Vulnerabilities > CVE-2004-2660 - Unspecified vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus

Summary

Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0617.NASL
    descriptionUpdated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the proc file system that allowed a local user to use a suid-wrapper for scripts to gain root privileges (CVE-2006-3626, Important) * a flaw in the SCTP implementation that allowed a local user to cause a denial of service (panic) or to possibly gain root privileges (CVE-2006-3745, Important) * a flaw in NFS exported ext2/ext3 partitions when handling invalid inodes that allowed a remote authenticated user to cause a denial of service (filesystem panic) (CVE-2006-3468, Important) * a flaw in the restore_all code path of the 4/4GB split support of non-hugemem kernels that allowed a local user to cause a denial of service (panic) (CVE-2006-2932, Important) * a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT processing that allowed a remote user to cause a denial of service (crash) or potential memory corruption (CVE-2006-2444, Moderate) * a flaw in the DVD handling of the CDROM driver that could be used together with a custom built USB device to gain root privileges (CVE-2006-2935, Moderate) * a flaw in the handling of O_DIRECT writes that allowed a local user to cause a denial of service (memory consumption) (CVE-2004-2660, Low) * a flaw in the SCTP chunk length handling that allowed a remote user to cause a denial of service (crash) (CVE-2006-1858, Low) * a flaw in the input handling of the ftdi_sio driver that allowed a local user to cause a denial of service (memory consumption) (CVE-2006-2936, Low) In addition a bugfix was added to enable a clean reboot for the IBM Pizzaro machines. Red Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill Korotaev for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id22264
    published2006-08-23
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22264
    titleRHEL 4 : kernel (RHSA-2006:0617)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0617. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22264);
      script_version ("1.28");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2004-2660", "CVE-2006-1858", "CVE-2006-2444", "CVE-2006-2932", "CVE-2006-2935", "CVE-2006-2936", "CVE-2006-3468", "CVE-2006-3626", "CVE-2006-3745");
      script_xref(name:"RHSA", value:"2006:0617");
    
      script_name(english:"RHEL 4 : kernel (RHSA-2006:0617)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix several security issues in the Red
    Hat Enterprise Linux 4 kernel are now available.
    
    This security advisory has been rated as having important security
    impact by the Red Hat Security Response Team.
    
    The Linux kernel handles the basic functions of the operating system.
    
    These new kernel packages contain fixes for the security issues
    described below :
    
    * a flaw in the proc file system that allowed a local user to use a
    suid-wrapper for scripts to gain root privileges (CVE-2006-3626,
    Important)
    
    * a flaw in the SCTP implementation that allowed a local user to cause
    a denial of service (panic) or to possibly gain root privileges
    (CVE-2006-3745, Important)
    
    * a flaw in NFS exported ext2/ext3 partitions when handling invalid
    inodes that allowed a remote authenticated user to cause a denial of
    service (filesystem panic) (CVE-2006-3468, Important)
    
    * a flaw in the restore_all code path of the 4/4GB split support of
    non-hugemem kernels that allowed a local user to cause a denial of
    service (panic) (CVE-2006-2932, Important)
    
    * a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT
    processing that allowed a remote user to cause a denial of service
    (crash) or potential memory corruption (CVE-2006-2444, Moderate)
    
    * a flaw in the DVD handling of the CDROM driver that could be used
    together with a custom built USB device to gain root privileges
    (CVE-2006-2935, Moderate)
    
    * a flaw in the handling of O_DIRECT writes that allowed a local user
    to cause a denial of service (memory consumption) (CVE-2004-2660, Low)
    
    * a flaw in the SCTP chunk length handling that allowed a remote user
    to cause a denial of service (crash) (CVE-2006-1858, Low)
    
    * a flaw in the input handling of the ftdi_sio driver that allowed a
    local user to cause a denial of service (memory consumption)
    (CVE-2006-2936, Low)
    
    In addition a bugfix was added to enable a clean reboot for the IBM
    Pizzaro machines.
    
    Red Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill
    Korotaev for reporting issues fixed in this erratum.
    
