Vulnerabilities > CVE-2004-1234 - Unspecified vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus
NVD
Published: 2004-12-31
Updated: 2024-11-20

Summary

load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.

Vulnerable Configurations

Part Description Count
OS
Linux
370

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1067.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.16-1woody2 arm/lart 20040419woody1 arm/netwinder 20040419woody1 arm/riscpc 20040419woody1
    last seen2020-06-01
    modified2020-06-02
    plugin id22609
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22609
    titleDebian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1067. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(22609);
  script_version("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:19");

  script_cve_id("CVE-2003-0984", "CVE-2004-0138", "CVE-2004-0394", "CVE-2004-0427", "CVE-2004-0447", "CVE-2004-0554", "CVE-2004-0565", "CVE-2004-0685", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-0997", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1074", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1333", "CVE-2004-1335", "CVE-2005-0001", "CVE-2005-0003", "CVE-2005-0124", "CVE-2005-0135", "CVE-2005-0384", "CVE-2005-0489", "CVE-2005-0504");
  script_xref(name:"DSA", value:"1067");

  script_name(english:"Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2004-0427
    A local denial of service vulnerability in do_fork() has
    been found.

  - CVE-2005-0489
    A local denial of service vulnerability in proc memory
    handling has been found.

  - CVE-2004-0394
    A buffer overflow in the panic handling code has been
    found.

  - CVE-2004-0447
    A local denial of service vulnerability through a NULL
    pointer dereference in the IA64 process handling code
    has been found.

  - CVE-2004-0554
    A local denial of service vulnerability through an
    infinite loop in the signal handler code has been found.

  - CVE-2004-0565
    An information leak in the context switch code has been
    found on the IA64 architecture.

  - CVE-2004-0685
    Unsafe use of copy_to_user in USB drivers may disclose
    sensitive information.

  - CVE-2005-0001
    A race condition in the i386 page fault handler may
    allow privilege escalation.

  - CVE-2004-0883
    Multiple vulnerabilities in the SMB filesystem code may
    allow denial of service or information disclosure.

  - CVE-2004-0949
    An information leak discovered in the SMB filesystem
    code.

  - CVE-2004-1016
    A local denial of service vulnerability has been found
    in the SCM layer.

  - CVE-2004-1333
    An integer overflow in the terminal code may allow a
    local denial of service vulnerability.

  - CVE-2004-0997
    A local privilege escalation in the MIPS assembly code
    has been found.

  - CVE-2004-1335
    A memory leak in the ip_options_get() function may lead
    to denial of service.

  - CVE-2004-1017
    Multiple overflows exist in the io_edgeport driver which
    might be usable as a denial of service attack vector.

  - CVE-2005-0124
    Bryan Fulton reported a bounds checking bug in the
    coda_pioctl function which may allow local users to
    execute arbitrary code or trigger a denial of service
    attack.

  - CVE-2003-0984
    Inproper initialization of the RTC may disclose
    information.

  - CVE-2004-1070
    Insufficient input sanitising in the load_elf_binary()
    function may lead to privilege escalation.

  - CVE-2004-1071
    Incorrect error handling in the binfmt_elf loader may
    lead to privilege escalation.

  - CVE-2004-1072
    A buffer overflow in the binfmt_elf loader may lead to
    privilege escalation or denial of service.

  - CVE-2004-1073
    The open_exec function may disclose information.

  - CVE-2004-1074
    The binfmt code is vulnerable to denial of service
    through malformed a.out binaries.

  - CVE-2004-0138
    A denial of service vulnerability in the ELF loader has
    been found.

  - CVE-2004-1068
    A programming error in the unix_dgram_recvmsg() function
    may lead to privilege escalation.

  - CVE-2004-1234
    The ELF loader is vulnerable to denial of service
    through malformed binaries.

  - CVE-2005-0003
    Crafted ELF binaries may lead to privilege escalation,
    due to insufficient checking of overlapping memory
    regions.

