Vulnerabilities > CVE-2005-1264 - Unspecified vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus

Summary

Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-420.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the first regular update. [Updated 9 August 2005] The advisory text has been updated to show that this update also contained fixes for the security issues named CVE-2005-0209 and CVE-2005-0937. No changes have been made to the packages associated with this advisory. The Linux kernel handles the basic functions of the operating system. This is the first regular kernel update to Red Hat Enterprise Linux 4. A flaw affecting the auditing code was discovered. On Itanium architectures a local user could use this flaw to cause a denial of service (crash). This issue is rated as having important security impact (CVE-2005-0136). A flaw was discovered in the servicing of a raw device ioctl. A local user who has access to raw devices could use this flaw to write to kernel memory and cause a denial of service or potentially gain privileges. This issue is rated as having moderate security impact (CVE-2005-1264). A flaw in fragment forwarding was discovered that affected the netfilter subsystem for certain network interface cards. A remote attacker could send a set of bad fragments and cause a denial of service (system crash). Acenic and SunGEM network interfaces were the only adapters affected, which are in widespread use. (CVE-2005-0209) A flaw in the futex functions was discovered affecting the Linux 2.6 kernel. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0937) New features introduced by this update include: - Fixed TCP BIC congestion handling. - Diskdump support for more controllers (megaraid, SATA) - Device mapper multipath support - AMD64 dual core support. - Intel ICH7 hardware support. There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following device drivers have been upgraded to new versions: ata_piix -------- 1.03 bonding --------- 2.6.1 e1000 ----------- 5.6.10.1-k2-NAPI e100 ------------ 3.3.6-k2-NAPI ibmveth --------- 1.03 libata ---------- 1.02 to 1.10 lpfc ------------ 0:8.0.16 to 0:8.0.16.6_x2 megaraid_mbox --- 2.20.4.0 to 2.20.4.5 megaraid_mm ----- 2.20.2.0-rh1 to 2.20.2.5 sata_nv --------- 0.03 to 0.6 sata_promise ---- 1.00 to 1.01 sata_sil -------- 0.8 sata_sis -------- 0.5 sata_svw -------- 1.05 sata_sx4 -------- 0.7 sata_via -------- 1.0 sata_vsc -------- 1.0 tg3 ------------- 3.22-rh ipw2100 --------- 1.0.3 ipw2200 --------- 1.0.0 All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id21937
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21937
    titleCentOS 4 : kernel (CESA-2005:420)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:420 and 
    # CentOS Errata and Security Advisory 2005:420 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21937);
      script_version("1.19");
      script_cvs_date("Date: 2019/10/25 13:36:02");
    
      script_cve_id("CVE-2005-0136", "CVE-2005-0209", "CVE-2005-0937", "CVE-2005-1264", "CVE-2005-3107");
      script_xref(name:"RHSA", value:"2005:420");
    
      script_name(english:"CentOS 4 : kernel (CESA-2005:420)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages are now available as part of ongoing support
    and maintenance of Red Hat Enterprise Linux version 4. This is the
    first regular update.
    
    [Updated 9 August 2005] The advisory text has been updated to show
    that this update also contained fixes for the security issues named
    CVE-2005-0209 and CVE-2005-0937. No changes have been made to the
    packages associated with this advisory.
    
    The Linux kernel handles the basic functions of the operating system.
    
    This is the first regular kernel update to Red Hat Enterprise Linux 4.
    
    A flaw affecting the auditing code was discovered. On Itanium
    architectures a local user could use this flaw to cause a denial of
    service (crash). This issue is rated as having important security
    impact (CVE-2005-0136).
    
    A flaw was discovered in the servicing of a raw device ioctl. A local
    user who has access to raw devices could use this flaw to write to
    kernel memory and cause a denial of service or potentially gain
    privileges. This issue is rated as having moderate security impact
    (CVE-2005-1264).
    
    A flaw in fragment forwarding was discovered that affected the
    netfilter subsystem for certain network interface cards. A remote
    attacker could send a set of bad fragments and cause a denial of
    service (system crash). Acenic and SunGEM network interfaces were the
    only adapters affected, which are in widespread use. (CVE-2005-0209)
    
    A flaw in the futex functions was discovered affecting the Linux 2.6
    kernel. A local user could use this flaw to cause a denial of service
    (system crash). (CVE-2005-0937)
    
    New features introduced by this update include: - Fixed TCP BIC
    congestion handling. - Diskdump support for more controllers
    (megaraid, SATA) - Device mapper multipath support - AMD64 dual core
    support. - Intel ICH7 hardware support.
    
