Vulnerabilities > CVE-2004-0814

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

linux

ubuntu

nessus

NVD

Published: 2004-12-23

Updated: 2017-10-11

Summary

Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 2.4.18 Linux Linux Kernel 2.4.15 Linux Linux Kernel 2.2.10 Linux Linux Kernel 2.4.0 Linux Linux Kernel 2.2.21 Linux Linux Kernel 2.6.5 Linux Linux Kernel 2.4.11 Linux Linux Kernel 2.6.1 Linux Linux Kernel 2.4.27 Linux Linux Kernel 2.4.26 Linux Linux Kernel 2.2.13 Linux Linux Kernel 2.2.0 Linux Linux Kernel 2.4.19 Linux Linux Kernel 2.4.21 Linux Linux Kernel 2.4.12 Linux Linux Kernel 2.4.13 Linux Linux Kernel 2.6.0 Linux Linux Kernel 2.2.18 Linux Linux Kernel 2.6.3 Linux Linux Kernel 2.2.3 Linux Linux Kernel 2.4.17 Linux Linux Kernel 2.6.4 Linux Linux Kernel 2.6_Test9_Cvs Linux Linux Kernel 2.6.7 Linux Linux Kernel 2.4.23_Ow2 Linux Linux Kernel 2.2.2 Linux Linux Kernel 2.2.22 Linux Linux Kernel 2.4.23 Linux Linux Kernel 2.6.2 Linux Linux Kernel 2.6.8 Linux Linux Kernel 2.4.7 Linux Linux Kernel 2.2.15 Linux Linux Kernel 2.4.25 Linux Linux Kernel 2.2.8 Linux Linux Kernel 2.4.24 Linux Linux Kernel 2.4.9 Linux Linux Kernel 2.2.7 Linux Linux Kernel 2.2.16 Linux Linux Kernel 2.2.1 Linux Linux Kernel 2.2.12 Linux Linux Kernel 2.4.24_Ow1 Linux Linux Kernel 2.4.10 Linux Linux Kernel 2.2.25 Linux Linux Kernel 2.4.2 Linux Linux Kernel 2.4.16 Linux Linux Kernel 2.2.23 Linux Linux Kernel 2.4.8 Linux Linux Kernel 2.4.14 Linux Linux Kernel 2.2.19 Linux Linux Kernel 2.2.15_Pre20 Linux Linux Kernel 2.4.22 Linux Linux Kernel 2.2.20 Linux Linux Kernel 2.4.5 Linux Linux Kernel 2.6.6 Linux Linux Kernel 2.4.3 Linux Linux Kernel 2.2.14 Linux Linux Kernel 2.2.11 Linux Linux Kernel 2.4.1 Linux Linux Kernel 2.4.4 Linux Linux Kernel 2.2.24 Linux Linux Kernel 2.2.17 Linux Linux Kernel 2.4.6 Linux Linux Kernel 2.2.9 Linux Linux Kernel 2.4.20	118
OS	Ubuntu Ubuntu Ubuntu Linux 4.1	2