  - CVE-2004-1235
    A race condition in the load_elf_library() and
    binfmt_aout() functions may allow privilege escalation.

  - CVE-2005-0504
    An integer overflow in the Moxa driver may lead to
    privilege escalation.

  - CVE-2005-0384
    A remote denial of service vulnerability has been found
    in the PPP driver.

  - CVE-2005-0135
    An IA64 specific local denial of service vulnerability
    has been found in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which
architecture fixes the problems mentioned above :

                               Debian 3.0 (woody)           
  Source                       2.4.16-1woody2               
  arm/lart                     20040419woody1               
  arm/netwinder                20040419woody1               
  arm/riscpc                   20040419woody1"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0489"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0394"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0447"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0554"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0685"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0883"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1333"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0997"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0124"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2003-0984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1070"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1071"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1072"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1068"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0003"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0504"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0384"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0135"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1067"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the kernel package immediately and reboot the machine."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.16-lart");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.16-netwinder");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.16-riscpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.16");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.16", reference:"2.4.16-1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.16", reference:"20040419woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.16-lart", reference:"20040419woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.16-netwinder", reference:"20040419woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.16-riscpc", reference:"20040419woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-source-2.4.16", reference:"2.4.16-1woody3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1082.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.1 (sarge) Source 2.4.17-1woody4 HP Precision architecture 32.5 Intel IA-64 architecture 011226.18 IBM S/390 architecture/image 2.4.17-2.woody.5 IBM S/390 architecture/patch 0.0.20020816-0.woody.4 PowerPC architecture (apus) 2.4.17-6 MIPS architecture 2.4.17-0.020226.2.woody7
    last seen2020-06-01
    modified2020-06-02
    plugin id22624
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22624
    titleDebian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1082. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(22624);
  script_version("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:19");

  script_cve_id("CVE-2003-0984", "CVE-2004-0138", "CVE-2004-0394", "CVE-2004-0427", "CVE-2004-0447", "CVE-2004-0554", "CVE-2004-0565", "CVE-2004-0685", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-0997", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1074", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1333", "CVE-2004-1335", "CVE-2005-0001", "CVE-2005-0003", "CVE-2005-0124", "CVE-2005-0135", "CVE-2005-0384", "CVE-2005-0489", "CVE-2005-0504");
  script_xref(name:"DSA", value:"1082");

  script_name(english:"Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2004-0427
    A local denial of service vulnerability in do_fork() has
    been found.

  - CVE-2005-0489
    A local denial of service vulnerability in proc memory
    handling has been found.

  - CVE-2004-0394
    A buffer overflow in the panic handling code has been
    found.

  - CVE-2004-0447
    A local denial of service vulnerability through a NULL
    pointer dereference in the IA64 process handling code
    has been found.

  - CVE-2004-0554
    A local denial of service vulnerability through an
    infinite loop in the signal handler code has been found.

  - CVE-2004-0565
    An information leak in the context switch code has been
    found on the IA64 architecture.

  - CVE-2004-0685
    Unsafe use of copy_to_user in USB drivers may disclose
    sensitive information.

  - CVE-2005-0001
    A race condition in the i386 page fault handler may
    allow privilege escalation.

  - CVE-2004-0883
    Multiple vulnerabilities in the SMB filesystem code may
    allow denial of service or information disclosure.

  - CVE-2004-0949
    An information leak discovered in the SMB filesystem
    code.

  - CVE-2004-1016
    A local denial of service vulnerability has been found
    in the SCM layer.

  - CVE-2004-1333
    An integer overflow in the terminal code may allow a
    local denial of service vulnerability.

  - CVE-2004-0997
    A local privilege escalation in the MIPS assembly code
    has been found.

  - CVE-2004-1335
    A memory leak in the ip_options_get() function may lead
    to denial of service.

  - CVE-2004-1017
    Multiple overflows exist in the io_edgeport driver which
    might be usable as a denial of service attack vector.