    There were many bug fixes in various parts of the kernel. The ongoing
    effort to resolve these problems has resulted in a marked improvement
    in the reliability and scalability of Red Hat Enterprise Linux 4.
    
    The following device drivers have been upgraded to new versions:
    ata_piix -------- 1.03 bonding --------- 2.6.1 e1000 -----------
    5.6.10.1-k2-NAPI e100 ------------ 3.3.6-k2-NAPI ibmveth ---------
    1.03 libata ---------- 1.02 to 1.10 lpfc ------------ 0:8.0.16 to
    0:8.0.16.6_x2 megaraid_mbox --- 2.20.4.0 to 2.20.4.5 megaraid_mm -----
    2.20.2.0-rh1 to 2.20.2.5 sata_nv --------- 0.03 to 0.6 sata_promise
    ---- 1.00 to 1.01 sata_sil -------- 0.8 sata_sis -------- 0.5 sata_svw
    -------- 1.05 sata_sx4 -------- 0.7 sata_via -------- 1.0 sata_vsc
    -------- 1.0 tg3 ------------- 3.22-rh ipw2100 --------- 1.0.3 ipw2200
    --------- 1.0.0
    
    All Red Hat Enterprise Linux 4 users are advised to upgrade their
    kernels to the packages associated with their machine architectures
    and configurations as listed in this erratum."
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011800.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d0f01fcc"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011803.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?da27f3ba"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011808.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6c64534e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-sourcecode");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"kernel-2.6.9-11.EL")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"kernel-devel-2.6.9-11.EL")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"kernel-doc-2.6.9-11.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-11.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-11.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-11.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-11.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-11.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-11.EL")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"kernel-sourcecode-2.6.9-11.EL")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-420.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the first regular update. [Updated 9 August 2005] The advisory text has been updated to show that this update also contained fixes for the security issues named CVE-2005-0209 and CVE-2005-0937. No changes have been made to the packages associated with this advisory. The Linux kernel handles the basic functions of the operating system. This is the first regular kernel update to Red Hat Enterprise Linux 4. A flaw affecting the auditing code was discovered. On Itanium architectures a local user could use this flaw to cause a denial of service (crash). This issue is rated as having important security impact (CVE-2005-0136). A flaw was discovered in the servicing of a raw device ioctl. A local user who has access to raw devices could use this flaw to write to kernel memory and cause a denial of service or potentially gain privileges. This issue is rated as having moderate security impact (CVE-2005-1264). A flaw in fragment forwarding was discovered that affected the netfilter subsystem for certain network interface cards. A remote attacker could send a set of bad fragments and cause a denial of service (system crash). Acenic and SunGEM network interfaces were the only adapters affected, which are in widespread use. (CVE-2005-0209) A flaw in the futex functions was discovered affecting the Linux 2.6 kernel. A local user could use this flaw to cause a denial of service (system crash). (CVE-2005-0937) New features introduced by this update include: - Fixed TCP BIC congestion handling. - Diskdump support for more controllers (megaraid, SATA) - Device mapper multipath support - AMD64 dual core support. - Intel ICH7 hardware support. There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following device drivers have been upgraded to new versions: ata_piix -------- 1.03 bonding --------- 2.6.1 e1000 ----------- 5.6.10.1-k2-NAPI e100 ------------ 3.3.6-k2-NAPI ibmveth --------- 1.03 libata ---------- 1.02 to 1.10 lpfc ------------ 0:8.0.16 to 0:8.0.16.6_x2 megaraid_mbox --- 2.20.4.0 to 2.20.4.5 megaraid_mm ----- 2.20.2.0-rh1 to 2.20.2.5 sata_nv --------- 0.03 to 0.6 sata_promise ---- 1.00 to 1.01 sata_sil -------- 0.8 sata_sis -------- 0.5 sata_svw -------- 1.05 sata_sx4 -------- 0.7 sata_via -------- 1.0 sata_vsc -------- 1.0 tg3 ------------- 3.22-rh ipw2100 --------- 1.0.3 ipw2200 --------- 1.0.0 All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id18444
    published2005-06-10
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18444
    titleRHEL 4 : kernel (RHSA-2005:420)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:420. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18444);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-0136", "CVE-2005-0209", "CVE-2005-0937", "CVE-2005-1264", "CVE-2005-3107");
      script_xref(name:"RHSA", value:"2005:420");
    
      script_name(english:"RHEL 4 : kernel (RHSA-2005:420)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages are now available as part of ongoing support
    and maintenance of Red Hat Enterprise Linux version 4. This is the
    first regular update.
    