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-38-1.NASL
description	CAN-2004-0814 : Vitaly V. Bursov discovered a Denial of Service vulnerability in the
last seen	2020-06-01
modified	2020-06-02
plugin id	20654
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20654
title	Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-38-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-38-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20654); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2004-0814", "CVE-2004-1016", "CVE-2004-1056", "CVE-2004-1058", "CVE-2004-1068", "CVE-2004-1069", "CVE-2004-1137", "CVE-2004-1151"); script_xref(name:"USN", value:"38-1"); script_name(english:"Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-38-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "CAN-2004-0814 : Vitaly V. Bursov discovered a Denial of Service vulnerability in the 'serio' code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup. Fixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third-party user installed modules might not work any more with the new kernel, so this fixed kernel got a new ABI version number. You have to recompile and reinstall all third-party modules. CAN-2004-1016 : Paul Starzetz discovered a buffer overflow vulnerability in the '__scm_send' function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation. CAN-2004-1056 : Thomas Hellstrom discovered a Denial of Service vulnerability in the Direct Rendering Manager (DRM) drivers. Due to an insufficient DMA lock checking, any authorized client could send arbitrary values to the video card, which could cause an X server crash or modification of the video output. CAN-2004-1058 : Rob Landley discovered a race condition in the handling of /proc/.../cmdline. Under very rare circumstances an user could read the environment variables of another process that was still spawning. Environment variables are often used to pass passwords and other private information to other processes. CAN-2004-1068 : A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel. CAN-2004-1069 : Ross Kendall Axe discovered a possible kernel panic (causing a Denial of Service) while sending AF_UNIX network packages if the kernel options CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled. This is not the case in the kernel packages shipped in Warty Warthog; however, if you recompiled the kernel using SELinux, you are affected by this flaw. CAN-2004-1137 : Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket. CAN-2004-1151 : Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation. This vulnerability only affects the amd64 architecture. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-control"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-driver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-driver-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-4-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-4-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-4-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-4-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-4-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-4-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-4-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-4-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-4-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-4-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-4-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-4-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-4-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-4-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6.8.1-4-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6.8.1-4-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6.8.1-4-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6.8.1-4-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6.8.1-4-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6.8.1-4-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6.8.1-4-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"fglrx-control", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"fglrx-driver", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"fglrx-driver-dev", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-386", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-686", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-686-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-amd64-generic", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-amd64-k8", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-amd64-k8-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-amd64-xeon", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-doc", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-doc-2.6.8.1", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6-386", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6-686", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6-686-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6-amd64-generic", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6-amd64-k8", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6-amd64-k8-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6-amd64-xeon", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-4", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-4-386", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-4-686", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-4-686-smp", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-4-amd64-generic", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-4-amd64-k8", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-4-amd64-k8-smp", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-4-amd64-xeon", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6-386", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6-686", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6-686-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6-amd64-generic", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6-amd64-k8", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6-amd64-k8-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6-amd64-xeon", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-4-386", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-4-686", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-4-686-smp", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-4-amd64-generic", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-4-amd64-k8", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-4-amd64-k8-smp", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-4-amd64-xeon", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-386", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-686", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-686-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-amd64-generic", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-amd64-k8", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-amd64-k8-