    All Red Hat Enterprise Linux 4 users are advised to upgrade their
    kernels to the packages associated with their machine architectures
    and configurations as listed in this erratum."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-2660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1858"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2444"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2932"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2936"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3468"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3626"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0617"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2004-2660", "CVE-2006-1858", "CVE-2006-2444", "CVE-2006-2932", "CVE-2006-2935", "CVE-2006-2936", "CVE-2006-3468", "CVE-2006-3626", "CVE-2006-3745");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2006:0617");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0617";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"kernel-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", reference:"kernel-devel-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", reference:"kernel-doc-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-devel-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-devel-2.6.9-42.0.2.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-42.0.2.EL")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1184.NASL
    descriptionThis advisory covers the S/390 components of the recent security update for the Linux 2.6.8 kernel that were missing due to technical problems. For reference, please see the text of the original advisory. Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-2660 Toshihiro Iwamoto discovered a memory leak in the handling of direct I/O writes that allows local users to cause a denial of service. - CVE-2005-4798 A buffer overflow in NFS readlink handling allows a malicious remote server to cause a denial of service. - CVE-2006-1052 Stephen Smalley discovered a bug in the SELinux ptrace handling that allows local users with ptrace permissions to change the tracer SID to the SID of another process. - CVE-2006-1343 Pavel Kankovsky discovered an information leak in the getsockopt system call which can be exploited by a local program to leak potentially sensitive memory to userspace. - CVE-2006-1528 Douglas Gilbert reported a bug in the sg driver that allows local users to cause a denial of service by performing direct I/O transfers from the sg driver to memory mapped I/O space. - CVE-2006-1855 Mattia Belletti noticed that certain debugging code left in the process management code could be exploited by a local attacker to cause a denial of service. - CVE-2006-1856 Kostik Belousov discovered a missing LSM file_permission check in the readv and writev functions which might allow attackers to bypass intended access restrictions. - CVE-2006-2444 Patrick McHardy discovered a bug in the SNMP NAT helper that allows remote attackers to cause a denial of service. - CVE-2006-2446 A race condition in the socket buffer handling allows remote attackers to cause a denial of service. - CVE-2006-2935 Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD USB storage device to execute arbitrary code. - CVE-2006-2936 A bug in the serial USB driver has been discovered that could be exploited by a custom made USB serial adapter to consume arbitrary amounts of memory. - CVE-2006-3468 James McKenzie discovered a denial of service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. - CVE-2006-3745 Wei Wang discovered a bug in the SCTP implementation that allows local users to cause a denial of service and possibly gain root privileges. - CVE-2006-4093 Olof Johansson discovered that the kernel does not disable the HID0 bit on PowerPC 970 processors which could be exploited by a local attacker to cause a denial of service. - CVE-2006-4145 A bug in the Universal Disk Format (UDF) filesystem driver could be exploited by a local user to cause a denial of service. - CVE-2006-4535 David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system via an SCTP socket with a certain SO_LINGER value. The following matrix explains which kernel version for which architecture fixes the problem mentioned above : stable (sarge) Source 2.6.8-16sarge5 Alpha architecture 2.6.8-16sarge5 AMD64 architecture 2.6.8-16sarge5 HP Precision architecture 2.6.8-6sarge5 Intel IA-32 architecture 2.6.8-16sarge5 Intel IA-64 architecture 2.6.8-14sarge5 Motorola 680x0 architecture 2.6.8-4sarge5 PowerPC architecture 2.6.8-12sarge5 IBM S/390 2.6.8-5sarge5 Sun Sparc architecture 2.6.8-15sarge5 FAI 1.9.1sarge4
    last seen2020-06-01
    modified2020-06-02
    plugin id22726
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22726
    titleDebian DSA-1184-2 : kernel-source-2.6.8 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1184. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22726);
      script_version("1.29");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2004-2660", "CVE-2005-4798", "CVE-2006-1052", "CVE-2006-1343", "CVE-2006-1528", "CVE-2006-1855", "CVE-2006-1856", "CVE-2006-2444", "CVE-2006-2446", "CVE-2006-2935", "CVE-2006-2936", "CVE-2006-3468", "CVE-2006-3745", "CVE-2006-4093", "CVE-2006-4145", "CVE-2006-4535");
      script_bugtraq_id(17203, 17830, 18081, 18099, 18101, 18105, 18847, 19033, 19396, 19562, 19615, 19666, 20087);
      script_xref(name:"CERT", value:"681569");
      script_xref(name:"DSA", value:"1184");
    
      script_name(english:"Debian DSA-1184-2 : kernel-source-2.6.8 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This advisory covers the S/390 components of the recent security
    update for the Linux 2.6.8 kernel that were missing due to technical
    problems. For reference, please see the text of the original advisory.
    