    [Updated 9 August 2005] The advisory text has been updated to show
    that this update also contained fixes for the security issues named
    CVE-2005-0209 and CVE-2005-0937. No changes have been made to the
    packages associated with this advisory.
    
    The Linux kernel handles the basic functions of the operating system.
    
    This is the first regular kernel update to Red Hat Enterprise Linux 4.
    
    A flaw affecting the auditing code was discovered. On Itanium
    architectures a local user could use this flaw to cause a denial of
    service (crash). This issue is rated as having important security
    impact (CVE-2005-0136).
    
    A flaw was discovered in the servicing of a raw device ioctl. A local
    user who has access to raw devices could use this flaw to write to
    kernel memory and cause a denial of service or potentially gain
    privileges. This issue is rated as having moderate security impact
    (CVE-2005-1264).
    
    A flaw in fragment forwarding was discovered that affected the
    netfilter subsystem for certain network interface cards. A remote
    attacker could send a set of bad fragments and cause a denial of
    service (system crash). Acenic and SunGEM network interfaces were the
    only adapters affected, which are in widespread use. (CVE-2005-0209)
    
    A flaw in the futex functions was discovered affecting the Linux 2.6
    kernel. A local user could use this flaw to cause a denial of service
    (system crash). (CVE-2005-0937)
    
    New features introduced by this update include: - Fixed TCP BIC
    congestion handling. - Diskdump support for more controllers
    (megaraid, SATA) - Device mapper multipath support - AMD64 dual core
    support. - Intel ICH7 hardware support.
    
    There were many bug fixes in various parts of the kernel. The ongoing
    effort to resolve these problems has resulted in a marked improvement
    in the reliability and scalability of Red Hat Enterprise Linux 4.
    
    The following device drivers have been upgraded to new versions:
    ata_piix -------- 1.03 bonding --------- 2.6.1 e1000 -----------
    5.6.10.1-k2-NAPI e100 ------------ 3.3.6-k2-NAPI ibmveth ---------
    1.03 libata ---------- 1.02 to 1.10 lpfc ------------ 0:8.0.16 to
    0:8.0.16.6_x2 megaraid_mbox --- 2.20.4.0 to 2.20.4.5 megaraid_mm -----
    2.20.2.0-rh1 to 2.20.2.5 sata_nv --------- 0.03 to 0.6 sata_promise
    ---- 1.00 to 1.01 sata_sil -------- 0.8 sata_sis -------- 0.5 sata_svw
    -------- 1.05 sata_sx4 -------- 0.7 sata_via -------- 1.0 sata_vsc
    -------- 1.0 tg3 ------------- 3.22-rh ipw2100 --------- 1.0.3 ipw2200
    --------- 1.0.0
    