  - CVE-2005-0124
    Bryan Fulton reported a bounds checking bug in the
    coda_pioctl function which may allow local users to
    execute arbitrary code or trigger a denial of service
    attack.

  - CVE-2003-0984
    Inproper initialization of the RTC may disclose
    information.

  - CVE-2004-1070
    Insufficient input sanitising in the load_elf_binary()
    function may lead to privilege escalation.

  - CVE-2004-1071
    Incorrect error handling in the binfmt_elf loader may
    lead to privilege escalation.

  - CVE-2004-1072
    A buffer overflow in the binfmt_elf loader may lead to
    privilege escalation or denial of service.

  - CVE-2004-1073
    The open_exec function may disclose information.

  - CVE-2004-1074
    The binfmt code is vulnerable to denial of service
    through malformed a.out binaries.

  - CVE-2004-0138
    A denial of service vulnerability in the ELF loader has
    been found.

  - CVE-2004-1068
    A programming error in the unix_dgram_recvmsg() function
    may lead to privilege escalation.

  - CVE-2004-1234
    The ELF loader is vulnerable to denial of service
    through malformed binaries.

  - CVE-2005-0003
    Crafted ELF binaries may lead to privilege escalation,
    due to insufficient checking of overlapping memory
    regions.

  - CVE-2004-1235
    A race condition in the load_elf_library() and
    binfmt_aout() functions may allow privilege escalation.

  - CVE-2005-0504
    An integer overflow in the Moxa driver may lead to
    privilege escalation.

  - CVE-2005-0384
    A remote denial of service vulnerability has been found
    in the PPP driver.

  - CVE-2005-0135
    An IA64 specific local denial of service vulnerability
    has been found in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which
architecture fixes the problems mentioned above :

                                Debian 3.1 (sarge)            
  Source                        2.4.17-1woody4                
  HP Precision architecture     32.5                          
  Intel IA-64 architecture      011226.18                     
  IBM S/390 architecture/image  2.4.17-2.woody.5              
  IBM S/390 architecture/patch  0.0.20020816-0.woody.4        
  PowerPC architecture (apus)   2.4.17-6                      
  MIPS architecture             2.4.17-0.020226.2.woody7"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0489"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0394"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0447"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0554"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0685"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0883"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1333"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0997"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0124"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2003-0984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1070"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1071"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1072"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1068"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0003"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0504"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0384"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0135"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1082"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the kernel package immediately and reboot the machine."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.17-hppa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.17-ia64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.17-s390");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.17-apus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.17-mips");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.17-s390");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.17");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.17", reference:"2.4.17-1woody4")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17", reference:"2.4.17-2.woody.5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17-apus", reference:"2.4.17-6")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17-hppa", reference:"32.5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.17-ia64", reference:"011226.18")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-32", reference:"32.5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-32-smp", reference:"32.5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-64", reference:"32.5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-64-smp", reference:"32.5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-apus", reference:"2.4.17-6")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-itanium", reference:"011226.18")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-itanium-smp", reference:"011226.18")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-mckinley", reference:"011226.18")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-mckinley-smp", reference:"011226.18")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-r3k-kn02", reference:"2.4.17-0.020226.2.woody7")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-r4k-ip22", reference:"2.4.17-0.020226.2.woody7")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-r4k-kn04", reference:"2.4.17-0.020226.2.woody7")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-r5k-ip22", reference:"2.4.17-0.020226.2.woody7")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.17-s390", reference:"2.4.17-2.woody.5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-apus", reference:"2.4.17-6")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-apus", reference:"2.4.17-6")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-mips", reference:"2.4.17-0.020226.2.woody7")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.17-s390", reference:"0.0.20020816-0.woody.4")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-source-2.4.17", reference:"2.4.17-1woody4")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-source-2.4.17-hppa", reference:"32.5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-source-2.4.17-ia64", reference:"011226.18")) flag++;
if (deb_check(release:"3.0", prefix:"mips-tools", reference:"2.4.17-0.020226.2.woody7")) flag++;
if (deb_check(release:"3.0", prefix:"mkcramfs", reference:"2.4.17-1woody3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1070.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.19-4 Sun Sparc architecture 26woody1 Little endian MIPS architecture 0.020911.1.woody5
    last seen2020-06-01
    modified2020-06-02
    plugin id22612
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22612
    titleDebian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1070. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(22612);
  script_version("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:19");