      Several security related problems have been discovered in the Linux
      kernel which may lead to a denial of service or even the execution
      of arbitrary code. The Common Vulnerabilities and Exposures project
      identifies the following problems :
    
        - CVE-2004-2660
          Toshihiro Iwamoto discovered a memory leak in the
          handling of direct I/O writes that allows local users
          to cause a denial of service.
    
        - CVE-2005-4798
          A buffer overflow in NFS readlink handling allows a
          malicious remote server to cause a denial of service.
    
        - CVE-2006-1052
          Stephen Smalley discovered a bug in the SELinux ptrace
          handling that allows local users with ptrace
          permissions to change the tracer SID to the SID of
          another process.
    
        - CVE-2006-1343
          Pavel Kankovsky discovered an information leak in the
          getsockopt system call which can be exploited by a
          local program to leak potentially sensitive memory to
          userspace.
    
        - CVE-2006-1528
          Douglas Gilbert reported a bug in the sg driver that
          allows local users to cause a denial of service by
          performing direct I/O transfers from the sg driver to
          memory mapped I/O space.
    
        - CVE-2006-1855
          Mattia Belletti noticed that certain debugging code
          left in the process management code could be exploited
          by a local attacker to cause a denial of service.
    
        - CVE-2006-1856
          Kostik Belousov discovered a missing LSM
          file_permission check in the readv and writev
          functions which might allow attackers to bypass
          intended access restrictions.
    
        - CVE-2006-2444
          Patrick McHardy discovered a bug in the SNMP NAT
          helper that allows remote attackers to cause a denial
          of service.
    
        - CVE-2006-2446
          A race condition in the socket buffer handling allows
          remote attackers to cause a denial of service.
    
        - CVE-2006-2935
          Diego Calleja Garcia discovered a buffer overflow in
          the DVD handling code that could be exploited by a
          specially crafted DVD USB storage device to execute
          arbitrary code.
    
        - CVE-2006-2936
          A bug in the serial USB driver has been discovered
          that could be exploited by a custom made USB serial
          adapter to consume arbitrary amounts of memory.
    
        - CVE-2006-3468
          James McKenzie discovered a denial of service
          vulnerability in the NFS driver. When exporting an
          ext3 file system over NFS, a remote attacker could
          exploit this to trigger a file system panic by sending
          a specially crafted UDP packet.
    
        - CVE-2006-3745
          Wei Wang discovered a bug in the SCTP implementation
          that allows local users to cause a denial of service
          and possibly gain root privileges.
    
        - CVE-2006-4093
          Olof Johansson discovered that the kernel does not
          disable the HID0 bit on PowerPC 970 processors which
          could be exploited by a local attacker to cause a
          denial of service.
    
        - CVE-2006-4145
          A bug in the Universal Disk Format (UDF) filesystem
          driver could be exploited by a local user to cause a
          denial of service.
    
        - CVE-2006-4535
          David Miller reported a problem with the fix for
          CVE-2006-3745 that allows local users to crash the
          system via an SCTP socket with a certain SO_LINGER
          value.
    
    The following matrix explains which kernel version for which
    architecture fixes the problem mentioned above :
    