    All Red Hat Enterprise Linux 4 users are advised to upgrade their
    kernels to the packages associated with their machine architectures
    and configurations as listed in this erratum."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0136"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0209"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0937"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1264"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:420"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2005-0136", "CVE-2005-0209", "CVE-2005-0937", "CVE-2005-1264", "CVE-2005-3107");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2005:420");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:420";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"kernel-2.6.9-11.EL")) flag++;
      if (rpm_check(release:"RHEL4", reference:"kernel-devel-2.6.9-11.EL")) flag++;
      if (rpm_check(release:"RHEL4", reference:"kernel-doc-2.6.9-11.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-2.6.9-11.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-devel-2.6.9-11.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-2.6.9-11.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-11.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-devel-2.6.9-11.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-11.EL")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-392.NASL
    description - Tue May 17 2005 Dave Jones <davej at redhat.com> - Remove the unused (and outdated) Xen patches from the FC3 tree. - Mon May 16 2005 Dave Jones <davej at redhat.com> - Rebase to 2.6.11.10, (fixing CVE-2005-1264) - Thu May 12 2005 Dave Jones <davej at redhat.com> - Rebase to 2.6.11.9, (fixing CVE-2005-1263) - Tue May 10 2005 Dave Jones <davej at redhat.com> - Fix two bugs in x86-64 page fault handler. - Mon May 9 2005 Dave Jones <davej at redhat.com> - Rebase to 2.6.11.8 |<i> Fixes CVE-2005-1368 (local DoS in key lookup). (#156680) </I>|<i> Fixes CVE-2005-1369 (i2c alarms sysfs DoS). (#156683) </I>- Merge IDE fixes from 2.6.11-ac7 - Add Conflicts for older IPW firmwares. - Fix conntrack leak with raw sockets. - Sun May 1 2005 Dave Jones <davej at redhat.com> - Various firewire fixes backported from -mm. (#133798) (Thanks to Jody McIntyre for doing this) - Fri Apr 29 2005 Dave Jones <davej at redhat.com> - fix oops in aacraid open when using adaptec tools. (#148761) - Blacklist another brainless SCSI scanner. (#155457) - Thu Apr 21 2005 Dave Jones <davej at redhat.com> - Fix up SCSI queue locking. (#155472) - Tue Apr 19 2005 Dave Jones <davej at redhat.com> - SCSI tape security: require CAP_ADMIN for SG_IO etc. (#155355) - Mon Apr 18 2005 Dave Jones <davej at redhat.com> - Retry more aggressively during USB device initialization - Thu Apr 14 2005 Dave Jones <davej at redhat.com> - Build DRM modular. (#154769) - Fri Apr 8 2005 Dave Jones <davej at redhat.com> - Disable Longhaul driver (again). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id18377
    published2005-05-28
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18377
    titleFedora Core 3 : kernel-2.6.11-1.27_FC3 (2005-392)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-392.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18377);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:24");
    
      script_xref(name:"FEDORA", value:"2005-392");
    
      script_name(english:"Fedora Core 3 : kernel-2.6.11-1.27_FC3 (2005-392)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Tue May 17 2005 Dave Jones <davej at redhat.com>
    
        - Remove the unused (and outdated) Xen patches from the
          FC3 tree.
    
      - Mon May 16 2005 Dave Jones <davej at redhat.com>
    
        - Rebase to 2.6.11.10, (fixing CVE-2005-1264)
    
      - Thu May 12 2005 Dave Jones <davej at redhat.com>
    
        - Rebase to 2.6.11.9, (fixing CVE-2005-1263)
    
      - Tue May 10 2005 Dave Jones <davej at redhat.com>
    
        - Fix two bugs in x86-64 page fault handler.
    
      - Mon May 9 2005 Dave Jones <davej at redhat.com>
    
        - Rebase to 2.6.11.8 |<i> Fixes CVE-2005-1368 (local DoS
          in key lookup). (#156680) </I>|<i> Fixes CVE-2005-1369
          (i2c alarms sysfs DoS). (#156683) </I>- Merge IDE
          fixes from 2.6.11-ac7
    
      - Add Conflicts for older IPW firmwares.
    
        - Fix conntrack leak with raw sockets.
    
      - Sun May 1 2005 Dave Jones <davej at redhat.com>
    
        - Various firewire fixes backported from -mm. (#133798)
          (Thanks to Jody McIntyre for doing this)
    
      - Fri Apr 29 2005 Dave Jones <davej at redhat.com>
    
        - fix oops in aacraid open when using adaptec tools.
          (#148761)
    
        - Blacklist another brainless SCSI scanner. (#155457)
    
      - Thu Apr 21 2005 Dave Jones <davej at redhat.com>
    
        - Fix up SCSI queue locking. (#155472)
    
      - Tue Apr 19 2005 Dave Jones <davej at redhat.com>
    
        - SCSI tape security: require CAP_ADMIN for SG_IO etc.
          (#155355)
    
      - Mon Apr 18 2005 Dave Jones <davej at redhat.com>
    
        - Retry more aggressively during USB device
          initialization
    
      - Thu Apr 14 2005 Dave Jones <davej at redhat.com>
    
        - Build DRM modular. (#154769)
    