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-amd64-xeon", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-patch-debian-2.6.8.1", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6-386", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6-686", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6-686-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6-amd64-generic", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6-amd64-k8", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6-amd64-k8-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6-amd64-xeon", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6.8.1-4-386", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6.8.1-4-686", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6.8.1-4-686-smp", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6.8.1-4-amd64-generic", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6.8.1-4-amd64-k8", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6.8.1-4-amd64-k8-smp", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-2.6.8.1-4-amd64-xeon", pkgver:"2.6.8.1.3-5")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-386", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-686", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-686-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-amd64-generic", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-amd64-k8", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-amd64-k8-smp", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-restricted-modules-amd64-xeon", pkgver:"2.6.8.1-14")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-source-2.6.8.1", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-tree-2.6.8.1", pkgver:"2.6.8.1-16.3")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"nvidia-glx", pkgver:"1.0.6111-1ubuntu8")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"nvidia-glx-dev", pkgver:"1.0.6111-1ubuntu8")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"nvidia-kernel-source", pkgver:"1.0.6111-1ubuntu8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fglrx-control / fglrx-driver / fglrx-driver-dev / linux-386 / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2005_018.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2005:018 (kernel). The Linux kernel is the core component of the Linux system. Several vulnerabilities were reported in the last few weeks which are fixed by this update.
last seen	2020-06-01
modified	2020-06-02
plugin id	17617
published	2005-03-25
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17617
title	SUSE-SA:2005:018: kernel
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:018 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(17617); script_version ("1.12"); script_cve_id("CVE-2004-0814", "CVE-2004-1333", "CVE-2005-0003", "CVE-2005-0209", "CVE-2005-0210", "CVE-2005-0384", "CVE-2005-0449", "CVE-2005-0504", "CVE-2005-0529", "CVE-2005-0530", "CVE-2005-0532"); name["english"] = "SUSE-SA:2005:018: kernel"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:018 (kernel). The Linux kernel is the core component of the Linux system. Several vulnerabilities were reported in the last few weeks which are fixed by this update." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_18_kernel.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(20, 119, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2005/03/25"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_end_attributes(); summary["english"] = "Check for the version of the kernel package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"k_athlon-2.4.20-131", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_deflt-2.4.20-131", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_psmp-2.4.20-131", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_smp-2.4.20-131", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.4.20.SuSE-131", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"Intel-536ep-4.62-23", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"Intel-v92ham-4.53-23", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_athlon-2.4.21-280", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_deflt-2.4.21-280", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_smp-2.4.21-280", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_smp4G-2.4.21-280", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_um-2.4.21-280", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.4.21-280", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-8.26a-212", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.5-7.151", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.5-7.151", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.5-7.151", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.5-7.151", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.5-7.151", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-2.6.2-38.14", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-docs-2.6.5-7.151", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"Intel-536ep-4.69-5.6", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-nongpl-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-nongpl-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-nongpl-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-nongpl-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-8.31a8-6.6", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-install-initrd-1.0-48.6", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-kernel-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-docs-2.6.8-24.13", release:"SUSE9.2") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"kernel-", release:"SUSE8.2") \|\| rpm_exists(rpm:"kernel-", release:"SUSE9.0") \|\| rpm_exists(rpm:"kernel-", release:"SUSE9.1") \|\| rpm_exists(rpm:"kernel-", release:"SUSE9.2") ) { set_kb_item(name:"CVE-2004-0814", value:TRUE); set_kb_item(name:"CVE-2004-1333", value:TRUE); set_kb_item(name:"CVE-2005-0003", value:TRUE); set_kb_item(name:"CVE-2005-0209", value:TRUE); set_kb_item(name:"CVE-2005-0210", value:TRUE); set_kb_item(name:"CVE-2005-0384", value:TRUE); set_kb_item(name:"CVE-2005-0449", value:TRUE); set_kb_item(name:"CVE-2005-0504", value:TRUE); set_kb_item(name:"CVE-2005-0529", value:TRUE); set_kb_item(name:"CVE-2005-0530", value:TRUE); set_kb_item(name:"CVE-2005-0532", value:TRUE); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-293.NASL