                                  stable (sarge)               
      Source                       2.6.8-16sarge5               
      Alpha architecture           2.6.8-16sarge5               
      AMD64 architecture           2.6.8-16sarge5               
      HP Precision architecture    2.6.8-6sarge5                
      Intel IA-32 architecture     2.6.8-16sarge5               
      Intel IA-64 architecture     2.6.8-14sarge5               
      Motorola 680x0 architecture  2.6.8-4sarge5                
      PowerPC architecture         2.6.8-12sarge5               
      IBM S/390                    2.6.8-5sarge5                
      Sun Sparc architecture       2.6.8-15sarge5               
      FAI                          1.9.1sarge4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2004-2660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2005-4798"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-1052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-1343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-1528"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-1855"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-1856"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2444"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2446"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2936"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-3468"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-3745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4145"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4535"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-3745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1184"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the kernel package and reboot the machine. If you have built a
    custom kernel from the kernel source package, you will need to rebuild
    to take advantage of these fixes."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.6.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"fai-kernels", reference:"1.9.1sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-2", reference:"2.6.8-15sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3", reference:"2.6.8-15sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3-smp", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4-smp", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power3", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power3-smp", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power4", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power4-smp", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-powerpc", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-powerpc-smp", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-doc-2.6.8", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium-smp", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley-smp", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-generic", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-k8", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-k8-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-em64t-p4", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-em64t-p4-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2", reference:"2.6.8-15sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-32", reference:"2.6.8-6sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-32-smp", reference:"2.6.8-6sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-386", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-64", reference:"2.6.8-6sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-64-smp", reference:"2.6.8-6sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-686", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-686-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-generic", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-itanium", reference:"2.6.8-14sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-itanium-smp", reference:"2.6.8-14sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-k7", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-k7-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-mckinley", reference:"2.6.8-14sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-mckinley-smp", reference:"2.6.8-14sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc32", reference:"2.6.8-15sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc64", reference:"2.6.8-15sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc64-smp", reference:"2.6.8-15sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3", reference:"2.6.8-15sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32", reference:"2.6.8-6sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32-smp", reference:"2.6.8-6sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-386", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64", reference:"2.6.8-6sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64-smp", reference:"2.6.8-6sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-generic", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc32", reference:"2.6.8-15sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64", reference:"2.6.8-15sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium-smp", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley-smp", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-generic", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-k8", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-k8-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-em64t-p4", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-em64t-p4-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-32", reference:"2.6.8-6sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-32-smp", reference:"2.6.8-6sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-386", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-64", reference:"2.6.8-6sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-64-smp", reference:"2.6.8-6sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-686", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-686-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-generic", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-itanium", reference:"2.6.8-14sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-itanium-smp", reference:"2.6.8-14sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-k7", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-k7-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-mckinley", reference:"2.6.8-14sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-mckinley-smp", reference:"2.6.8-14sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-smp", reference:"2.6.8-16sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc32", reference:"2.6.8-15sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc64", reference:"2.6.8-15sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc64-smp", reference:"2.6.8-15sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32", reference:"2.6.8-6sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32-smp", reference:"2.6.8-6sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-386", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64", reference:"2.6.8-6sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64-smp", reference:"2.6.8-6sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-generic", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3-smp", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4-smp", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390", reference:"2.6.8-5sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390-tape", reference:"2.6.8-5sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390x", reference:"2.6.8-5sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-smp", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc32", reference:"2.6.8-15sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