.25_3.5.29-1.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kernel22-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kernel22-smp-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"kernel22-source-2.2.25-1.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kernel22-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kernel22-smp-2.2.25-1.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kernel22-source-2.2.25-1.1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_28636.NASL
    descriptions700_800 11.00 EISA 100BT cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.
    last seen2020-06-01
    modified2020-06-02
    plugin id17417
    published2005-03-18
    reporterThis script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17417
    titleHP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_28636. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17417);
      script_version("$Revision: 1.13 $");
      script_cvs_date("$Date: 2013/04/20 00:36:48 $");
    
      script_cve_id("CVE-2003-0001");
      script_xref(name:"CERT", value:"412115");
      script_xref(name:"HP", value:"HPSBUX0305");
      script_xref(name:"HP", value:"SSRT3451");
    
      script_name(english:"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.00 EISA 100BT cumulative patch : 
    
    Potential for Ethernet device drivers to reuse packet data for
    padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_28636 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.00"))
    {
      exit(0, "The host is not affected since PHNE_28636 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_28636");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.01")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.02")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.03")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.04")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.01")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.02")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.03")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.04")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.01")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.02")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.03")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.04")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.01")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.02")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.03")) flag++;
    if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.04")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-311.NASL
    descriptionA number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (
    last seen2020-06-01
    modified2020-06-02
    plugin id15148
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15148
    titleDebian DSA-311-1 : linux-kernel-2.4.18 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-311. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15148);
      script_version("1.24");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2002-0429", "CVE-2003-0001", "CVE-2003-0127", "CVE-2003-0244", "CVE-2003-0246", "CVE-2003-0247", "CVE-2003-0248", "CVE-2003-0364");
      script_xref(name:"DSA", value:"311");
    
      script_name(english:"Debian DSA-311-1 : linux-kernel-2.4.18 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of vulnerabilities have been discovered in the Linux kernel.
    
    CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux
    kernels 2.4.18 and earlier on x86 systems allow local users to kill
    arbitrary processes via a binary compatibility interface (lcall).
    
    CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device
    drivers do not pad frames with null bytes, which allows remote
    attackers to obtain information from previous packets or kernel memory
    by using malformed packets.
    
    CAN-2003-0127: The kernel module loader allows local users to gain
    root privileges by using ptrace to attach to a child process that is
    spawned by the kernel.
    
    CAN-2003-0244: The route cache implementation in Linux 2.4, and the
    Netfilter IP conntrack module, allows remote attackers to cause a
    denial of service (CPU consumption) via packets with forged source
    addresses that cause a large number of hash table collisions related
    to the PREROUTING chain.
    
    CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and
    earlier does not properly restrict privileges, which allows local
    users to gain read or write access to certain I/O ports.
    
    CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4
    allows attackers to cause a denial of service ('kernel oops').
    
    CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to
    modify CPU state registers via a malformed address.
    
    CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux
    kernel 2.4 allows remote attackers to cause a denial of service (CPU
    consumption) via certain packets that cause a large number of hash
    table collisions.
    
    This advisory covers only the i386 (Intel IA32) architectures. Other
    architectures will be covered by separate advisories."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2003/dsa-311"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "For the stable distribution (woody) on the i386 architecture, these
    problems have been fixed in kernel-source-2.4.18 version 2.4.18-9,
    kernel-image-2.4.18-1-i386 version 2.4.18-8, and
    kernel-image-2.4.18-i386bf version 2.4.18-5woody1.
    
    We recommend that you update your kernel packages.
    
    If you are using the kernel installed by the installation system when
    the 'bf24' option is selected (for a 2.4.x kernel), you should install
    the kernel-image-2.4.18-bf2.4 package. If you installed a different
    kernel-image package after installation, you should install the
    corresponding 2.4.18-1 kernel. You may use the table below as a guide.
    
    | If 'uname -r' shows: | Install this package: | 2.4.18-bf2.4 |
    kernel-image-2.4.18-bf2.4 | 2.4.18-386 | kernel-image-2.4.18-1-386 |
    2.4.18-586tsc | kernel-image-2.4.18-1-586tsc | 2.4.18-686 |
    kernel-image-2.4.18-1-686 | 2.4.18-686-smp |
    kernel-image-2.4.18-1-686-smp | 2.4.18-k6 | kernel-image-2.4.18-1-k6 |
    2.4.18-k7 | kernel-image-2.4.18-1-k7
    
    NOTE: that this kernel is not binary compatible with the previous
    version. For this reason, the kernel has a different version number
    and will not be installed automatically as part of the normal upgrade
    process. Any custom modules will need to be rebuilt in order to work
    with the new kernel. New PCMCIA modules are provided for all of the
    above kernels.
    