  script_cve_id("CVE-2003-0984", "CVE-2004-0138", "CVE-2004-0394", "CVE-2004-0427", "CVE-2004-0447", "CVE-2004-0554", "CVE-2004-0565", "CVE-2004-0685", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-0997", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1074", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1333", "CVE-2004-1335", "CVE-2005-0001", "CVE-2005-0003", "CVE-2005-0124", "CVE-2005-0135", "CVE-2005-0384", "CVE-2005-0489", "CVE-2005-0504");
  script_xref(name:"DSA", value:"1070");

  script_name(english:"Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2004-0427
    A local denial of service vulnerability in do_fork() has
    been found.

  - CVE-2005-0489
    A local denial of service vulnerability in proc memory
    handling has been found.

  - CVE-2004-0394
    A buffer overflow in the panic handling code has been
    found.

  - CVE-2004-0447
    A local denial of service vulnerability through a NULL
    pointer dereference in the IA64 process handling code
    has been found.

  - CVE-2004-0554
    A local denial of service vulnerability through an
    infinite loop in the signal handler code has been found.

  - CVE-2004-0565
    An information leak in the context switch code has been
    found on the IA64 architecture.

  - CVE-2004-0685
    Unsafe use of copy_to_user in USB drivers may disclose
    sensitive information.

  - CVE-2005-0001
    A race condition in the i386 page fault handler may
    allow privilege escalation.

  - CVE-2004-0883
    Multiple vulnerabilities in the SMB filesystem code may
    allow denial of service or information disclosure.

  - CVE-2004-0949
    An information leak discovered in the SMB filesystem
    code.

  - CVE-2004-1016
    A local denial of service vulnerability has been found
    in the SCM layer.

  - CVE-2004-1333
    An integer overflow in the terminal code may allow a
    local denial of service vulnerability.

  - CVE-2004-0997
    A local privilege escalation in the MIPS assembly code
    has been found.

  - CVE-2004-1335
    A memory leak in the ip_options_get() function may lead
    to denial of service.

  - CVE-2004-1017
    Multiple overflows exist in the io_edgeport driver which
    might be usable as a denial of service attack vector.

  - CVE-2005-0124
    Bryan Fulton reported a bounds checking bug in the
    coda_pioctl function which may allow local users to
    execute arbitrary code or trigger a denial of service
    attack.

  - CVE-2003-0984
    Inproper initialization of the RTC may disclose
    information.

  - CVE-2004-1070
    Insufficient input sanitising in the load_elf_binary()
    function may lead to privilege escalation.

  - CVE-2004-1071
    Incorrect error handling in the binfmt_elf loader may
    lead to privilege escalation.

  - CVE-2004-1072
    A buffer overflow in the binfmt_elf loader may lead to
    privilege escalation or denial of service.

  - CVE-2004-1073
    The open_exec function may disclose information.

  - CVE-2004-1074
    The binfmt code is vulnerable to denial of service
    through malformed a.out binaries.

  - CVE-2004-0138
    A denial of service vulnerability in the ELF loader has
    been found.

  - CVE-2004-1068
    A programming error in the unix_dgram_recvmsg() function
    may lead to privilege escalation.

  - CVE-2004-1234
    The ELF loader is vulnerable to denial of service
    through malformed binaries.

  - CVE-2005-0003
    Crafted ELF binaries may lead to privilege escalation,
    due to insufficient checking of overlapping memory
    regions.

  - CVE-2004-1235
    A race condition in the load_elf_library() and
    binfmt_aout() functions may allow privilege escalation.

  - CVE-2005-0504
    An integer overflow in the Moxa driver may lead to
    privilege escalation.

  - CVE-2005-0384
    A remote denial of service vulnerability has been found
    in the PPP driver.

  - CVE-2005-0135
    An IA64 specific local denial of service vulnerability
    has been found in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which
architecture fixes the problems mentioned above :

                                   Debian 3.0 (woody)               
  Source                           2.4.19-4                         
  Sun Sparc architecture           26woody1                         
  Little endian MIPS architecture  0.020911.1.woody5"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0489"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0394"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0447"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0554"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0685"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0883"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1333"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0997"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0124"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2003-0984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1070"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1071"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1072"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1068"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0003"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0504"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0384"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0135"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1070"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the kernel package immediately and reboot the machine."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-sparc-2.4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.19-mips");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.19");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.19", reference:"2.4.19-4.woody3")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-sparc", reference:"22woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.19", reference:"2.4.19-0.020911.1.woody5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.19-sparc", reference:"26woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-sun4u", reference:"22woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-sun4u-smp", reference:"22woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-r4k-ip22", reference:"2.4.19-0.020911.1.woody5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-r5k-ip22", reference:"2.4.19-0.020911.1.woody5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-sun4u", reference:"26woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-sun4u-smp", reference:"26woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.19-mips", reference:"2.4.19-0.020911.1.woody5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-source-2.4.19", reference:"2.4.19-4.woody3")) flag++;
if (deb_check(release:"3.0", prefix:"mips-tools", reference:"2.4.19-0.020911.1.woody5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-689.NASL
    descriptionUpdated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues : Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the Linux 2.4 kernel on the AMD64 architecture. A local attacker could use this flaw to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1144 to this issue. ISEC security research discovered multiple vulnerabilities in the IGMP functionality which was backported in the Red Hat Enterprise Linux 3 kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1137 to this issue. ISEC security research and Georgi Guninski independently discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue. A floating point information leak was discovered in the ia64 architecture context switch code. A local user could use this flaw to read register values of other processes by setting the MFH bit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0565 to this issue. Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1234 to this issue. These packages also fix issues in the io_edgeport driver, and a memory leak in ip_options_get. Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id16054
    published2004-12-27
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16054
    titleRHEL 3 : kernel (RHSA-2004:689)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2004:689. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(16054);
  script_version ("1.29");
  script_cvs_date("Date: 2019/10/25 13:36:10");

  script_cve_id("CVE-2004-0565", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1137", "CVE-2004-1144", "CVE-2004-1234", "CVE-2004-1335");
  script_xref(name:"RHSA", value:"2004:689");

  script_name(english:"RHEL 3 : kernel (RHSA-2004:689)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for several security issues :

Petr Vandrovec discovered a flaw in the 32bit emulation code affecting
the Linux 2.4 kernel on the AMD64 architecture. A local attacker could
use this flaw to gain privileges. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-1144
to this issue.

ISEC security research discovered multiple vulnerabilities in the IGMP
functionality which was backported in the Red Hat Enterprise Linux 3
kernels. These flaws could allow a local user to cause a denial of
service (crash) or potentially gain privileges. Where multicast
applications are being used on a system, these flaws may also allow
remote users to cause a denial of service. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-1137 to this issue.

ISEC security research and Georgi Guninski independently discovered a
flaw in the scm_send function in the auxiliary message layer. A local
user could create a carefully crafted auxiliary message which could
cause a denial of service (system hang). The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-1016 to this issue.

A floating point information leak was discovered in the ia64
architecture context switch code. A local user could use this flaw to
read register values of other processes by setting the MFH bit. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0565 to this issue.

Kirill Korotaev found a flaw in load_elf_binary affecting kernels
prior to 2.4.26. A local user could create a carefully crafted binary
in such a way that it would cause a denial of service (system crash).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-1234 to this issue.

These packages also fix issues in the io_edgeport driver, and a memory
leak in ip_options_get.