      - Fri Apr 8 2005 Dave Jones <davej at redhat.com>
    
        - Disable Longhaul driver (again).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-May/000916.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8ac50a02"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"kernel-2.6.11-1.27_FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"kernel-debuginfo-2.6.11-1.27_FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"kernel-doc-2.6.11-1.27_FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"kernel-smp-2.6.11-1.27_FC3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-doc / kernel-smp");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-131-1.NASL
    descriptionColin Percival discovered an information disclosure in the
    last seen2020-06-01
    modified2020-06-02
    plugin id20522
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20522
    titleUbuntu 4.10 / 5.04 : linux-source-2.6.8.1, linux-source-2.6.10 vulnerabilities (USN-131-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-131-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20522);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2005-0109", "CVE-2005-1041", "CVE-2005-1263", "CVE-2005-1264", "CVE-2005-1368", "CVE-2005-1369", "CVE-2005-1589");
      script_xref(name:"USN", value:"131-1");
    
      script_name(english:"Ubuntu 4.10 / 5.04 : linux-source-2.6.8.1, linux-source-2.6.10 vulnerabilities (USN-131-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Colin Percival discovered an information disclosure in the 'Hyper
    Threading Technology' architecture in processors which are capable of
    simultaneous multithreading (in particular Intel Pentium 4, Intel
    Mobile Pentium 4, and Intel Xeon processors). This allows a malicious
    thread to monitor the execution of another thread on the same CPU.
    This could be exploited to steal cryptographic keys, passwords, or
    other arbitrary data from unrelated processes. Since it is not
    possible to provide a safe patch in a short time, HyperThreading has
    been disabled in the updated kernel packages for now. You can manually
    enable HyperThreading again by passing the kernel parameter 'ht=on' at
    boot. (CAN-2005-0109)
    
    A Denial of Service vulnerability was discovered in the
    fib_seq_start() function(). This allowed a local user to crash the
    system by reading /proc/net/route in a certain way. (CAN-2005-1041)
    
    Paul Starzetz found an integer overflow in the ELF binary format
    loader's core dump function. By creating and executing a specially
    crafted ELF executable, a local attacker could exploit this to execute
    arbitrary code with root and kernel privileges. However, it is
    believed that this flaw is not actually exploitable on 2.6.x kernels
    (as shipped by Ubuntu). (CAN-2005-1263)
    
    Alexander Nyberg discovered a flaw in the keyring kernel module. This
    allowed a local attacker to cause a kernel crash on SMP machines by
    calling key_user_lookup() in a particular way. This vulnerability does
    not affect the kernel of Ubuntu 4.10. (CAN-2005-1368)
    
    The it87 and via686a hardware monitoring drivers created a sysfs file
    named 'alarms' with write permissions, but they are not designed to be
    writeable. This allowed a local user to crash the kernel by attempting
    to write to these files. (CAN-2005-1369)
    
    It was discovered that the drivers for raw devices (CAN-2005-1264) and
    pktcdvd devices (CAN-2005-1589) used the wrong function to pass
    arguments to the underlying block device. This made the kernel address
    space accessible to userspace applications. This allowed any local
    user with at least read access to a device in /dev/pktcdvd/* (usually
    members of the 'cdrom' group) or /dev/raw/* (usually only root) to
    execute arbitrary code with kernel privileges. Ubuntu 4.10's kernel is
    not affected by the pktcdvd flaw since it does not yet support packet
    CD writing.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"linux-doc-2.6.8.1", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-386", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-686", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-686-smp", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-generic", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-k8", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-k8-smp", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-xeon", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-386", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-686", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-686-smp", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-generic", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-k8", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-k8-smp", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-xeon", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-patch-debian-2.6.8.1", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-source-2.6.8.1", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"linux-tree-2.6.8.1", pkgver:"2.6.8.1-16.18")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-doc-2.6.10", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-5", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-5-386", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-5-686", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-5-686-smp", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-5-amd64-generic", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-5-amd64-k8", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-5-amd64-k8-smp", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-5-amd64-xeon", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-5-386", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-5-686", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-5-686-smp", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-5-amd64-generic", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-5-amd64-k8", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-5-amd64-k8-smp", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-5-amd64-xeon", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-patch-ubuntu-2.6.10", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-source-2.6.10", pkgver:"2.6.10-34.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-tree-2.6.10", pkgver:"2.6.10-34.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc-2.6.10 / linux-doc-2.6.8.1 / linux-headers-2.6 / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-110.NASL
    descriptionMultiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel : Colin Percival discovered a vulnerability in Intel
    last seen2020-06-01
    modified2020-06-02
    plugin id18598
    published2005-07-01
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18598
    titleMandrake Linux Security Advisory : kernel (MDKSA-2005:110)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:110. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18598);
      script_version ("1.24");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2004-1056", "CVE-2004-1337", "CVE-2005-0109", "CVE-2005-0178", "CVE-2005-0209", "CVE-2005-0384", "CVE-2005-0400", "CVE-2005-0530", "CVE-2005-0531", "CVE-2005-0532", "CVE-2005-0749", "CVE-2005-0750", "CVE-2005-0767", "CVE-2005-0839", "CVE-2005-0937", "CVE-2005-1041", "CVE-2005-1263", "CVE-2005-1264", "CVE-2005-1369", "CVE-2006-3634");
      script_xref(name:"MDKSA", value:"2005:110");
    
      script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2005:110)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities in the Linux kernel have been discovered and
    fixed in this update. The following CVE names have been fixed in the
    LE2005 kernel :
    
    Colin Percival discovered a vulnerability in Intel's Hyper-Threading
    technology could allow a local user to use a malicious thread to
    create covert channels, monitor the execution of other threads, and
    obtain sensitive information such as cryptographic keys via a timing
    attack on memory cache misses. This has been corrected by disabling HT
    support in all kernels (CVE-2005-0109).
    
    An information leak in the ext2 filesystem code in kernels prior to
    2.6.11.6 was found where when a new directory is created, the ext2
    block written to disk is not initialized (CVE-2005-0400).
    
    A flaw when freeing a pointer in load_elf_library was found in kernels
    prior to 2.6.11.6 that could be abused by a local user to potentially
    crash the machine causing a Denial of Service (CVE-2005-0749).
    
    A problem with the Bluetooth kernel stack in kernels 2.4.6 through
    2.4.30-rc1 and 2.6 through 2.6.11.5 could be used by a local attacker
    to gain root access or crash the machine (CVE-2005-0750).
    
    Paul Starzetz found an integer overflow in the ELF binary format
    loader's code dump function in kernels prior to and including
    2.4.31-pre1 and 2.6.12-rc4. By creating and executing a specially
    crafted ELF executable, a local attacker could exploit this to execute
    arbitrary code with root and kernel privileges (CVE-2005-1263).
    
    The drivers for raw devices used the wrong function to pass arguments
    to the underlying block device in 2.6.x kernels. This made the kernel
    address space accessible to user-space applications allowing any local
    user with at least read access to a device in /dev/raw/* (usually only
    root) to execute arbitrary code with kernel privileges
    (CVE-2005-1264).
    
    The it87 and via686a hardware monitor drivers in kernels prior to
    2.6.11.8 and 2.6.12 prior to 2.6.12-rc2 created a sysfs file named
    'alarms' with write permissions although they are not designed to be
    writable. This allowed a local user to crash the kernel by attempting
    to write to these files (CVE-2005-1369).
    
    In addition to the above-noted CVE-2005-0109, CVE-2005-0400,
    CVE-2005-0749, CVE-2005-0750, and CVE-2005-1369 fixes, the following
    CVE names have been fixed in the 10.1 kernel :
    
    The POSIX Capability Linux Security Module (LSM) for 2.6 kernels up to
    and including 2.6.8.1 did not properly handle the credentials of a
    process that is launched before the module is loaded, which could be
    used by local attackers to gain elevated privileges (CVE-2004-1337).
    
    A flaw in the Linux PPP driver in kernel 2.6.8.1 was found where on
    systems allowing remote users to connect to a server via PPP, a remote
    client could cause a crash, resulting in a Denial of Service
    (CVE-2005-0384).
    
    George Guninski discovered a buffer overflow in the ATM driver in
    kernels 2.6.10 and 2.6.11 before 2.6.11-rc4 where the atm_get_addr()
    function does not validate its arguments sufficiently which could
    allow a local attacker to overwrite large portions of kernel memory by
    supplying a negative length argument. This could potentially lead to
    the execution of arbitrary code (CVE-2005-0531).
    
    The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c
    before kernel 2.6.11, when running on 64-bit architectures, could
    allow local users to trigger a buffer overflow as a result of casting
    discrepancies between size_t and int data types. This could allow an
    attacker to overwrite kernel memory, crash the machine, or potentially
    obtain root access (CVE-2005-0532).
    
    A race condition in the Radeon DRI driver in kernel 2.6.8.1 allows a
    local user with DRI privileges to execute arbitrary code as root
    (CVE-2005-0767).
    
    Access was not restricted to the N_MOUSE discipline for a TTY in
    kernels prior to 2.6.11. This could allow local attackers to obtain
    elevated privileges by injecting mouse or keyboard events into other
    user's sessions (CVE-2005-0839).
    
    Some futex functions in futex.c in 2.6 kernels performed get_user
    calls while holding the mmap_sem semaphore, which could allow a local
    attacker to cause a deadlock condition in do_page_fault by triggering
    get_user faults while another thread is executing mmap or other
    functions (CVE-2005-0937).
    
    In addition to the above-noted CVE-2004-1337, CVE-2005-0109,
    CVE-2005-0384, CVE-2005-0400, CVE-2005-0531, CVE-2005-0532,
    CVE-2005-0749, CVE-2005-0750, CVE-2005-0767, CVE-2005-0839,
    CVE-2005-0937, CVE-2005-1263, CVE-2005-1264, and CVE-2005-1369 fixes,
    the following CVE names have been fixed in the 10.0/ Corporate 3.0
    kernels :
    
    A race condition in the setsid function in kernels before 2.6.8.1
    could allow a local attacker to cause a Denial of Service and possibly
    access portions of kernel memory related to TTY changes, locking, and
    semaphores (CVE-2005-0178).
    
    When forwarding fragmented packets in kernel 2.6.8.1, a hardware
    assisted checksum could only be used once which could lead to a Denial
    of Service attack or crash by remote users (CVE-2005-0209).
    
    A signedness error in the copy_from_read_buf function in n_tty.c
    before kernel 2.6.11 allows local users to read kernel memory via a
    negative argument (CVE-2005-0530).
    
    A vulnerability in the fib_seq_start() function allowed a local user
    to crash the system by readiung /proc/net/route in a certain way,
    causing a Denial of Service (CVE-2005-1041).
    
    A vulnerability in the Direct Rendering Manager (DRM) driver in the
    2.6 kernel does not properly check the DMA lock, which could allow
    remote attackers or local users to cause a Denial of Service (X Server
    crash) and possibly modify the video output (CVE-2004-1056)."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.11.12mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.3.27mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.8.1.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.3.27mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.8.1.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.11.12mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.8.1.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.11.12mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.3.27mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-64GB-2.6.8.1.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-p3-smp-64GB-2.6.3.27mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure-2.6.3.27mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure-2.6.8.1.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.11.12mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.3.27mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.8.1.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xbox-2.6.11.12mdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", reference:"kernel-2.6.3.27mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-enterprise-2.6.3.27mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.3.27mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-p3-smp-64GB-2.6.3.27mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"kernel-secure-2.6.3.27mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"kernel-smp-2.6.3.27mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"kernel-source-2.6.3-27mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"kernel-source-stripped-2.6.3-27mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.1", reference:"kernel-2.6.8.1.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"kernel-enterprise-2.6.8.1.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"kernel-i586-up-1GB-2.6.8.1.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"kernel-i686-up-64GB-2.6.8.1.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"kernel-secure-2.6.8.1.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"kernel-smp-2.6.8.1.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"kernel-source-2.6-2.6.8.1-25mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"kernel-source-stripped-2.6-2.6.8.1-25mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.2", reference:"kernel-2.6.11.12mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"kernel-i586-up-1GB-2.6.11.12mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.11.12mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"kernel-smp-2.6.11.12mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"kernel-source-2.6-2.6.11-12mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"kernel-source-stripped-2.6-2.6.11-12mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"kernel-xbox-2.6.11.12mdk-1-1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

accepted2013-04-29T04:04:09.092-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionRaw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
familyunix
idoval:org.mitre.oval:def:10264
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleRaw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
version26

Redhat

advisories
rhsa
idRHSA-2005:420
rpms
  • kernel-0:2.6.9-11.EL
  • kernel-debuginfo-0:2.6.9-11.EL
  • kernel-devel-0:2.6.9-11.EL
  • kernel-doc-0:2.6.9-11.EL
  • kernel-hugemem-0:2.6.9-11.EL
  • kernel-hugemem-devel-0:2.6.9-11.EL
  • kernel-smp-0:2.6.9-11.EL
  • kernel-smp-devel-0:2.6.9-11.EL