    NOTE: A system reboot will be required immediately after the upgrade
    in order to replace the running kernel. Remember to read carefully and
    follow the instructions given during the kernel upgrade process."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/06/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.18", reference:"2.4.18-9")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-386", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-586tsc", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-686", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-686-smp", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-k6", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-k7", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-bf2.4", reference:"2.4.18-5woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-386", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-586tsc", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-686", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-686-smp", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-k6", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-k7", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-bf2.4", reference:"2.4.18-5woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-386", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-586tsc", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-686", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-686-smp", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-k6", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-k7", reference:"2.4.18-8")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-source-2.4.18", reference:"2.4.18-9")) flag++;
    if (deb_check(release:"3.0", prefix:"pcmcia-modules-2.4.18-bf2.4", reference:"3.1.33-6woody1k5woody1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_29267.NASL
    descriptions700_800 11.04 (VVOS) LAN product cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.
    last seen2020-06-01
    modified2020-06-02
    plugin id17420
    published2005-03-18
    reporterThis script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17420
    titleHP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHNE_29267. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17420);
      script_version("$Revision: 1.13 $");
      script_cvs_date("$Date: 2013/04/20 00:36:48 $");
    
      script_cve_id("CVE-2003-0001");
      script_xref(name:"CERT", value:"412115");
      script_xref(name:"HP", value:"HPSBUX0305");
      script_xref(name:"HP", value:"SSRT3451");
    
      script_name(english:"HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.04 (VVOS) LAN product cumulative patch : 
    
    Potential for Ethernet device drivers to reuse packet data for
    padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHNE_29267 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.04"))
    {
      exit(0, "The host is not affected since PHNE_29267 applies to a different OS release.");
    }
    
    patches = make_list("PHNE_29267");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"Networking.LAN-RUN", version:"B.11.04")) flag++;
    if (hpux_check_patch(app:"Networking.LAN2-KRN", version:"B.11.04")) flag++;
    if (hpux_check_patch(app:"Networking.NW-ENG-A-MAN", version:"B.11.04")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-312.NASL
    descriptionA number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall). CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (
    last seen2020-06-01
    modified2020-06-02
    plugin id15149
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15149
    titleDebian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-312. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15149);
      script_version("1.25");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2002-0429", "CVE-2003-0001", "CVE-2003-0127", "CVE-2003-0244", "CVE-2003-0246", "CVE-2003-0247", "CVE-2003-0248", "CVE-2003-0364");
      script_bugtraq_id(6535, 7112, 7600, 7601, 7791, 7793, 7797);
      script_xref(name:"DSA", value:"312");
    
      script_name(english:"Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of vulnerabilities have been discovered in the Linux kernel.
    
    CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux
    kernels 2.4.18 and earlier on x86 systems allow local users to kill
    arbitrary processes via a binary compatibility interface (lcall).
    
    CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device
    drivers do not pad frames with null bytes, which allows remote
    attackers to obtain information from previous packets or kernel memory
    by using malformed packets.
    
    CAN-2003-0127: The kernel module loader allows local users to gain
    root privileges by using ptrace to attach to a child process that is
    spawned by the kernel.
    
    CAN-2003-0244: The route cache implementation in Linux 2.4, and the
    Netfilter IP conntrack module, allows remote attackers to cause a
    denial of service (CPU consumption) via packets with forged source
    addresses that cause a large number of hash table collisions related
    to the PREROUTING chain.
    
    CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and
    earlier does not properly restrict privileges, which allows local
    users to gain read or write access to certain I/O ports.
    
    CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4
    allows attackers to cause a denial of service ('kernel oops').
    
    CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to
    modify CPU state registers via a malformed address.
    
    CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux
    kernel 2.4 allows remote attackers to cause a denial of service (CPU
    consumption) via certain packets that cause a large number of hash
    table collisions.
    
    This advisory covers only the powerpc architecture. Other
    architectures will be covered by separate advisories."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2003/dsa-312"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "For the stable distribution (woody) on the powerpc architecture, these
    problems have been fixed in version 2.4.18-1woody1.
    
    We recommend that you update your kernel packages.
    