Note: The kernel-unsupported package contains various drivers and
modules that are unsupported and therefore might contain security
problems that have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1137"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1144"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2004:689"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/12/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2004-0565", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1137", "CVE-2004-1144", "CVE-2004-1234", "CVE-2004-1335");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2004:689");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2004:689";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL3", reference:"kernel-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-doc-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-unsupported-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-unsupported-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-source-2.4.21-27.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-unsupported-2.4.21-27.0.1.EL")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc");
  }
}
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1069.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. - CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. - CVE-2004-0394 A buffer overflow in the panic handling code has been found. - CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found. - CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. - CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. - CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. - CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. - CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure. - CVE-2004-0949 An information leak discovered in the SMB filesystem code. - CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. - CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. - CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. - CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2003-0984 Inproper initialization of the RTC may disclose information. - CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. - CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. - CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. - CVE-2004-1073 The open_exec function may disclose information. - CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. - CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. - CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. - CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. - CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. - CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. - CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. - CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. - CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fixes the problems mentioned above : Debian 3.0 (woody) Source 2.4.18-14.4 Alpha architecture 2.4.18-15woody1 Intel IA-32 architecture 2.4.18-13.2 HP Precision architecture 62.4 PowerPC architecture 2.4.18-1woody6 PowerPC architecture/XFS 20020329woody1 PowerPC architecture/benh 20020304woody1 Sun Sparc architecture 22woody1
    last seen2020-06-01
    modified2020-06-02
    plugin id22611
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22611
    titleDebian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1069. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(22611);
  script_version("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:19");

  script_cve_id("CVE-2003-0984", "CVE-2004-0138", "CVE-2004-0394", "CVE-2004-0427", "CVE-2004-0447", "CVE-2004-0554", "CVE-2004-0565", "CVE-2004-0685", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-0997", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1074", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1333", "CVE-2004-1335", "CVE-2005-0001", "CVE-2005-0003", "CVE-2005-0124", "CVE-2005-0135", "CVE-2005-0384", "CVE-2005-0489", "CVE-2005-0504");
  script_xref(name:"DSA", value:"1069");

  script_name(english:"Debian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2004-0427
    A local denial of service vulnerability in do_fork() has
    been found.

  - CVE-2005-0489
    A local denial of service vulnerability in proc memory
    handling has been found.

  - CVE-2004-0394
    A buffer overflow in the panic handling code has been
    found.

  - CVE-2004-0447
    A local denial of service vulnerability through a NULL
    pointer dereference in the IA64 process handling code
    has been found.

  - CVE-2004-0554
    A local denial of service vulnerability through an
    infinite loop in the signal handler code has been found.

  - CVE-2004-0565
    An information leak in the context switch code has been
    found on the IA64 architecture.

  - CVE-2004-0685
    Unsafe use of copy_to_user in USB drivers may disclose
    sensitive information.

  - CVE-2005-0001
    A race condition in the i386 page fault handler may
    allow privilege escalation.

  - CVE-2004-0883
    Multiple vulnerabilities in the SMB filesystem code may
    allow denial of service or information disclosure.

  - CVE-2004-0949
    An information leak discovered in the SMB filesystem
    code.

  - CVE-2004-1016
    A local denial of service vulnerability has been found
    in the SCM layer.

  - CVE-2004-1333
    An integer overflow in the terminal code may allow a
    local denial of service vulnerability.

  - CVE-2004-0997
    A local privilege escalation in the MIPS assembly code
    has been found.

  - CVE-2004-1335
    A memory leak in the ip_options_get() function may lead
    to denial of service.

  - CVE-2004-1017
    Multiple overflows exist in the io_edgeport driver which
    might be usable as a denial of service attack vector.

  - CVE-2005-0124
    Bryan Fulton reported a bounds checking bug in the
    coda_pioctl function which may allow local users to
    execute arbitrary code or trigger a denial of service
    attack.

  - CVE-2003-0984
    Inproper initialization of the RTC may disclose
    information.

  - CVE-2004-1070
    Insufficient input sanitising in the load_elf_binary()
    function may lead to privilege escalation.

  - CVE-2004-1071
    Incorrect error handling in the binfmt_elf loader may
    lead to privilege escalation.

  - CVE-2004-1072
    A buffer overflow in the binfmt_elf loader may lead to
    privilege escalation or denial of service.

  - CVE-2004-1073
    The open_exec function may disclose information.

  - CVE-2004-1074
    The binfmt code is vulnerable to denial of service
    through malformed a.out binaries.

  - CVE-2004-0138
    A denial of service vulnerability in the ELF loader has
    been found.

  - CVE-2004-1068
    A programming error in the unix_dgram_recvmsg() function
    may lead to privilege escalation.

  - CVE-2004-1234
    The ELF loader is vulnerable to denial of service
    through malformed binaries.

  - CVE-2005-0003
    Crafted ELF binaries may lead to privilege escalation,
    due to insufficient checking of overlapping memory
    regions.

  - CVE-2004-1235
    A race condition in the load_elf_library() and
    binfmt_aout() functions may allow privilege escalation.

  - CVE-2005-0504
    An integer overflow in the Moxa driver may lead to
    privilege escalation.

  - CVE-2005-0384
    A remote denial of service vulnerability has been found
    in the PPP driver.

  - CVE-2005-0135
    An IA64 specific local denial of service vulnerability
    has been found in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which
architecture fixes the problems mentioned above :

                                   Debian 3.0 (woody)               
  Source                           2.4.18-14.4                      
  Alpha architecture               2.4.18-15woody1                  
  Intel IA-32 architecture         2.4.18-13.2                      
  HP Precision architecture        62.4                             
  PowerPC architecture             2.4.18-1woody6                   
  PowerPC architecture/XFS         20020329woody1                   
  PowerPC architecture/benh        20020304woody1                   
  Sun Sparc architecture           22woody1"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0489"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0394"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0447"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0554"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0685"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0883"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1333"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0997"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0124"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2003-0984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1070"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1071"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1072"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1068"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0003"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0504"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0384"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0135"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1069"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the kernel package immediately and reboot the machine."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.18-1-alpha");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.18-1-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.18-hppa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.4.18-powerpc-xfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.18-powerpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-benh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.18");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.18", reference:"2.4.18-14.4")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18", reference:"2.4.18-1woody6")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-386", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-586tsc", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-686", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-686-smp", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-generic", reference:"2.4.18-15woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-k6", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-k7", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-1-smp", reference:"2.4.18-15woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-386", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-586tsc", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-686", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-686-smp", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-generic", reference:"2.4.18-15woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-k6", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-k7", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-1-smp", reference:"2.4.18-15woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-newpmac", reference:"2.4.18-1woody6")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc", reference:"2.4.18-1woody6")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc-smp", reference:"2.4.18-1woody6")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-powerpc-xfs", reference:"20020329woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.18-powerpc", reference:"2.4.18-1woody6")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-patch-benh", reference:"20020304woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-386", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-586tsc", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-686", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-686-smp", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-k6", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-pcmcia-modules-2.4.18-1-k7", reference:"2.4.18-13.2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-source-2.4.18", reference:"2.4.18-14.4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-016.NASL
    descriptionUpdated kernel packages that fix several security issues in Red Hat Enterprise Linux 2.1 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for the following security issues : iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1235 to this issue. iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0001 to this issue. iSEC Security Research and Georgi Guninski independently discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue. Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1234 to this issue. These packages also fix issues in the io_edgeport driver (CVE-2004-1017), a memory leak in ip_options_get (CVE-2004-1335), and missing VM_IO flags in some drivers (CVE-2004-1057). A recent Internet Draft by Fernando Gont recommended that ICMP Source Quench messages be ignored by hosts. A patch to ignore these messages is included. All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id16244
    published2005-01-25
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16244
    titleRHEL 2.1 : kernel (RHSA-2005:016)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:016. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(16244);
  script_version ("1.30");
  script_cvs_date("Date: 2019/10/25 13:36:10");

  script_cve_id("CVE-2004-0791", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1057", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1335", "CVE-2005-0001");
  script_xref(name:"RHSA", value:"2005:016");

  script_name(english:"RHEL 2.1 : kernel (RHSA-2005:016)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 2.1 are now available.

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for the following security issues :

iSEC Security Research discovered a VMA handling flaw in the uselib(2)
system call of the Linux kernel. A local user could make use of this
flaw to gain elevated (root) privileges. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-1235 to this issue.

iSEC Security Research discovered a flaw in the page fault handler
code that could lead to local users gaining elevated (root) privileges
on multiprocessor machines. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2005-0001 to this
issue.

iSEC Security Research and Georgi Guninski independently discovered a
flaw in the scm_send function in the auxiliary message layer. A local
user could create a carefully crafted auxiliary message which could
cause a denial of service (system hang). The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-1016 to this issue.

Kirill Korotaev found a flaw in load_elf_binary affecting kernels
prior to 2.4.26. A local user could create a carefully crafted binary
in such a way that it would cause a denial of service (system crash).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-1234 to this issue.

These packages also fix issues in the io_edgeport driver
(CVE-2004-1017), a memory leak in ip_options_get (CVE-2004-1335), and
missing VM_IO flags in some drivers (CVE-2004-1057).

A recent Internet Draft by Fernando Gont recommended that ICMP Source
Quench messages be ignored by hosts. A patch to ignore these messages
is included.

All Red Hat Enterprise Linux 2.1 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0791"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1057"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0001"
  );
  # http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
  script_set_attribute(
    attribute:"see_also",
    value:"https://isec.pl/en/vulnerabilities/isec-0022-pagefault.txt"
  );
  # http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt
  script_set_attribute(
    attribute:"see_also",
    value:"https://isec.pl/en/vulnerabilities/isec-0021-uselib.txt"
  );
  # http://www.isec.pl/vulnerabilities/isec-0019-scm.txt
  script_set_attribute(
    attribute:"see_also",
    value:"https://isec.pl/en/vulnerabilities/isec-0019-scm.txt"
  );
  # http://marc.theaimsgroup.com/?m=109503896031720
  script_set_attribute(
    attribute:"see_also",
    value:"https://marc.info/?m=109503896031720"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:016"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-enterprise");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-summit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/25");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2004-0791", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1057", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1335", "CVE-2005-0001");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2005:016");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:016";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-2.4.9-e.59")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-BOOT-2.4.9-e.59")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-debug-2.4.9-e.59")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-doc-2.4.9-e.59")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-enterprise-2.4.9-e.59")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-headers-2.4.9-e.59")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-smp-2.4.9-e.59")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-source-2.4.9-e.59")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-summit-2.4.9-e.59")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-debug / kernel-doc / etc");
  }
}

Oval

accepted2013-04-29T04:07:04.176-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionload_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
familyunix
idoval:org.mitre.oval:def:10608
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleload_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
version26

Redhat

advisories
  • rhsa
    idRHSA-2004:689
  • rhsa
    idRHSA-2005:016
  • rhsa
    idRHSA-2005:017
rpms
  • kernel-0:2.4.21-27.0.1.EL
  • kernel-BOOT-0:2.4.21-27.0.1.EL
  • kernel-debuginfo-0:2.4.21-27.0.1.EL
  • kernel-doc-0:2.4.21-27.0.1.EL
  • kernel-hugemem-0:2.4.21-27.0.1.EL
  • kernel-hugemem-unsupported-0:2.4.21-27.0.1.EL
  • kernel-smp-0:2.4.21-27.0.1.EL
  • kernel-smp-unsupported-0:2.4.21-27.0.1.EL
  • kernel-source-0:2.4.21-27.0.1.EL
  • kernel-unsupported-0:2.4.21-27.0.1.EL

References