Vulnerabilities > CVE-2004-0178 - Unspecified vulnerability in Linux Kernel 2.4.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus

Summary

The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.

Vulnerable Configurations

Part Description Count
OS
Linux
1

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-482.NASL
    descriptionSeveral serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the PowerPC/apus and S/390 architectures. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update : - CAN-2004-0003 A vulnerability has been discovered in the R128 DRI driver in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this. - CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. - CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. - CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id15319
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15319
    titleDebian DSA-482-1 : linux-kernel-2.4.17-apus+s390 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-482. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15319);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2004-0003", "CVE-2004-0010", "CVE-2004-0109", "CVE-2004-0177", "CVE-2004-0178");
      script_bugtraq_id(9570, 9691, 9985, 10141, 10152);
      script_xref(name:"DSA", value:"482");
    
      script_name(english:"Debian DSA-482-1 : linux-kernel-2.4.17-apus+s390 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several serious problems have been discovered in the Linux kernel.
    This update takes care of Linux 2.4.17 for the PowerPC/apus and S/390
    architectures. The Common Vulnerabilities and Exposures project
    identifies the following problems that will be fixed with this update
    :
    
      - CAN-2004-0003
        A vulnerability has been discovered in the R128 DRI
        driver in the Linux kernel which could potentially lead
        an attacker to gain unauthorised privileges. Alan Cox
        and Thomas Biege developed a correction for this.
    
      - CAN-2004-0010
    
        Arjan van de Ven discovered a stack-based buffer
        overflow in the ncp_lookup function for ncpfs in the
        Linux kernel, which could lead an attacker to gain
        unauthorised privileges. Petr Vandrovec developed a
        correction for this.
    
      - CAN-2004-0109
    
        zen-parse discovered a buffer overflow vulnerability in
        the ISO9660 filesystem component of Linux kernel which
        could be abused by an attacker to gain unauthorised root
        access. Sebastian Krahmer and Ernie Petrides developed a
        correction for this.
    
      - CAN-2004-0177
    
        Solar Designer discovered an information leak in the
        ext3 code of Linux. In a worst case an attacker could
        read sensitive data such as cryptographic keys which
        would otherwise never hit disk media. Theodore Ts'o
        developed a correction for this.
    
      - CAN-2004-0178
    
        Andreas Kies discovered a denial of service condition in
        the Sound Blaster driver in Linux. He also developed a
        correction for this.
    
    These problems are also fixed by upstream in Linux 2.4.26 and will be
    fixed in Linux 2.6.6.
    
    The following security matrix explains which kernel versions for which
    architectures are already fixed.
    
      Architecture                      stable (woody)                    unstable (sid)                    
      source                            2.4.17-1woody3                    2.4.25-3                          
      powerpc/apus                      2.4.17-5                          2.4.25-2                          
      s390                              2.4.17-2.woody.4                  2.4.25-2 (and probably 2.4.21-3)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-482"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the kernel packages immediately, either with a Debian provided
    kernel or with a self compiled one.
    
     Vulnerability matrix for CAN-2004-0109"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.17 kernel-patch-2.4.17-apus kernel-patch-2.4.17-s390 kernel-image-2.4.17-s390");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/04/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.17", reference:"2.4.17-1woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17", reference:"2.4.17-2.woody.4")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17-apus", reference:"2.4.17-5")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-apus", reference:"2.4.17-5")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-s390", reference:"2.4.17-2.woody.4")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-apus", reference:"2.4.17-5")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-apus", reference:"2.4.17-5")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-s390", reference:"0.0.20020816-0.woody.3")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-source-2.4.17", reference:"2.4.17-1woody3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-029.NASL
    descriptionA vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CVE-2004-0003). A local root vulnerability was discovered in the isofs component of the Linux kernel by iDefense. This vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO filesystem, or attempting to access a file via a malformed symlink on such a filesystem (CVE-2004-0109). An information leak was discovered in the ext3 filesystem code by Solar Designer. It was discovered that when creating or writing to an ext3 filesystem, some amount of other in-memory data gets written to the device. The data is not the file
    last seen2020-06-01
    modified2020-06-02
    plugin id14128
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14128
    titleMandrake Linux Security Advisory : kernel (MDKSA-2004:029)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2004:029. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14128);
      script_version ("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2004-0003", "CVE-2004-0109", "CVE-2004-0133", "CVE-2004-0177", "CVE-2004-0178", "CVE-2004-0181");
      script_xref(name:"MDKSA", value:"2004:029");
    
      script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2004:029)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability was found in the R128 DRI driver by Alan Cox. This
    could allow local privilege escalation. The previous fix, in
    MDKSA-2004:015 only partially corrected the problem; the full fix is
    included (CVE-2004-0003).
    
    A local root vulnerability was discovered in the isofs component of
    the Linux kernel by iDefense. This vulnerability can be triggered by
    performing a directory listing on a maliciously constructed ISO
    filesystem, or attempting to access a file via a malformed symlink on
    such a filesystem (CVE-2004-0109).
    
    An information leak was discovered in the ext3 filesystem code by
    Solar Designer. It was discovered that when creating or writing to an
    ext3 filesystem, some amount of other in-memory data gets written to
    the device. The data is not the file's contents, not something on the
    same filesystem, or even anything that was previously in a file at
    all. To obtain this data, a user needs to read the raw device
    (CVE-2004-0177).
    
    The same vulnerability was also found in the XFS filesystem code
    (CVE-2004-0133) and the JFS filesystem code (CVE-2004-0181).
    
    Finally, a vulnerability in the OSS code for SoundBlaster 16 devices
    was discovered by Andreas Kies. It is possible for local users with
    access to the sound system to crash the machine (CVE-2004-0178).
    
    The provided packages are patched to fix these vulnerabilities. All
    users are encouraged to upgrade to these updated kernels.
    
    To update your kernel, please follow the directions located at :
    
    http://www.mandrakesecure.net/en/kernelupdate.php"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.4.21.0.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.4.22.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.4.25.3mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.3.8mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.21.0.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.22.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.25.3mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.3.8mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.4.22.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.4.25.3mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.3.8mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-p3-smp-64GB-2.4.22.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-p3-smp-64GB-2.4.25.3mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-p3-smp-64GB-2.6.3.8mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure-2.4.21.0.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure-2.4.22.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure-2.6.3.8mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.4.21.0.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.4.22.29mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.4.25.3mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.3.8mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/04/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-2.4.25.3mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-2.6.3.8mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-enterprise-2.4.25.3mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-enterprise-2.6.3.8mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.4.25.3mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.3.8mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-p3-smp-64GB-2.4.25.3mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-p3-smp-64GB-2.6.3.8mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-secure-2.6.3.8mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-smp-2.4.25.3mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-smp-2.6.3.8mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-source-2.4.25-3mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-source-stripped-2.6.3-8mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-2.4.21.0.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-enterprise-2.4.21.0.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-secure-2.4.21.0.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-smp-2.4.21.0.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-source-2.4.21-0.29mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.2", reference:"kernel-2.4.22.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"kernel-enterprise-2.4.22.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"kernel-i686-up-4GB-2.4.22.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"kernel-p3-smp-64GB-2.4.22.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"kernel-secure-2.4.22.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"kernel-smp-2.4.22.29mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"kernel-source-2.4.22-29mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-491.NASL
    descriptionSeveral serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.19 for the MIPS architecture. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update : - CAN-2004-0003 A vulnerability has been discovered in the R128 DRI driver in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this. - CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. - CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. - CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id15328
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15328
    titleDebian DSA-491-1 : linux-kernel-2.4.19-mips - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-491. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15328);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2004-0003", "CVE-2004-0010", "CVE-2004-0109", "CVE-2004-0177", "CVE-2004-0178");
      script_bugtraq_id(9570, 9691, 9985, 10141, 10152);
      script_xref(name:"DSA", value:"491");
    
      script_name(english:"Debian DSA-491-1 : linux-kernel-2.4.19-mips - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several serious problems have been discovered in the Linux kernel.
    This update takes care of Linux 2.4.19 for the MIPS architecture. The
    Common Vulnerabilities and Exposures project identifies the following
    problems that will be fixed with this update :
    
      - CAN-2004-0003
        A vulnerability has been discovered in the R128 DRI
        driver in the Linux kernel which could potentially lead
        an attacker to gain unauthorised privileges. Alan Cox
        and Thomas Biege developed a correction for this.
    
      - CAN-2004-0010
    
        Arjan van de Ven discovered a stack-based buffer
        overflow in the ncp_lookup function for ncpfs in the
        Linux kernel, which could lead an attacker to gain
        unauthorised privileges. Petr Vandrovec developed a
        correction for this.
    
      - CAN-2004-0109
    
        zen-parse discovered a buffer overflow vulnerability in
        the ISO9660 filesystem component of Linux kernel which
        could be abused by an attacker to gain unauthorised root
        access. Sebastian Krahmer and Ernie Petrides developed a
        correction for this.
    
      - CAN-2004-0177
    
        Solar Designer discovered an information leak in the
        ext3 code of Linux. In a worst case an attacker could
        read sensitive data such as cryptographic keys which
        would otherwise never hit disk media. Theodore Ts'o
        developed a correction for this.
    
      - CAN-2004-0178
    
        Andreas Kies discovered a denial of service condition in
        the Sound Blaster driver in Linux. He also developed a
        correction for this.
    
    These problems are also fixed by upstream in Linux 2.4.26 and will be
    fixed in Linux 2.6.6.
    
    The following security matrix explains which kernel versions for which
    architectures are already fixed and which will be removed instead.
    
      Architecture              stable (woody)            unstable (sid)            removed in sid            
      source                    2.4.19-4.woody2           2.4.25-3                  2.4.19-11                 
      mips                      2.4.19-0.020911.1.woody4  2.4.25-0.040415.1         2.4.19-0.020911.8"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-491"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the kernel packages immediately, either with a Debian provided
    kernel or with a self compiled one.
    
     Vulnerability matrix for CAN-2004-0109"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.19 kernel-patch-2.4.19-mips");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_set_attribute(attribute:"vuln_publication_date", value:"2002/06/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.19", reference:"2.4.19-4.woody2")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.19", reference:"2.4.19-0.020911.1.woody4")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-r4k-ip22", reference:"2.4.19-0.020911.1.woody4")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-r5k-ip22", reference:"2.4.19-0.020911.1.woody4")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.19-mips", reference:"2.4.19-0.020911.1.woody4")) flag++;
    if (deb_check(release:"3.0", prefix:"kernel-source-2.4.19", reference:"2.4.19-4.woody2")) flag++;
    if (deb_check(release:"3.0", prefix:"mips-tools", reference:"2.4.19-0.020911.1.woody4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-437.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the fifth regular update. The Linux kernel handles the basic functions of the operating system. This is the fifth regular kernel update to Red Hat Enterprise Linux version 2.1. It contains one minor security fix, many bug fixes, and updates a number of device drivers. A bug in the SoundBlaster 16 code which did not properly handle certain sample sizes has been fixed. This flaw could be used by local users to crash a system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0178 to this issue. The following drivers have also been updated : * cciss v2.4.52 * e1000 v5252k1 * e100 v2.3.43-k1 * fusion v2.05.16 * ips v7.00.15 * aacraid v1.1.5 * megaraid2 v2.10.6 All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id14309
    published2004-08-18
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14309
    titleRHEL 2.1 : kernel (RHSA-2004:437)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-479.NASL
    descriptionSeveral serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc architectures. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update : - CAN-2004-0003 A vulnerability has been discovered in the R128 DRI driver in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this. - CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. - CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. - CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id15316
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15316
    titleDebian DSA-479-1 : linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-480.NASL
    descriptionSeveral serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 and 2.4.18 for the hppa (PA-RISC) architecture. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update : - CAN-2004-0003 A vulnerability has been discovered in the R128 DRI driver in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this. - CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. - CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. - CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id15317
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15317
    titleDebian DSA-480-1 : linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-495.NASL
    descriptionSeveral serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.16 for the ARM architecture. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update : - CAN-2003-0127 The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. - CAN-2004-0003 A vulnerability has been discovered in the R128 DRI driver in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this. - CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. - CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. - CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case a local attacker could obtain sensitive information (such as cryptographic keys in another worst case) which would otherwise never hit disk media. Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id15332
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15332
    titleDebian DSA-495-1 : linux-kernel-2.4.16-arm - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-413.NASL
    descriptionUpdated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. Paul Starzetz discovered flaws in the Linux kernel when handling file offset pointers. These consist of invalid conversions of 64 to 32-bit file offset pointers and possible race conditions. A local unprivileged user could make use of these flaws to access large portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0415 to this issue. These packages contain a patch written by Al Viro to correct these flaws. Red Hat would like to thank iSEC Security Research for disclosing this issue and a number of vendor-sec participants for reviewing and working on the patch to this issue. In addition, these packages correct a number of minor security issues : An bug in the e1000 network driver. This bug could be used by local users to leak small amounts of kernel memory (CVE-2004-0535). A bug in the SoundBlaster 16 code which does not properly handle certain sample sizes. This flaw could be used by local users to crash a system (CVE-2004-0178). A possible NULL pointer dereference in the Linux kernel prior to 2.4.26 on the Itanium platform could allow a local user to crash a system (CVE-2004-0447). Inappropriate permissions on /proc/scsi/qla2300/HbaApiNode (CVE-2004-0587). All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id14239
    published2004-08-09
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14239
    titleRHEL 3 : kernel (RHSA-2004:413)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-481.NASL
    descriptionSeveral serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the IA-64 architecture. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update : - CAN-2004-0003 A vulnerability has been discovered in the R128 DRI driver in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this. - CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. - CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. - CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id15318
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15318
    titleDebian DSA-481-1 : linux-kernel-2.4.17-ia64 - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-111.NASL