description	Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. The following security issues were fixed : The Vicam USB driver did not use the copy_from_user function to access userspace, crossing security boundaries. (CVE-2004-0075) The ext3 and jfs code did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. (CVE-2004-0177) The terminal layer did not properly lock line discipline changes or pending IO. An unprivileged local user could read portions of kernel memory, or cause a denial of service (system crash). (CVE-2004-0814) A race condition was discovered. Local users could use this flaw to read the environment variables of another process that is still spawning via /proc/.../cmdline. (CVE-2004-1058) A flaw in the execve() syscall handling was discovered, allowing a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073). Red Hat originally reported this as being fixed by RHSA-2004:549, but the associated fix was missing from that update. Keith Owens reported a flaw in the Itanium unw_unwind_to_user() function. A local user could use this flaw to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0135) A missing Itanium syscall table entry could allow an unprivileged local user to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0137) A flaw affecting the OUTS instruction on the AMD64 and Intel EM64T architectures was discovered. A local user could use this flaw to access privileged IO ports. (CVE-2005-0204) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CVE-2005-0384) A flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was discovered that left a pointer to a freed tty structure. A local user could potentially use this flaw to cause a denial of service (system crash) or possibly gain read or write access to ttys that should normally be prevented. (CVE-2005-0403) A flaw in fragment queuing was discovered affecting the netfilter subsystem. On systems configured to filter or process network packets (for example those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CVE-2005-0449) Missing validation of an epoll_wait() system call parameter could allow a local user to cause a denial of service (system crash) on the IBM S/390 and zSeries architectures. (CVE-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (system crash). (CVE-2005-0749) A flaw was discovered in the bluetooth driver system. On system where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CVE-2005-0750) In addition to the security issues listed above, there was an important fix made to the handling of the msync() system call for a particular case in which the call could return without queuing modified mmap()
last seen	2020-06-01
modified	2020-06-02
plugin id	18128
published	2005-04-25
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/18128
title	RHEL 3 : kernel (RHSA-2005:293)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:293. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(18128); script_version ("1.33"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-0075", "CVE-2004-0177", "CVE-2004-0814", "CVE-2004-1058", "CVE-2004-1073", "CVE-2005-0135", "CVE-2005-0137", "CVE-2005-0204", "CVE-2005-0384", "CVE-2005-0403", "CVE-2005-0449", "CVE-2005-0736", "CVE-2005-0749", "CVE-2005-0750"); script_xref(name:"RHSA", value:"2005:293"); script_name(english:"RHEL 3 : kernel (RHSA-2005:293)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. The following security issues were fixed : The Vicam USB driver did not use the copy_from_user function to access userspace, crossing security boundaries. (CVE-2004-0075) The ext3 and jfs code did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. (CVE-2004-0177) The terminal layer did not properly lock line discipline changes or pending IO. An unprivileged local user could read portions of kernel memory, or cause a denial of service (system crash). (CVE-2004-0814) A race condition was discovered. Local users could use this flaw to read the environment variables of another process that is still spawning via /proc/.../cmdline. (CVE-2004-1058) A flaw in the execve() syscall handling was discovered, allowing a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073). Red Hat originally reported this as being fixed by RHSA-2004:549, but the associated fix was missing from that update. Keith Owens reported a flaw in the Itanium unw_unwind_to_user() function. A local user could use this flaw to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0135) A missing Itanium syscall table entry could allow an unprivileged local user to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0137) A flaw affecting the OUTS instruction on the AMD64 and Intel EM64T architectures was discovered. A local user could use this flaw to access privileged IO ports. (CVE-2005-0204) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CVE-2005-0384) A flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was discovered that left a pointer to a freed tty structure. A local user could potentially use this flaw to cause a denial of service (system crash) or possibly gain read or write access to ttys that should normally be prevented. (CVE-2005-0403) A flaw in fragment queuing was discovered affecting the netfilter subsystem. On systems configured to filter or process network packets (for example those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CVE-2005-0449) Missing validation of an epoll_wait() system call parameter could allow a local user to cause a denial of service (system crash) on the IBM S/390 and zSeries architectures. (CVE-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (system crash). (CVE-2005-0749) A flaw was discovered in the bluetooth driver system. On system where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CVE-2005-0750) In addition to the security issues listed above, there was an important fix made to the handling of the msync() system call for a particular case in which the call could return without queuing modified mmap()'ed data for file system update. (BZ 147969) Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures/configurations Please note that the fix for CVE-2005-0449 required changing the external symbol linkages (kernel module ABI) for the ip_defrag() and ip_ct_gather_frags() functions. Any third-party module using either of these would also need to be fixed." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0075" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0177" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0814" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1058" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1073" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0135" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0137" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0204" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0384" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0403" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0449" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0736" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0749" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0750" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:293" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2004-0075", "CVE-2004-0177", "CVE-2004-0814", "CVE-2004-1058", "CVE-2004-1073", "CVE-2005-0135", "CVE-2005-0137", "CVE-2005-0204", "CVE-2005-0384", "CVE-2005-0403", "CVE-2005-0449", "CVE-2005-0736", "CVE-2005-0749", "CVE-2005-0750"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2005:293"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:293"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"kernel-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"kernel-doc-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-unsupported-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-unsupported-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"kernel-source-2.4.21-27.0.4.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"kernel-unsupported-2.4.21-27.0.4.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc"); } }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-293.NASL
