Vulnerabilities > CVE-2004-1017 - Local Integer Overflow vulnerability in Linux Kernel 2.4.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1067.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.16-1woody2 arm/lart 20040419woody1 arm/netwinder 20040419woody1 arm/riscpc 20040419woody1 last seen 2020-06-01 modified 2020-06-02 plugin id 22609 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22609 title Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1067. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22609); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2003-0984", "CVE-2004-0138", "CVE-2004-0394", "CVE-2004-0427", "CVE-2004-0447", "CVE-2004-0554", "CVE-2004-0565", "CVE-2004-0685", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-0997", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1074", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1333", "CVE-2004-1335", "CVE-2005-0001", "CVE-2005-0003", "CVE-2005-0124", "CVE-2005-0135", "CVE-2005-0384", "CVE-2005-0489", "CVE-2005-0504"); script_xref(name:"DSA", value:"1067"); script_name(english:"Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.16-1woody2 arm/lart 20040419woody1 arm/netwinder 20040419woody1 arm/riscpc 20040419woody1" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0427" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0489" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0394" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0447" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0554" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0565" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0685" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0001" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0883" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0949" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1016" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1333" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0997" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1335" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1017" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0124" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2003-0984" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1070" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1071" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1072" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1073" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1074" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0138" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1068" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1234" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0003" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1235" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0504" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0384" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0135" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1067" ); script_set_attribute( attribute:"solution", value:"Upgrade the kernel package immediately and reboot the machine." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.16-lart"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.16-netwinder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.16-riscpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.16"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.16", reference:"2.4.16-1woody3")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.16", reference:"20040419woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.16-lart", reference:"20040419woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.16-netwinder", reference:"20040419woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.16-riscpc", reference:"20040419woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-source-2.4.16", reference:"2.4.16-1woody3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2004-582.NASL description A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split. A number of security fixes are present in this update. CVE-2004-1016: Paul Starzetz discovered a buffer overflow vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 16107 published 2005-01-04 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16107 title Fedora Core 3 : kernel-2.6.9-1.724_FC3 (2004-582) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-582. # include("compat.inc"); if (description) { script_id(16107); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-582"); script_name(english:"Fedora Core 3 : kernel-2.6.9-1.724_FC3 (2004-582)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split. A number of security fixes are present in this update. CVE-2004-1016: Paul Starzetz discovered a buffer overflow vulnerability in the '__scm_send' function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation. CVE-2004-1017: Alan Cox reported two potential buffer overflows with the io_edgeport driver. CVE-2004-1068: A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel. CVE-2004-1137: Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket. CVE-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation. NO-CAN-ASSIGNED : - Fix memory leak in ip_conntrack_ftp (local DoS) - Do not leak IP options. (local DoS) - fix missing security_*() check in net/compat.c - ia64/x86_64/s390 overlapping vma fix - Fix bugs with SOCK_SEQPACKET AF_UNIX sockets - Make sure VC resizing fits in s16. Georgi Guninski reported a buffer overflow with vc_resize(). - Clear ebp on sysenter return. A small information leak was found by Brad Spengler. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-January/000545.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bc362619" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-smp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"kernel-2.6.9-1.724_FC3")) flag++; if (rpm_check(release:"FC3", reference:"kernel-debuginfo-2.6.9-1.724_FC3")) flag++; if (rpm_check(release:"FC3", reference:"kernel-doc-2.6.9-1.724_FC3")) flag++; if (rpm_check(release:"FC3", reference:"kernel-smp-2.6.9-1.724_FC3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-doc / kernel-smp"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1082.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.1 (sarge) Source 2.4.17-1woody4 HP Precision architecture 32.5 Intel IA-64 architecture 011226.18 IBM S/390 architecture/image 2.4.17-2.woody.5 IBM S/390 architecture/patch 0.0.20020816-0.woody.4 PowerPC architecture (apus) 2.4.17-6 MIPS architecture 2.4.17-0.020226.2.woody7 last seen 2020-06-01 modified 2020-06-02 plugin id 22624 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22624 title Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1082. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22624); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2003-0984", "CVE-2004-0138", "CVE-2004-0394", "CVE-2004-0427", "CVE-2004-0447", "CVE-2004-0554", "CVE-2004-0565", "CVE-2004-0685", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-0997", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1074", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1333", "CVE-2004-1335", "CVE-2005-0001", "CVE-2005-0003", "CVE-2005-0124", "CVE-2005-0135", "CVE-2005-0384", "CVE-2005-0489", "CVE-2005-0504"); script_xref(name:"DSA", value:"1082"); script_name(english:"Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.1 (sarge) Source 2.4.17-1woody4 HP Precision architecture 32.5 Intel IA-64 architecture 011226.18 IBM S/390 architecture/image 2.4.17-2.woody.5 IBM S/390 architecture/patch 0.0.20020816-0.woody.4 PowerPC architecture (apus) 2.4.17-6 MIPS architecture 2.4.17-0.020226.2.woody7" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0427" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0489" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0394" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0447" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0554" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0565" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0685" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0001" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0883" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0949" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1016" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1333" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0997" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1335" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1017" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0124" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2003-0984" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1070" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1071" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1072" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1073" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1074" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0138" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1068" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1234" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0003" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1235" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0504" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0384" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0135" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1082" ); script_set_attribute( attribute:"solution", value:"Upgrade the kernel package immediately and reboot the machine." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.17-hppa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.17-ia64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.17-s390"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.17-apus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.17-mips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.17-s390"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.17"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.17", reference:"2.4.17-1woody4")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17", reference:"2.4.17-2.woody.5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17-apus", reference:"2.4.17-6")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17-hppa", reference:"32.5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17-ia64", reference:"011226.18")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-32", reference:"32.5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-32-smp", reference:"32.5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-64", reference:"32.5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-64-smp", reference:"32.5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-apus", reference:"2.4.17-6")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-itanium", reference:"011226.18")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-itanium-smp", reference:"011226.18")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-mckinley", reference:"011226.18")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-mckinley-smp", reference:"011226.18")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-r3k-kn02", reference:"2.4.17-0.020226.2.woody7")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-r4k-ip22", reference:"2.4.17-0.020226.2.woody7")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-r4k-kn04", reference:"2.4.17-0.020226.2.woody7")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-r5k-ip22", reference:"2.4.17-0.020226.2.woody7")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-s390", reference:"2.4.17-2.woody.5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-apus", reference:"2.4.17-6")) flag++; if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-apus", reference:"2.4.17-6")) flag++; if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-mips", reference:"2.4.17-0.020226.2.woody7")) flag++; if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-s390", reference:"0.0.20020816-0.woody.4")) flag++; if (deb_check(release:"3.0", prefix:"kernel-source-2.4.17", reference:"2.4.17-1woody4")) flag++; if (deb_check(release:"3.0", prefix:"kernel-source-2.4.17-hppa", reference:"32.5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-source-2.4.17-ia64", reference:"011226.18")) flag++; if (deb_check(release:"3.0", prefix:"mips-tools", reference:"2.4.17-0.020226.2.woody7")) flag++; if (deb_check(release:"3.0", prefix:"mkcramfs", reference:"2.4.17-1woody3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1017.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2005-0449 An error in the skb_checksum_help() function from the netfilter framework has been discovered that allows the bypass of packet filter rules or a denial of service attack. - CVE-2005-2457 Tim Yamin discovered that insufficient input validation in the zisofs driver for compressed ISO file systems allows a denial of service attack through maliciously crafted ISO images. - CVE-2005-2490 A buffer overflow in the sendmsg() function allows local users to execute arbitrary code. - CVE-2005-2555 Herbert Xu discovered that the setsockopt() function was not restricted to users/processes with the CAP_NET_ADMIN capability. This allows attackers to manipulate IPSEC policies or initiate a denial of service attack. - CVE-2005-2709 Al Viro discovered a race condition in the /proc handling of network devices. A (local) attacker could exploit the stale reference after interface shutdown to cause a denial of service or possibly execute code in kernel mode. - CVE-2005-2800 Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices leak memory, which allows a denial of service attack. - CVE-2005-2973 Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code can be forced into an endless loop, which allows a denial of service attack. - CVE-2005-3044 Vasiliy Averin discovered that the reference counters from sockfd_put() and fput() can be forced into overlapping, which allows a denial of service attack through a NULL pointer dereference. - CVE-2005-3053 Eric Dumazet discovered that the set_mempolicy() system call accepts a negative value for its first argument, which triggers a BUG() assert. This allows a denial of service attack. - CVE-2005-3055 Harald Welte discovered that if a process issues a USB Request Block (URB) to a device and terminates before the URB completes, a stale pointer would be dereferenced. This could be used to trigger a denial of service attack. - CVE-2005-3180 Pavel Roskin discovered that the driver for Orinoco wireless cards clears its buffers insufficiently. This could leak sensitive information into user space. - CVE-2005-3181 Robert Derr discovered that the audit subsystem uses an incorrect function to free memory, which allows a denial of service attack. - CVE-2005-3257 Rudolf Polzer discovered that the kernel improperly restricts access to the KDSKBSENT ioctl, which can possibly lead to privilege escalation. - CVE-2005-3356 Doug Chapman discovered that the mq_open syscall can be tricked into decrementing an internal counter twice, which allows a denial of service attack through a kernel panic. - CVE-2005-3358 Doug Chapman discovered that passing a zero bitmask to the set_mempolicy() system call leads to a kernel panic, which allows a denial of service attack. - CVE-2005-3783 The ptrace code using CLONE_THREAD didn last seen 2020-06-01 modified 2020-06-02 plugin id 22559 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22559 title Debian DSA-1017-1 : kernel-source-2.6.8 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1017. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22559); script_version("1.21"); script_cvs_date("Date: 2019/10/16 10:34:21"); script_cve_id("CVE-2004-1017", "CVE-2005-0124", "CVE-2005-0449", "CVE-2005-2457", "CVE-2005-2490", "CVE-2005-2555", "CVE-2005-2709", "CVE-2005-2800", "CVE-2005-2973", "CVE-2005-3044", "CVE-2005-3053", "CVE-2005-3055", "CVE-2005-3180", "CVE-2005-3181", "CVE-2005-3257", "CVE-2005-3356", "CVE-2005-3358", "CVE-2005-3783", "CVE-2005-3784", "CVE-2005-3806", "CVE-2005-3847", "CVE-2005-3848", "CVE-2005-3857", "CVE-2005-3858", "CVE-2005-4605", "CVE-2005-4618", "CVE-2006-0095", "CVE-2006-0096", "CVE-2006-0482", "CVE-2006-1066"); script_xref(name:"DSA", value:"1017"); script_name(english:"Debian DSA-1017-1 : kernel-source-2.6.8 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2005-0449 An error in the skb_checksum_help() function from the netfilter framework has been discovered that allows the bypass of packet filter rules or a denial of service attack. - CVE-2005-2457 Tim Yamin discovered that insufficient input validation in the zisofs driver for compressed ISO file systems allows a denial of service attack through maliciously crafted ISO images. - CVE-2005-2490 A buffer overflow in the sendmsg() function allows local users to execute arbitrary code. - CVE-2005-2555 Herbert Xu discovered that the setsockopt() function was not restricted to users/processes with the CAP_NET_ADMIN capability. This allows attackers to manipulate IPSEC policies or initiate a denial of service attack. - CVE-2005-2709 Al Viro discovered a race condition in the /proc handling of network devices. A (local) attacker could exploit the stale reference after interface shutdown to cause a denial of service or possibly execute code in kernel mode. - CVE-2005-2800 Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices leak memory, which allows a denial of service attack. - CVE-2005-2973 Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code can be forced into an endless loop, which allows a denial of service attack. - CVE-2005-3044 Vasiliy Averin discovered that the reference counters from sockfd_put() and fput() can be forced into overlapping, which allows a denial of service attack through a NULL pointer dereference. - CVE-2005-3053 Eric Dumazet discovered that the set_mempolicy() system call accepts a negative value for its first argument, which triggers a BUG() assert. This allows a denial of service attack. - CVE-2005-3055 Harald Welte discovered that if a process issues a USB Request Block (URB) to a device and terminates before the URB completes, a stale pointer would be dereferenced. This could be used to trigger a denial of service attack. - CVE-2005-3180 Pavel Roskin discovered that the driver for Orinoco wireless cards clears its buffers insufficiently. This could leak sensitive information into user space. - CVE-2005-3181 Robert Derr discovered that the audit subsystem uses an incorrect function to free memory, which allows a denial of service attack. - CVE-2005-3257 Rudolf Polzer discovered that the kernel improperly restricts access to the KDSKBSENT ioctl, which can possibly lead to privilege escalation. - CVE-2005-3356 Doug Chapman discovered that the mq_open syscall can be tricked into decrementing an internal counter twice, which allows a denial of service attack through a kernel panic. - CVE-2005-3358 Doug Chapman discovered that passing a zero bitmask to the set_mempolicy() system call leads to a kernel panic, which allows a denial of service attack. - CVE-2005-3783 The ptrace code using CLONE_THREAD didn't use the thread group ID to determine whether the caller is attaching to itself, which allows a denial of service attack. - CVE-2005-3784 The auto-reaping of child processes functionality included ptraced-attached processes, which allows denial of service through dangling references. - CVE-2005-3806 Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable, which could lead to memory corruption and denial of service. - CVE-2005-3847 It was discovered that a threaded real-time process, which is currently dumping core can be forced into a dead-lock situation by sending it a SIGKILL signal, which allows a denial of service attack. - CVE-2005-3848 Ollie Wild discovered a memory leak in the icmp_push_reply() function, which allows denial of service through memory consumption. - CVE-2005-3857 Chris Wright discovered that excessive allocation of broken file lock leases in the VFS layer can exhaust memory and fill up the system logging, which allows denial of service. - CVE-2005-3858 Patrick McHardy discovered a memory leak in the ip6_input_finish() function from the IPv6 code, which allows denial of service. - CVE-2005-4605 Karl Janmar discovered that a signedness error in the procfs code can be exploited to read kernel memory, which may disclose sensitive information. - CVE-2005-4618 Yi Ying discovered that sysctl does not properly enforce the size of a buffer, which allows a denial of service attack. - CVE-2006-0095 Stefan Rompf discovered that dm_crypt does not clear an internal struct before freeing it, which might disclose sensitive information. - CVE-2006-0096 It was discovered that the SDLA driver's capability checks were too lax for firmware upgrades. - CVE-2006-0482 Ludovic Courtes discovered that get_compat_timespec() performs insufficient input sanitizing, which allows a local denial of service attack. - CVE-2006-1066 It was discovered that ptrace() on the ia64 architecture allows a local denial of service attack, when preemption is enabled." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295949" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332587" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332596" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330343" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330353" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327416" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1017" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0124" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0449" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2457" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2490" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2555" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2709" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2800" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2973" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3044" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3053" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3055" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3180" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3181" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3257" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3356" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3358" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3783" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3784" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3806" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3847" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3848" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3857" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3858" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4605" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4618" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0095" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0096" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0482" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-1066" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1017" ); script_set_attribute( attribute:"solution", value: "Upgrade the kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. The following matrix explains which kernel version for which architecture fix the problems mentioned above : Debian 3.1 (sarge) Source 2.6.8-16sarge2 Alpha architecture 2.6.8-16sarge2 AMD64 architecture 2.6.8-16sarge2 HP Precision architecture 2.6.8-6sarge2 Intel IA-32 architecture 2.6.8-16sarge2 Intel IA-64 architecture 2.6.8-14sarge2 Motorola 680x0 architecture 2.6.8-4sarge2 PowerPC architecture 2.6.8-12sarge2 IBM S/390 architecture 2.6.8-5sarge2 Sun Sparc architecture 2.6.8-15sarge2 The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update : Debian 3.1 (sarge) kernel-latest-2.6-alpha 101sarge1 kernel-latest-2.6-amd64 103sarge1 kernel-latest-2.6-hppa 2.6.8-1sarge1 kernel-latest-2.6-sparc 101sarge1 kernel-latest-2.6-i386 101sarge1 kernel-latest-powerpc 102sarge1 fai-kernels 1.9.1sarge1 hostap-modules-i386 0.3.7-1sarge1 mol-modules-2.6.8 0.9.70+2.6.8+12sarge1 ndiswrapper-modules-i386 1.1-2sarge1 This update introduces a change in the kernel's binary interface, the affected kernel packages inside Debian have been rebuilt, if you're running local addons you'll need to rebuild these as well. Due to the change in the package name you need to use apt-get dist-upgrade to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(20, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.6.8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"fai-kernels", reference:"1.9.1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-386", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-586tsc", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-686", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-686-smp", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-k6", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-k7", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-k7-smp", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-386", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-686", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-686-smp", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-k7", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-k7-smp", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-2", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power3", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power3-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power4", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power4-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-powerpc", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-powerpc-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-doc-2.6.8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-32", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-32-smp", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-386", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-64", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-64-smp", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-686", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-686-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-amd64-generic", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-amd64-k8", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-amd64-k8-smp", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-em64t-p4", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-em64t-p4-smp", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-generic", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-k7", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-k7-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-sparc32", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-sparc64", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-sparc64-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-generic", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-k8", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-k8-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-em64t-p4", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-em64t-p4-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-32", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-32-smp", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-386", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-64", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-64-smp", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-686", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-686-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-generic", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-itanium", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-itanium-smp", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-k7", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-k7-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-mckinley", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-mckinley-smp", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc32", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc64", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc64-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32-smp", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-386", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64-smp", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-generic", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc32", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-powerpc", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-powerpc-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-32", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-32-smp", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-386", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-64", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-64-smp", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-686", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-686-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-amd64-generic", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-amd64-k8", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-amd64-k8-smp", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-em64t-p4", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-em64t-p4-smp", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-generic", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-k7", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-k7-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power3", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power3-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power4", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power4-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-powerpc", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-powerpc-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-sparc32", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-sparc64", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-sparc64-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-generic", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-k8", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-k8-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-em64t-p4", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-em64t-p4-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-32", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-32-smp", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-386", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-64", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-64-smp", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-686", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-686-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-generic", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-itanium", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-itanium-smp", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-k7", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-k7-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-mckinley", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-mckinley-smp", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-s390", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-s390-tape", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-s390x", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc32", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc64", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc64-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32-smp", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-386", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64-smp", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-generic", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390", reference:"2.6.8-5sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390-tape", reference:"2.6.8-5sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390x", reference:"2.6.8-5sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc32", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-amiga", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-atari", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-bvme6000", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-hp", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mac", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme147", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme16x", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power3", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power3-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power4", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power4-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-powerpc", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-powerpc-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-q40", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-sun3", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-power3", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-power3-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-power4", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-power4-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-powerpc", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-powerpc-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-2.6.8-s390", reference:"2.6.8-5sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.6.8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-source-2.6.8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-tree-2.6.8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"mol-modules-2.6.8-3-powerpc", reference:"0.9.70+2.6.8+12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"mol-modules-2.6.8-3-powerpc-smp", reference:"0.9.70+2.6.8+12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-386", reference:"1.1-2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-686", reference:"1.1-2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-686-smp", reference:"1.1-2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-k7", reference:"1.1-2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-k7-smp", reference:"1.1-2sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1070.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.19-4 Sun Sparc architecture 26woody1 Little endian MIPS architecture 0.020911.1.woody5 last seen 2020-06-01 modified 2020-06-02 plugin id 22612 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22612 title Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1070. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22612); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2003-0984", "CVE-2004-0138", "CVE-2004-0394", "CVE-2004-0427", "CVE-2004-0447", "CVE-2004-0554", "CVE-2004-0565", "CVE-2004-0685", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-0997", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1074", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1333", "CVE-2004-1335", "CVE-2005-0001", "CVE-2005-0003", "CVE-2005-0124", "CVE-2005-0135", "CVE-2005-0384", "CVE-2005-0489", "CVE-2005-0504"); script_xref(name:"DSA", value:"1070"); script_name(english:"Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.19-4 Sun Sparc architecture 26woody1 Little endian MIPS architecture 0.020911.1.woody5" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0427" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0489" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0394" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0447" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0554" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0565" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0685" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0001" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0883" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0949" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1016" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1333" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0997" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1335" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1017" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0124" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2003-0984" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1070" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1071" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1072" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1073" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1074" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0138" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1068" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1234" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0003" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1235" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0504" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0384" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0135" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1070" ); script_set_attribute( attribute:"solution", value:"Upgrade the kernel package immediately and reboot the machine." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-sparc-2.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.19-mips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.19"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.19", reference:"2.4.19-4.woody3")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-sparc", reference:"22woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.19", reference:"2.4.19-0.020911.1.woody5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.19-sparc", reference:"26woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-sun4u", reference:"22woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-sun4u-smp", reference:"22woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-r4k-ip22", reference:"2.4.19-0.020911.1.woody5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-r5k-ip22", reference:"2.4.19-0.020911.1.woody5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-sun4u", reference:"26woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-sun4u-smp", reference:"26woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.19-mips", reference:"2.4.19-0.020911.1.woody5")) flag++; if (deb_check(release:"3.0", prefix:"kernel-source-2.4.19", reference:"2.4.19-4.woody3")) flag++; if (deb_check(release:"3.0", prefix:"mips-tools", reference:"2.4.19-0.020911.1.woody5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2004-581.NASL description A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split. A number of security fixes are present in this update. CVE-2004-1016: Paul Starzetz discovered a buffer overflow vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 16097 published 2005-01-04 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16097 title Fedora Core 2 : kernel-2.6.9-1.11_FC2 (2004-581) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-581. # include("compat.inc"); if (description) { script_id(16097); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-581"); script_name(english:"Fedora Core 2 : kernel-2.6.9-1.11_FC2 (2004-581)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split. A number of security fixes are present in this update. CVE-2004-1016: Paul Starzetz discovered a buffer overflow vulnerability in the '__scm_send' function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation. CVE-2004-1017: Alan Cox reported two potential buffer overflows with the io_edgeport driver. CVE-2004-1068: A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel. CVE-2004-1137: Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket. CVE-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation. NO-CAN-ASSIGNED : - Fix memory leak in ip_conntrack_ftp (local DoS) - Do not leak IP options. (local DoS) - fix missing security_*() check in net/compat.c - ia64/x86_64/s390 overlapping vma fix - Fix bugs with SOCK_SEQPACKET AF_UNIX sockets - Make sure VC resizing fits in s16. Georgi Guninski reported a buffer overflow with vc_resize(). - Clear ebp on sysenter return. A small information leak was found by Brad Spengler. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-January/000544.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4d453a69" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-sourcecode"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"kernel-2.6.9-1.11_FC2")) flag++; if (rpm_check(release:"FC2", reference:"kernel-debuginfo-2.6.9-1.11_FC2")) flag++; if (rpm_check(release:"FC2", reference:"kernel-doc-2.6.9-1.11_FC2")) flag++; if (rpm_check(release:"FC2", reference:"kernel-smp-2.6.9-1.11_FC2")) flag++; if (rpm_check(release:"FC2", reference:"kernel-sourcecode-2.6.9-1.11_FC2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-doc / kernel-smp / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-689.NASL description Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues : Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the Linux 2.4 kernel on the AMD64 architecture. A local attacker could use this flaw to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1144 to this issue. ISEC security research discovered multiple vulnerabilities in the IGMP functionality which was backported in the Red Hat Enterprise Linux 3 kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1137 to this issue. ISEC security research and Georgi Guninski independently discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue. A floating point information leak was discovered in the ia64 architecture context switch code. A local user could use this flaw to read register values of other processes by setting the MFH bit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0565 to this issue. Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1234 to this issue. These packages also fix issues in the io_edgeport driver, and a memory leak in ip_options_get. Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. last seen 2020-06-01 modified 2020-06-02 plugin id 16054 published 2004-12-27 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16054 title RHEL 3 : kernel (RHSA-2004:689) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:689. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(16054); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0565", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1137", "CVE-2004-1144", "CVE-2004-1234", "CVE-2004-1335"); script_xref(name:"RHSA", value:"2004:689"); script_name(english:"RHEL 3 : kernel (RHSA-2004:689)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues : Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the Linux 2.4 kernel on the AMD64 architecture. A local attacker could use this flaw to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1144 to this issue. ISEC security research discovered multiple vulnerabilities in the IGMP functionality which was backported in the Red Hat Enterprise Linux 3 kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1137 to this issue. ISEC security research and Georgi Guninski independently discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue. A floating point information leak was discovered in the ia64 architecture context switch code. A local user could use this flaw to read register values of other processes by setting the MFH bit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0565 to this issue. Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1234 to this issue. These packages also fix issues in the io_edgeport driver, and a memory leak in ip_options_get. Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0565" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1016" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1017" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1137" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1144" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1234" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1335" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:689" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2004-0565", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1137", "CVE-2004-1144", "CVE-2004-1234", "CVE-2004-1335"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2004:689"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:689"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"kernel-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"kernel-doc-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-unsupported-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-unsupported-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"kernel-source-2.4.21-27.0.1.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"kernel-unsupported-2.4.21-27.0.1.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1069.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.18-14.4 Alpha architecture 2.4.18-15woody1 Intel IA-32 architecture 2.4.18-13.2 HP Precision architecture 62.4 PowerPC architecture 2.4.18-1woody6 PowerPC architecture/XFS 20020329woody1 PowerPC architecture/benh 20020304woody1 Sun Sparc architecture 22woody1 last seen 2020-06-01 modified 2020-06-02 plugin id 22611 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22611 title Debian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1069. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22611); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2003-0984", "CVE-2004-0138", "CVE-2004-0394", "CVE-2004-0427", "CVE-2004-0447", "CVE-2004-0554", "CVE-2004-0565", "CVE-2004-0685", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-0997", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1074", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1333", "CVE-2004-1335", "CVE-2005-0001", "CVE-2005-0003", "CVE-2005-0124", "CVE-2005-0135", "CVE-2005-0384", "CVE-2005-0489", "CVE-2005-0504"); script_xref(name:"DSA", value:"1069"); script_name(english:"Debian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.18-14.4 Alpha architecture 2.4.18-15woody1 Intel IA-32 architecture 2.4.18-13.2 HP Precision architecture 62.4 PowerPC architecture 2.4.18-1woody6 PowerPC architecture/XFS 20020329woody1 PowerPC architecture/benh 20020304woody1 Sun Sparc architecture 22woody1" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0427" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0489" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0394" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0447" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0554" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0565" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0685" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0001" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0883" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0949" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1016" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1333" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0997" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1335" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1017" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0124" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2003-0984" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1070" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1071" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1072" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1073" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1074" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0138" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1068" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1234" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0003" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1235" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0504" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0384" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0135" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1069" ); script_set_attribute( attribute:"solution", value:"Upgrade the kernel package immediately and reboot the machine." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.18-1-alpha"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.18-1-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.18-hppa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.18-powerpc-xfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.18-powerpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-benh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.18"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.18", reference:"2.4.18-14.4")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18", reference:"2.4.18-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-386", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-586tsc", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-686", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-686-smp", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-generic", reference:"2.4.18-15woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-k6", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-k7", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-smp", reference:"2.4.18-15woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-386", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-586tsc", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-686", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-686-smp", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-generic", reference:"2.4.18-15woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-k6", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-k7", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-smp", reference:"2.4.18-15woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-newpmac", reference:"2.4.18-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc", reference:"2.4.18-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc-smp", reference:"2.4.18-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc-xfs", reference:"20020329woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.18-powerpc", reference:"2.4.18-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"kernel-patch-benh", reference:"20020304woody1")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-386", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-586tsc", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-686", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-686-smp", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-k6", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-k7", reference:"2.4.18-13.2")) flag++; if (deb_check(release:"3.0", prefix:"kernel-source-2.4.18", reference:"2.4.18-14.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-016.NASL description Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 2.1 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for the following security issues : iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1235 to this issue. iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0001 to this issue. iSEC Security Research and Georgi Guninski independently discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue. Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1234 to this issue. These packages also fix issues in the io_edgeport driver (CVE-2004-1017), a memory leak in ip_options_get (CVE-2004-1335), and missing VM_IO flags in some drivers (CVE-2004-1057). A recent Internet Draft by Fernando Gont recommended that ICMP Source Quench messages be ignored by hosts. A patch to ignore these messages is included. All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. last seen 2020-06-01 modified 2020-06-02 plugin id 16244 published 2005-01-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16244 title RHEL 2.1 : kernel (RHSA-2005:016) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:016. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(16244); script_version ("1.30"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0791", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1057", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1335", "CVE-2005-0001"); script_xref(name:"RHSA", value:"2005:016"); script_name(english:"RHEL 2.1 : kernel (RHSA-2005:016)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 2.1 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for the following security issues : iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1235 to this issue. iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0001 to this issue. iSEC Security Research and Georgi Guninski independently discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue. Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1234 to this issue. These packages also fix issues in the io_edgeport driver (CVE-2004-1017), a memory leak in ip_options_get (CVE-2004-1335), and missing VM_IO flags in some drivers (CVE-2004-1057). A recent Internet Draft by Fernando Gont recommended that ICMP Source Quench messages be ignored by hosts. A patch to ignore these messages is included. All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0791" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1016" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1017" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1057" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1234" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1235" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1335" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0001" ); # http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt script_set_attribute( attribute:"see_also", value:"https://isec.pl/en/vulnerabilities/isec-0022-pagefault.txt" ); # http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt script_set_attribute( attribute:"see_also", value:"https://isec.pl/en/vulnerabilities/isec-0021-uselib.txt" ); # http://www.isec.pl/vulnerabilities/isec-0019-scm.txt script_set_attribute( attribute:"see_also", value:"https://isec.pl/en/vulnerabilities/isec-0019-scm.txt" ); # http://marc.theaimsgroup.com/?m=109503896031720 script_set_attribute( attribute:"see_also", value:"https://marc.info/?m=109503896031720" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:016" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-enterprise"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-summit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/15"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2004-0791", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1057", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1335", "CVE-2005-0001"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2005:016"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:016"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-2.4.9-e.59")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-BOOT-2.4.9-e.59")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-debug-2.4.9-e.59")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-doc-2.4.9-e.59")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-enterprise-2.4.9-e.59")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-headers-2.4.9-e.59")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-smp-2.4.9-e.59")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-source-2.4.9-e.59")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-summit-2.4.9-e.59")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-debug / kernel-doc / etc"); } }
Oval
| accepted | 2013-04-29T04:22:11.550-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:9786 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors. | ||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/19374
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1017
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.redhat.com/support/errata/RHSA-2004-689.html
- http://www.redhat.com/support/errata/RHSA-2005-016.html
- http://www.redhat.com/support/errata/RHSA-2005-017.html
- http://www.securityfocus.com/bid/12102
- https://bugzilla.fedora.us/show_bug.cgi?id=2336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18433
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9786