    descriptionA memory leak was fixed in an error path in the do_fork() routine. This was unlikely to have caused problems in real world situations. The information leak fixed in the previous errata was also found to affect XFS and JFS. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2004-0133 and CVE-2004-0181 respectively. A vulnerability in the OSS code for SoundBlaster 16 devices was discovered by Andreas Kies. It is possible for local users with access to the sound system to crash the machine (CVE-2004-0178). An automated checked from http://www.coverity.com highlighted a range checking bug in the i810 DRM driver. This was fixed by Andrea Arcangeli and Chris Wright. Arjan van de Ven discovered the framebuffer code was doing direct userspace accesses instead of using correct interfaces to write to userspace. Brad Spengler found a signedness issue in the cpufreq proc handler which could lead to users being able to read arbitary regions of kernel memory. This was fixed by Dominik Brodowski. Shaun Colley found a potential buffer overrun in the panic() function. As this function does not ever return, it is unlikely that this is exploitable, but has been fixed nonetheless. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2004-0394 to this issue. Paul Starzetz and Wojciech Purczynski found a lack of bounds checking in the MCAST_MSFILTER socket option which allows user code to write into kernel space, potentially giving the attacker full root priveledges. There has already been proof of concept code published exploiting this hole in a local denial-of-service manner. http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt has more information. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2004-0424 to this issue. The previous security errata actually missed fixes for several important problems. This has been corrected in this update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id13692
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13692
    titleFedora Core 1 : kernel-2.4.22-1.2188.nptl (2004-111)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-489.NASL
    descriptionSeveral serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the MIPS and MIPSel architectures. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update : - CAN-2004-0003 A vulnerability has been discovered in the R128 DRI driver in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this. - CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. - CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. - CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id15326
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15326
    titleDebian DSA-489-1 : linux-kernel-2.4.17-mips+mipsel - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200407-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200407-02 (Linux Kernel: Multiple vulnerabilities) Multiple flaws have been discovered in the Linux kernel. This advisory corrects the following issues: CAN-2004-0109: This vulnerability allows privilege escalation using ISO9660 file systems through a buffer overflow via a malformed file system containing a long symbolic link entry. This can allow arbitrary code execution at kernel level. CAN-2004-0133: The XFS file system in 2.4 series kernels has an information leak by which data in the memory can be written to the device hosting the file system, allowing users to obtain portions of kernel memory by reading the raw block device. CAN-2004-0177: The ext3 file system in 2.4 series kernels does not properly initialize journal descriptor blocks, causing an information leak by which data in the memory can be written to the device hosting the file system, allowing users to obtain portions of kernel memory by reading the raw device. CAN-2004-0181: The JFS file system in 2.4 series kernels has an information leak by which data in the memory can be written to the device hosting the file system, allowing users to obtain portions of kernel memory by reading the raw device. CAN-2004-0178: The OSS Sound Blaster [R] Driver has a Denial of Service vulnerability since it does not handle certain sample sizes properly. This allows local users to hang the kernel. CAN-2004-0228: Due to an integer signedness error in the CPUFreq /proc handler code in 2.6 series Linux kernels, local users can escalate their privileges. CAN-2004-0229: The framebuffer driver in 2.6 series kernel drivers does not use the fb_copy_cmap method of copying structures. The impact of this issue is unknown, however. CAN-2004-0394: A buffer overflow in the panic() function of 2.4 series Linux kernels exists, but it may not be exploitable under normal circumstances due to its functionality. CAN-2004-0427: The do_fork() function in both 2.4 and 2.6 series Linux kernels does not properly decrement the mm_count counter when an error occurs, triggering a memory leak that allows local users to cause a Denial of Service by exhausting other applications of memory; causing the kernel to panic or to kill services. CAN-2004-0495: Multiple vulnerabilities found by the Sparse source checker in the kernel allow local users to escalate their privileges or gain access to kernel memory. CAN-2004-0535: The e1000 NIC driver does not properly initialize memory structures before using them, allowing users to read kernel memory. CAN-2004-0554: 2.4 and 2.6 series kernels running on an x86 or an AMD64 architecture allow local users to cause a Denial of Service by a total system hang, due to an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions. Local DoS in PaX: If ASLR is enabled as a GRSecurity PaX feature, a Denial of Service can be achieved by putting the kernel into an infinite loop. Only 2.6 series GRSecurity kernels are affected by this issue. RSBAC 1.2.3 JAIL issues: A flaw in the RSBAC JAIL implementation allows suid/sgid files to be created inside the jail since the relevant module does not check the corresponding mode values. This can allow privilege escalation inside the jail. Only rsbac-(dev-)sources are affected by this issue. Impact : Arbitrary code with normal non-super-user privileges may be able to exploit any of these vulnerabilities; gaining kernel level access to memory structures and hardware devices. This may be used for further exploitation of the system, to leak sensitive data or to cause a Denial of Service on the affected kernel. Workaround : Although users may not be affected by certain vulnerabilities, all kernels are affected by the CAN-2004-0394, CAN-2004-0427 and CAN-2004-0554 issues which have no workaround. As a result, all users are urged to upgrade their kernels to patched versions.
    last seen2020-06-01
    modified2020-06-02
    plugin id14535
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14535
    titleGLSA-200407-02 : Linux Kernel: Multiple vulnerabilities

Oval

accepted2013-04-29T04:19:21.277-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionThe OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
familyunix
idoval:org.mitre.oval:def:9427
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
version26

Redhat

advisories
  • rhsa
    idRHSA-2004:413
  • rhsa
    idRHSA-2004:437
rpms
  • kernel-0:2.4.21-15.0.4.EL
  • kernel-BOOT-0:2.4.21-15.0.4.EL
  • kernel-debuginfo-0:2.4.21-15.0.4.EL
  • kernel-doc-0:2.4.21-15.0.4.EL
  • kernel-hugemem-0:2.4.21-15.0.4.EL
  • kernel-hugemem-unsupported-0:2.4.21-15.0.4.EL
  • kernel-smp-0:2.4.21-15.0.4.EL
  • kernel-smp-unsupported-0:2.4.21-15.0.4.EL
  • kernel-source-0:2.4.21-15.0.4.EL
  • kernel-unsupported-0:2.4.21-15.0.4.EL