64", reference:"2.6.8-15sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-amiga", reference:"2.6.8-4sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-atari", reference:"2.6.8-4sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-bvme6000", reference:"2.6.8-4sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-hp", reference:"2.6.8-4sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mac", reference:"2.6.8-4sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme147", reference:"2.6.8-4sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme16x", reference:"2.6.8-4sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power3", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power3-smp", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power4", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power4-smp", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-powerpc", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-powerpc-smp", reference:"2.6.8-12sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-q40", reference:"2.6.8-4sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-sun3", reference:"2.6.8-4sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-patch-2.6.8-s390", reference:"2.6.8-5sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.6.8", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-source-2.6.8", reference:"2.6.8-16sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-tree-2.6.8", reference:"2.6.8-16sarge5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0617.NASL
    descriptionUpdated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the proc file system that allowed a local user to use a suid-wrapper for scripts to gain root privileges (CVE-2006-3626, Important) * a flaw in the SCTP implementation that allowed a local user to cause a denial of service (panic) or to possibly gain root privileges (CVE-2006-3745, Important) * a flaw in NFS exported ext2/ext3 partitions when handling invalid inodes that allowed a remote authenticated user to cause a denial of service (filesystem panic) (CVE-2006-3468, Important) * a flaw in the restore_all code path of the 4/4GB split support of non-hugemem kernels that allowed a local user to cause a denial of service (panic) (CVE-2006-2932, Important) * a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT processing that allowed a remote user to cause a denial of service (crash) or potential memory corruption (CVE-2006-2444, Moderate) * a flaw in the DVD handling of the CDROM driver that could be used together with a custom built USB device to gain root privileges (CVE-2006-2935, Moderate) * a flaw in the handling of O_DIRECT writes that allowed a local user to cause a denial of service (memory consumption) (CVE-2004-2660, Low) * a flaw in the SCTP chunk length handling that allowed a remote user to cause a denial of service (crash) (CVE-2006-1858, Low) * a flaw in the input handling of the ftdi_sio driver that allowed a local user to cause a denial of service (memory consumption) (CVE-2006-2936, Low) In addition a bugfix was added to enable a clean reboot for the IBM Pizzaro machines. Red Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill Korotaev for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id22279
    published2006-08-30
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22279
    titleCentOS 4 : kernel (CESA-2006:0617)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0617.NASL
    descriptionUpdated kernel packages that fix security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : From Red Hat Security Advisory 2006-0617 : * a flaw in the proc file system that allowed a local user to use a suid-wrapper for scripts to gain root privileges (CVE-2006-3626, Important) * a flaw in the SCTP implementation that allowed a local user to cause a denial of service (panic) or to possibly gain root privileges (CVE-2006-3745, Important) * a flaw in NFS exported ext2/ext3 partitions when handling invalid inodes that allowed a remote authenticated user to cause a denial of service (filesystem panic) (CVE-2006-3468, Important) * a flaw in the restore_all code path of the 4/4GB split support of non-hugemem kernels that allowed a local user to cause a denial of service (panic) (CVE-2006-2932, Important) * a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT processing that allowed a remote user to cause a denial of service (crash) or potential memory corruption (CVE-2006-2444, Moderate) * a flaw in the DVD handling of the CDROM driver that could be used together with a custom built USB device to gain root privileges (CVE-2006-2935, Moderate) * a flaw in the handling of O_DIRECT writes that allowed a local user to cause a denial of service (memory consumption) (CVE-2004-2660, Low) * a flaw in the SCTP chunk length handling that allowed a remote user to cause a denial of service (crash) (CVE-2006-1858, Low) * a flaw in the input handling of the ftdi_sio driver that allowed a local user to cause a denial of service (memory consumption) (CVE-2006-2936, Low) In addition a bugfix was added to enable a clean reboot for the IBM Pizzaro machines. Red Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill Korotaev for reporting issues fixed in this erratum. From Red Hat Security Advisory ELSA-2006-0689 : * a flaw in the SCTP support that allowed a local user to cause a denial of service (crash) with a specific SO_LINGER value. (CVE-2006-4535, Important) * a flaw in the hugepage table support that allowed a local user to cause a denial of service (crash). (CVE-2005-4811, Important) * a flaw in the mprotect system call that allowed setting write permission for a read-only attachment of shared memory. (CVE-2006-2071, Moderate) * a flaw in HID0[31] (en_attn) register handling on PowerPC 970 systems that allowed a local user to cause a denial of service. (crash) (CVE-2006-4093, Moderate) * a flaw in the perfmon support of Itanium systems that allowed a local user to cause a denial of service by consuming all file descriptors. (CVE-2006-3741, Moderate) * a flaw in the ATM subsystem. On systems with installed ATM hardware and configured ATM support, a remote user could cause a denial of service (panic) by accessing socket buffers memory after freeing them. (CVE-2006-4997, Moderate) * a flaw in the DVB subsystem. On systems with installed DVB hardware and configured DVB support, a remote user could cause a denial of service (panic) by sending a ULE SNDU packet with length of 0. (CVE-2006-4623, Low) * an information leak in the network subsystem that possibly allowed a local user to read sensitive data from kernel memory. (CVE-2006-0039, Low) In addition, two bugfixes for the IPW-2200 wireless driver were included. The first one ensures that wireless management applications correctly identify IPW-2200 controlled devices, while the second fix ensures that DHCP requests using the IPW-2200 operate correctly. Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar Designer for reporting issues fixed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id67401
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67401
    titleOracle Linux 4 : kernel (ELSA-2006-0617 / ELSA-2006-0689)

Oval

accepted2013-04-29T04:02:31.897-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMemory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.
familyunix
idoval:org.mitre.oval:def:10165
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMemory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.
version26

Redhat

advisories
rhsa
idRHSA-2006:0617
rpms
  • kernel-0:2.6.9-42.0.2.EL
  • kernel-debuginfo-0:2.6.9-42.0.2.EL
  • kernel-devel-0:2.6.9-42.0.2.EL
  • kernel-doc-0:2.6.9-42.0.2.EL
  • kernel-hugemem-0:2.6.9-42.0.2.EL
  • kernel-hugemem-devel-0:2.6.9-42.0.2.EL
  • kernel-largesmp-0:2.6.9-42.0.2.EL
  • kernel-largesmp-devel-0:2.6.9-42.0.2.EL
  • kernel-smp-0:2.6.9-42.0.2.EL
  • kernel-smp-devel-0:2.6.9-42.0.2.EL