description	Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. The following security issues were fixed : The Vicam USB driver did not use the copy_from_user function to access userspace, crossing security boundaries. (CVE-2004-0075) The ext3 and jfs code did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. (CVE-2004-0177) The terminal layer did not properly lock line discipline changes or pending IO. An unprivileged local user could read portions of kernel memory, or cause a denial of service (system crash). (CVE-2004-0814) A race condition was discovered. Local users could use this flaw to read the environment variables of another process that is still spawning via /proc/.../cmdline. (CVE-2004-1058) A flaw in the execve() syscall handling was discovered, allowing a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073). Red Hat originally reported this as being fixed by RHSA-2004:549, but the associated fix was missing from that update. Keith Owens reported a flaw in the Itanium unw_unwind_to_user() function. A local user could use this flaw to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0135) A missing Itanium syscall table entry could allow an unprivileged local user to cause a denial of service (system crash) on the Itanium architecture. (CVE-2005-0137) A flaw affecting the OUTS instruction on the AMD64 and Intel EM64T architectures was discovered. A local user could use this flaw to access privileged IO ports. (CVE-2005-0204) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CVE-2005-0384) A flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was discovered that left a pointer to a freed tty structure. A local user could potentially use this flaw to cause a denial of service (system crash) or possibly gain read or write access to ttys that should normally be prevented. (CVE-2005-0403) A flaw in fragment queuing was discovered affecting the netfilter subsystem. On systems configured to filter or process network packets (for example those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CVE-2005-0449) Missing validation of an epoll_wait() system call parameter could allow a local user to cause a denial of service (system crash) on the IBM S/390 and zSeries architectures. (CVE-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (system crash). (CVE-2005-0749) A flaw was discovered in the bluetooth driver system. On system where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CVE-2005-0750) In addition to the security issues listed above, there was an important fix made to the handling of the msync() system call for a particular case in which the call could return without queuing modified mmap()
last seen	2020-06-01
modified	2020-06-02
plugin id	21923
published	2006-07-05
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21923
title	CentOS 3 : kernel (CESA-2005:293)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-022.NASL
description	A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with this advisory : - Multiple race conditions in the terminal layer of 2.4 and 2.6 kernels (prior to 2.6.9) can allow a local attacker to obtain portions of kernel data or allow remote attackers to cause a kernel panic by switching from console to PPP line discipline, then quickly sending data that is received during the switch (CVE-2004-0814) - Richard Hart found an integer underflow problem in the iptables firewall logging rules that can allow a remote attacker to crash the machine by using a specially crafted IP packet. This is only possible, however, if firewalling is enabled. The problem only affects 2.6 kernels and was fixed upstream in 2.6.8 (CVE-2004-0816) - Stefan Esser found several remote DoS confitions in the smbfs file system. This could be exploited by a hostile SMB server (or an attacker injecting packets into the network) to crash the client systems (CVE-2004-0883 and CVE-2004-0949) - Paul Starzetz and Georgi Guninski reported, independently, that bad argument handling and bad integer arithmetics in the IPv4 sendmsg handling of control messages could lead to a local attacker crashing the machine. The fixes were done by Herbert Xu (CVE-2004-1016) - Rob Landley discovered a race condition in the handling of /proc/.../cmdline where, under rare circumstances, a user could read the environment variables of another process that was still spawning leading to the potential disclosure of sensitive information such as passwords (CVE-2004-1058) - Paul Starzetz reported that the missing serialization in unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by a local attacker to gain elevated (root) privileges (CVE-2004-1068) - Ross Kendall Axe discovered a possible kernel panic (DoS) while sending AF_UNIX network packets if certain SELinux-related kernel options were enabled. By default the CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX options are not enabled (CVE-2004-1069) - Paul Starzetz of isec.pl discovered several issues with the error handling of the ELF loader routines in the kernel. The fixes were provided by Chris Wright (CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073) - It was discovered that hand-crafted a.out binaries could be used to trigger a local DoS condition in both the 2.4 and 2.6 kernels. The fixes were done by Chris Wright (CVE-2004-1074) - Paul Starzetz found bad handling in the IGMP code which could lead to a local attacker being able to crash the machine. The fix was done by Chris Wright (CVE-2004-1137) - Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions that could be used to overwrite kernel memory with attacker-supplied code resulting in privilege escalation (CVE-2004-1151) - Paul Starzetz found locally exploitable flaws in the binary format loader
last seen	2020-06-01
modified	2020-06-02
plugin id	16259
published	2005-01-26
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16259
title	Mandrake Linux Security Advisory : kernel (MDKSA-2005:022)

Oval

accepted

2013-04-29T04:08:09.872-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:10728

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa

id	RHSA-2005:293

rpms

kernel-0:2.4.21-27.0.4.EL
kernel-BOOT-0:2.4.21-27.0.4.EL
kernel-debuginfo-0:2.4.21-27.0.4.EL
kernel-doc-0:2.4.21-27.0.4.EL
kernel-hugemem-0:2.4.21-27.0.4.EL
kernel-hugemem-unsupported-0:2.4.21-27.0.4.EL
kernel-smp-0:2.4.21-27.0.4.EL
kernel-smp-unsupported-0:2.4.21-27.0.4.EL
kernel-source-0:2.4.21-27.0.4.EL
kernel-unsupported-0:2.4.21-27.0.4.EL

Vulnerabilities > CVE-2004-0814 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-0814"}]}

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References

Vulnerabilities > CVE-2004-0814