    NOTE: A system reboot will be required immediately after the upgrade
    in order to replace the running kernel. Remember to read carefully and
    follow the instructions given during the kernel upgrade process."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.18-powerpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18", reference:"2.4.18-1woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-newpmac", reference:"2.4.18-1woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc", reference:"2.4.18-1woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc-smp", reference:"2.4.18-1woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.18-powerpc", reference:"2.4.18-1woody1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-074.NASL
    descriptionMultiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. - CVE-2003-0462: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php.
    last seen2020-06-01
    modified2020-06-02
    plugin id14057
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14057
    titleMandrake Linux Security Advisory : kernel (MDKSA-2003:074)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-066.NASL
    descriptionMultiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. - CVE-2003-0462: A file read race existed in the execve() system call. As well, a number of bug fixes were made in the 9.1 kernel including : - Support for more machines that did not work with APIC - Audigy2 support - New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine, - Fixed SiS IOAPIC - IRQ balancing has been fixed for SMP - Updates to ext3 - The previous ptrace fix has been redone to work better - Bugs with compiling kernels using xconfig have been fixed - Problems with ipsec have been corrected - XFS ACLs are now present - gdb not working on XFS root filesystems has been fixed MandrakeSoft encourages all users to upgrade to these new kernels. Updated kernels will be available shortly for other supported platforms and architectures. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. Update : The kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a problem where all files created on any filesystem other than XFS, and using any kernel other than kernel-secure, would be created with mode 0666, or world writeable. The 0.24mdk kernels have been removed from the mirrors and users are encouraged to upgrade and remove those kernels from their systems to prevent accidentally booting into them. That issue has been addressed and fixed with these new kernels.
    last seen2020-06-01
    modified2020-06-02
    plugin id14049
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14049
    titleMandrake Linux Security Advisory : kernel (MDKSA-2003:066-2)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS_JAN2015_SRU11_1_11_4_0.NASL
    descriptionThis Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. (CVE-2003-0001) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2015-0429) - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. (CVE-2015-0430)
    last seen2020-06-01
    modified2020-06-02
    plugin id80936
    published2015-01-23
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80936
    titleOracle Solaris Critical Patch Update : jan2015_SRU11_1_11_4_0
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-336.NASL
    descriptionA number of vulnerabilities have been discovered in the Linux kernel. - CAN-2002-1380: Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets - CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel - CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (
    last seen2020-06-01
    modified2020-06-02
    plugin id15173
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15173
    titleDebian DSA-336-1 : linux-kernel-2.2.20 - several vulnerabilities
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10579.NASL
    descriptionAccording to its self-reported version number, the remote Junos device has an information disclosure vulnerability. SRX1400, SRX3400, and SRX3600 services gateways pad Ethernet packets with data from previous packets instead of padding them with null bytes. A remote, unauthenticated attacker could exploit this to gain access to sensitive information, which could be used to mount further attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id68912
    published2013-07-16
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/68912
    titleJuniper Junos SRX1400/3400/3600 Etherleak Information Disclosure (JSA10579)
  • NASL familyMisc.
    NASL idETHERLEAK.NASL
    descriptionThe remote host uses a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card. Known as
    last seen2020-06-01
    modified2020-06-02
    plugin id11197
    published2003-01-14
    reporterThis script is Copyright (C) 2003-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11197
    titleMultiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-423.NASL
    descriptionThe IA-64 maintainers fixed several security related bugs in the Linux kernel 2.4.17 used for the IA-64 architecture, mostly by backporting fixes from 2.4.18. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0018 : Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. - CAN-2003-0127 : The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process which is spawned by the kernel. - CAN-2003-0461 : The virtual file /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. - CAN-2003-0462 : A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). - CAN-2003-0476 : The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. - CAN-2003-0501 : The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. - CAN-2003-0550 : The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. - CAN-2003-0551 : The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. - CAN-2003-0552 : Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. - CAN-2003-0961 : An integer overflow in brk system call (do_brk function) for Linux kernel 2.4.22 and earlier allows local users to gain root privileges. - CAN-2003-0985 : The mremap system call (do_mremap) in Linux kernel 2.4 and 2.6 does not properly perform boundary checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA.
    last seen2020-06-01
    modified2020-06-02
    plugin id15260
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15260
    titleDebian DSA-423-1 : linux-kernel-2.4.17-ia64 - several vulnerabilities
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_125907-02.NASL
    descriptionVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.
    last seen2020-06-01
    modified2020-06-02
    plugin id107944
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107944
    titleSolaris 10 (x86) : 125907-02
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-332.NASL
    descriptionA number of vulnerabilities have been discovered in the Linux kernel. - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets - CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel - CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (
    last seen2020-06-01
    modified2020-06-02
    plugin id15169
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15169
    titleDebian DSA-332-1 : linux-kernel-2.4.17 - several vulnerabilities

Oval

accepted2016-02-19T10:00:00.000-04:00
classvulnerability
contributors
  • nameBrian Soby
    organizationThe MITRE Corporation
  • nameMatthew Wojcik
    organizationThe MITRE Corporation
descriptionMultiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
familyunix
idoval:org.mitre.oval:def:2665
statusaccepted
submitted2004-12-30T12:00:00.000-04:00
titleData Leak in NIC
version35

Packetstorm

Redhat

advisories
  • rhsa
    idRHSA-2003:025
  • rhsa
    idRHSA-2003:088

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:79723
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-79723
    titleCisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:64575
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-64575
    titleEthernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:75942
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-75942
    titleLinux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:6453
    last seen2017-11-19
    modified2007-03-24
    published2007-03-24
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-6453
    titleEthernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak)