Vulnerabilities > CVE-2005-3783 - Unspecified vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linux
nessus
Summary
The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash).
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_068.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:068 (kernel). The Linux kernel was updated to fix several security problems and several bugs, listed below: Security fixes: - CVE-2005-3783: A check in ptrace(2) handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine. (All) - CVE-2005-3784: A check in reaping of terminating child processes did not consider ptrace(2) attached processes and would leave a ptrace reference dangling. This could lead to a local user being able to crash the machine. (Linux kernel 2.6 based products only) - CVE-2005-3806: A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine. (All) - CVE-2005-3805: A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine. (SUSE Linux 9.3) - CVE-2005-3527: A race condition in do_coredump in signal.c allows local users to cause a denial of service (machine hang) by triggering a core dump in one thread while another thread has a pending SIGSTOP. (SUSE Linux 9.3) - CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service. This is seen in regular Samba use and could also be triggered by local attackers. (SUSE Linux 9.3) - Others: see original advisory last seen 2019-10-28 modified 2005-12-20 plugin id 20334 published 2005-12-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20334 title SUSE-SA:2005:068: kernel code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:068 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(20334); script_version ("1.8"); name["english"] = "SUSE-SA:2005:068: kernel"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:068 (kernel). The Linux kernel was updated to fix several security problems and several bugs, listed below: Security fixes: - CVE-2005-3783: A check in ptrace(2) handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine. (All) - CVE-2005-3784: A check in reaping of terminating child processes did not consider ptrace(2) attached processes and would leave a ptrace reference dangling. This could lead to a local user being able to crash the machine. (Linux kernel 2.6 based products only) - CVE-2005-3806: A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine. (All) - CVE-2005-3805: A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine. (SUSE Linux 9.3) - CVE-2005-3527: A race condition in do_coredump in signal.c allows local users to cause a denial of service (machine hang) by triggering a core dump in one thread while another thread has a pending SIGSTOP. (SUSE Linux 9.3) - CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service. This is seen in regular Samba use and could also be triggered by local attackers. (SUSE Linux 9.3) - Others: see original advisory" ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_68_kernel.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/20"); script_end_attributes(); summary["english"] = "Check for the version of the kernel package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"Intel-536ep-4.62-27", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"Intel-v92ham-4.53-27", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_athlon-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_deflt-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_smp-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_smp4G-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_um-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-8.26a-216", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-2.6.2-38.19", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-docs-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"Intel-536ep-4.69-5.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-nongpl-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-nongpl-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-nongpl-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-nongpl-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-8.31a8-6.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-install-initrd-1.0-48.11", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-kernel-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-docs-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"Intel-536ep-4.69-10.4", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-xen-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-xen-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-8.31a10-7.4", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-install-initrd-1.0-50.4", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-kernel-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-docs-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-231-1.NASL description Rudolf Polzer reported an abuse of the last seen 2020-06-01 modified 2020-06-02 plugin id 20775 published 2006-01-21 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20775 title Ubuntu 4.10 / 5.04 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-231-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-231-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20775); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-3257", "CVE-2005-3783", "CVE-2005-3784", "CVE-2005-3805", "CVE-2005-3806", "CVE-2005-3807", "CVE-2005-3808", "CVE-2005-3848", "CVE-2005-3857", "CVE-2005-3858"); script_xref(name:"USN", value:"231-1"); script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-231-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Rudolf Polzer reported an abuse of the 'loadkeys' command. By redefining one or more keys and tricking another user (like root) into logging in on a text console and typing something that involves the redefined keys, a local user could cause execution of arbitrary commands with the privileges of the target user. The updated kernel restricts the usage of 'loadkeys' to root. (CVE-2005-3257) The ptrace() system call did not correctly check whether a process tried to attach to itself. A local attacker could exploit this to cause a kernel crash. (CVE-2005-3783) A Denial of Service vulnerability was found in the handler that automatically cleans up and terminates child processes that are not correctly handled by their parent process ('auto-reaper'). The check did not correctly handle processes which were currently traced by another process. A local attacker could exploit this to cause a kernel crash. (CVE-2005-3784) A locking problem was discovered in the POSIX timer cleanup handling on process exit. A local attacker could exploit this to cause the machine to hang (Denial of Service). This flaw only affects multiprocessor (SMP) systems. (CVE-2005-3805) A Denial of Service vulnerability was discovered in the IPv6 flowlabel handling code. By invoking setsockopt(IPV6_FLOWLABEL_MGR) in a special way, a local attacker could cause memory corruption which eventually led to a kernel crash. (CVE-2005-3806) A memory leak was discovered in the VFS lease handling. These operations are commonly executed by the Samba server, which led to steady memory exhaustion. By repeatedly triggering the affected operations in quick succession, a local attacker could exploit this to drain all memory, which leads to a Denial of Service. (CVE-2005-3807) An integer overflow was discovered in the invalidate_inode_pages2_range() function. By issuing 64-bit mmap calls on a 32 bit system, a local user could exploit this to crash the machine, thereby causing Denial of Service. This flaw does not affect the amd64 platform, and does only affect Ubuntu 5.10. (CVE-2005-3808) Ollie Wild discovered a memory leak in the icmp_push_reply() function. By sending a large amount of specially crafted packets, a remote attacker could exploit this to drain all memory, which eventually leads to a Denial of Service. (CVE-2005-3848) Chris Wrigth found a Denial of Service vulnerability in the time_out_leases() function. By allocating a large number of VFS file lock leases and having them timeout at the same time, a large number of 'printk' debugging statements was generated at the same time, which could exhaust kernel memory. (CVE-2005-3857) Patrick McHardy discovered a memory leak in the ip6_input_finish() function. A remote attacker could exploit this by sending specially crafted IPv6 packets, which would eventually drain all available kernel memory, thus causing a Denial of Service. (CVE-2005-3858). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"linux-doc-2.6.8.1", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-386", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-686", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-686-smp", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-amd64-generic", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-amd64-k8", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-amd64-k8-smp", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-amd64-xeon", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-386", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-686", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-686-smp", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-amd64-generic", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-amd64-k8", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-amd64-k8-smp", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-amd64-xeon", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-patch-debian-2.6.8.1", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-source-2.6.8.1", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-tree-2.6.8.1", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-doc-2.6.10", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-386", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686-smp", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-386", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686-smp", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-patch-ubuntu-2.6.10", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-source-2.6.10", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-tree-2.6.10", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-doc-2.6.12", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-386", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686-smp", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-386", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686-smp", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-patch-ubuntu-2.6.12", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-source-2.6.12", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-tree-2.6.12", pkgver:"2.6.12-10.25")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc-2.6.10 / linux-doc-2.6.12 / linux-doc-2.6.8.1 / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-018.NASL description A number of vulnerabilities have been corrected in the Linux kernel : A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527). The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which could allow local users to cause a DoS (CVE-2005-3783). The auto-reap child process in 2.6 kernels prior to 2.6.15 include processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a crash (CVE-2005-3784). A locking problem in the POSIX timer cleanup handling on exit on kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local user to cause a deadlock involving process CPU timers (CVE-2005-3805). The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to 2.4.32 and 2.6.14 modifes the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a crash by triggering a free of non-allocated memory (CVE-2005-3806). An integer overflow in 2.6.14 and earlier could allow a local user to cause a hang via 64-bit mmap calls that are not properly handled on a 32-bit system (CVE-2005-3808). As well, other bugfixes are included in this update : Fixes to swsup and HDA sound fixes (DMA buffer fixes, and fixes for the AD1986a codec, added support for Nvidia chipsets, and new model information for the Gigabyte K8N51). MCP51 forcedeth support has been added. last seen 2020-06-01 modified 2020-06-02 plugin id 20796 published 2006-01-22 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20796 title Mandrake Linux Security Advisory : kernel (MDKSA-2006:018) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:018. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(20796); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2005-3527", "CVE-2005-3783", "CVE-2005-3784", "CVE-2005-3805", "CVE-2005-3806", "CVE-2005-3808"); script_xref(name:"MDKSA", value:"2006:018"); script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2006:018)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A number of vulnerabilities have been corrected in the Linux kernel : A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527). The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which could allow local users to cause a DoS (CVE-2005-3783). The auto-reap child process in 2.6 kernels prior to 2.6.15 include processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a crash (CVE-2005-3784). A locking problem in the POSIX timer cleanup handling on exit on kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local user to cause a deadlock involving process CPU timers (CVE-2005-3805). The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to 2.4.32 and 2.6.14 modifes the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a crash by triggering a free of non-allocated memory (CVE-2005-3806). An integer overflow in 2.6.14 and earlier could allow a local user to cause a hang via 64-bit mmap calls that are not properly handled on a 32-bit system (CVE-2005-3808). As well, other bugfixes are included in this update : Fixes to swsup and HDA sound fixes (DMA buffer fixes, and fixes for the AD1986a codec, added support for Nvidia chipsets, and new model information for the Gigabyte K8N51). MCP51 forcedeth support has been added." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"kernel-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i586-up-1GB-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"kernel-smp-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"kernel-source-2.6-2.6.12-15mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"kernel-source-stripped-2.6-2.6.12-15mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xbox-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xen0-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xenU-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1017.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2005-0449 An error in the skb_checksum_help() function from the netfilter framework has been discovered that allows the bypass of packet filter rules or a denial of service attack. - CVE-2005-2457 Tim Yamin discovered that insufficient input validation in the zisofs driver for compressed ISO file systems allows a denial of service attack through maliciously crafted ISO images. - CVE-2005-2490 A buffer overflow in the sendmsg() function allows local users to execute arbitrary code. - CVE-2005-2555 Herbert Xu discovered that the setsockopt() function was not restricted to users/processes with the CAP_NET_ADMIN capability. This allows attackers to manipulate IPSEC policies or initiate a denial of service attack. - CVE-2005-2709 Al Viro discovered a race condition in the /proc handling of network devices. A (local) attacker could exploit the stale reference after interface shutdown to cause a denial of service or possibly execute code in kernel mode. - CVE-2005-2800 Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices leak memory, which allows a denial of service attack. - CVE-2005-2973 Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code can be forced into an endless loop, which allows a denial of service attack. - CVE-2005-3044 Vasiliy Averin discovered that the reference counters from sockfd_put() and fput() can be forced into overlapping, which allows a denial of service attack through a NULL pointer dereference. - CVE-2005-3053 Eric Dumazet discovered that the set_mempolicy() system call accepts a negative value for its first argument, which triggers a BUG() assert. This allows a denial of service attack. - CVE-2005-3055 Harald Welte discovered that if a process issues a USB Request Block (URB) to a device and terminates before the URB completes, a stale pointer would be dereferenced. This could be used to trigger a denial of service attack. - CVE-2005-3180 Pavel Roskin discovered that the driver for Orinoco wireless cards clears its buffers insufficiently. This could leak sensitive information into user space. - CVE-2005-3181 Robert Derr discovered that the audit subsystem uses an incorrect function to free memory, which allows a denial of service attack. - CVE-2005-3257 Rudolf Polzer discovered that the kernel improperly restricts access to the KDSKBSENT ioctl, which can possibly lead to privilege escalation. - CVE-2005-3356 Doug Chapman discovered that the mq_open syscall can be tricked into decrementing an internal counter twice, which allows a denial of service attack through a kernel panic. - CVE-2005-3358 Doug Chapman discovered that passing a zero bitmask to the set_mempolicy() system call leads to a kernel panic, which allows a denial of service attack. - CVE-2005-3783 The ptrace code using CLONE_THREAD didn last seen 2020-06-01 modified 2020-06-02 plugin id 22559 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22559 title Debian DSA-1017-1 : kernel-source-2.6.8 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1017. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22559); script_version("1.21"); script_cvs_date("Date: 2019/10/16 10:34:21"); script_cve_id("CVE-2004-1017", "CVE-2005-0124", "CVE-2005-0449", "CVE-2005-2457", "CVE-2005-2490", "CVE-2005-2555", "CVE-2005-2709", "CVE-2005-2800", "CVE-2005-2973", "CVE-2005-3044", "CVE-2005-3053", "CVE-2005-3055", "CVE-2005-3180", "CVE-2005-3181", "CVE-2005-3257", "CVE-2005-3356", "CVE-2005-3358", "CVE-2005-3783", "CVE-2005-3784", "CVE-2005-3806", "CVE-2005-3847", "CVE-2005-3848", "CVE-2005-3857", "CVE-2005-3858", "CVE-2005-4605", "CVE-2005-4618", "CVE-2006-0095", "CVE-2006-0096", "CVE-2006-0482", "CVE-2006-1066"); script_xref(name:"DSA", value:"1017"); script_name(english:"Debian DSA-1017-1 : kernel-source-2.6.8 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2005-0449 An error in the skb_checksum_help() function from the netfilter framework has been discovered that allows the bypass of packet filter rules or a denial of service attack. - CVE-2005-2457 Tim Yamin discovered that insufficient input validation in the zisofs driver for compressed ISO file systems allows a denial of service attack through maliciously crafted ISO images. - CVE-2005-2490 A buffer overflow in the sendmsg() function allows local users to execute arbitrary code. - CVE-2005-2555 Herbert Xu discovered that the setsockopt() function was not restricted to users/processes with the CAP_NET_ADMIN capability. This allows attackers to manipulate IPSEC policies or initiate a denial of service attack. - CVE-2005-2709 Al Viro discovered a race condition in the /proc handling of network devices. A (local) attacker could exploit the stale reference after interface shutdown to cause a denial of service or possibly execute code in kernel mode. - CVE-2005-2800 Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices leak memory, which allows a denial of service attack. - CVE-2005-2973 Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code can be forced into an endless loop, which allows a denial of service attack. - CVE-2005-3044 Vasiliy Averin discovered that the reference counters from sockfd_put() and fput() can be forced into overlapping, which allows a denial of service attack through a NULL pointer dereference. - CVE-2005-3053 Eric Dumazet discovered that the set_mempolicy() system call accepts a negative value for its first argument, which triggers a BUG() assert. This allows a denial of service attack. - CVE-2005-3055 Harald Welte discovered that if a process issues a USB Request Block (URB) to a device and terminates before the URB completes, a stale pointer would be dereferenced. This could be used to trigger a denial of service attack. - CVE-2005-3180 Pavel Roskin discovered that the driver for Orinoco wireless cards clears its buffers insufficiently. This could leak sensitive information into user space. - CVE-2005-3181 Robert Derr discovered that the audit subsystem uses an incorrect function to free memory, which allows a denial of service attack. - CVE-2005-3257 Rudolf Polzer discovered that the kernel improperly restricts access to the KDSKBSENT ioctl, which can possibly lead to privilege escalation. - CVE-2005-3356 Doug Chapman discovered that the mq_open syscall can be tricked into decrementing an internal counter twice, which allows a denial of service attack through a kernel panic. - CVE-2005-3358 Doug Chapman discovered that passing a zero bitmask to the set_mempolicy() system call leads to a kernel panic, which allows a denial of service attack. - CVE-2005-3783 The ptrace code using CLONE_THREAD didn't use the thread group ID to determine whether the caller is attaching to itself, which allows a denial of service attack. - CVE-2005-3784 The auto-reaping of child processes functionality included ptraced-attached processes, which allows denial of service through dangling references. - CVE-2005-3806 Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable, which could lead to memory corruption and denial of service. - CVE-2005-3847 It was discovered that a threaded real-time process, which is currently dumping core can be forced into a dead-lock situation by sending it a SIGKILL signal, which allows a denial of service attack. - CVE-2005-3848 Ollie Wild discovered a memory leak in the icmp_push_reply() function, which allows denial of service through memory consumption. - CVE-2005-3857 Chris Wright discovered that excessive allocation of broken file lock leases in the VFS layer can exhaust memory and fill up the system logging, which allows denial of service. - CVE-2005-3858 Patrick McHardy discovered a memory leak in the ip6_input_finish() function from the IPv6 code, which allows denial of service. - CVE-2005-4605 Karl Janmar discovered that a signedness error in the procfs code can be exploited to read kernel memory, which may disclose sensitive information. - CVE-2005-4618 Yi Ying discovered that sysctl does not properly enforce the size of a buffer, which allows a denial of service attack. - CVE-2006-0095 Stefan Rompf discovered that dm_crypt does not clear an internal struct before freeing it, which might disclose sensitive information. - CVE-2006-0096 It was discovered that the SDLA driver's capability checks were too lax for firmware upgrades. - CVE-2006-0482 Ludovic Courtes discovered that get_compat_timespec() performs insufficient input sanitizing, which allows a local denial of service attack. - CVE-2006-1066 It was discovered that ptrace() on the ia64 architecture allows a local denial of service attack, when preemption is enabled." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295949" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332587" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332596" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330343" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330353" ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327416" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1017" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0124" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0449" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2457" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2490" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2555" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2709" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2800" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2973" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3044" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3053" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3055" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3180" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3181" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3257" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3356" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3358" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3783" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3784" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3806" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3847" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3848" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3857" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3858" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4605" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4618" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0095" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0096" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-0482" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-1066" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1017" ); script_set_attribute( attribute:"solution", value: "Upgrade the kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. The following matrix explains which kernel version for which architecture fix the problems mentioned above : Debian 3.1 (sarge) Source 2.6.8-16sarge2 Alpha architecture 2.6.8-16sarge2 AMD64 architecture 2.6.8-16sarge2 HP Precision architecture 2.6.8-6sarge2 Intel IA-32 architecture 2.6.8-16sarge2 Intel IA-64 architecture 2.6.8-14sarge2 Motorola 680x0 architecture 2.6.8-4sarge2 PowerPC architecture 2.6.8-12sarge2 IBM S/390 architecture 2.6.8-5sarge2 Sun Sparc architecture 2.6.8-15sarge2 The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update : Debian 3.1 (sarge) kernel-latest-2.6-alpha 101sarge1 kernel-latest-2.6-amd64 103sarge1 kernel-latest-2.6-hppa 2.6.8-1sarge1 kernel-latest-2.6-sparc 101sarge1 kernel-latest-2.6-i386 101sarge1 kernel-latest-powerpc 102sarge1 fai-kernels 1.9.1sarge1 hostap-modules-i386 0.3.7-1sarge1 mol-modules-2.6.8 0.9.70+2.6.8+12sarge1 ndiswrapper-modules-i386 1.1-2sarge1 This update introduces a change in the kernel's binary interface, the affected kernel packages inside Debian have been rebuilt, if you're running local addons you'll need to rebuild these as well. Due to the change in the package name you need to use apt-get dist-upgrade to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(20, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.6.8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"fai-kernels", reference:"1.9.1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-386", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-586tsc", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-686", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-686-smp", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-k6", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-k7", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-k7-smp", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-386", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-686", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-686-smp", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-k7", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-k7-smp", reference:"0.3.7-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-2", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power3", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power3-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power4", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power4-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-powerpc", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-powerpc-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-doc-2.6.8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-32", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-32-smp", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-386", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-64", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-64-smp", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-686", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-686-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-amd64-generic", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-amd64-k8", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-amd64-k8-smp", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-em64t-p4", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-em64t-p4-smp", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-generic", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-k7", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-k7-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-sparc32", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-sparc64", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-sparc64-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-generic", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-k8", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-k8-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-em64t-p4", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-em64t-p4-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-32", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-32-smp", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-386", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-64", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-64-smp", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-686", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-686-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-generic", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-itanium", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-itanium-smp", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-k7", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-k7-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-mckinley", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-mckinley-smp", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc32", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc64", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc64-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32-smp", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-386", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64-smp", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-generic", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc32", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-powerpc", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-powerpc-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-32", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-32-smp", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-386", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-64", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-64-smp", reference:"2.6.8-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-686", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-686-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-amd64-generic", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-amd64-k8", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-amd64-k8-smp", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-em64t-p4", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-em64t-p4-smp", reference:"103sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-generic", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-k7", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-k7-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power3", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power3-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power4", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power4-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-powerpc", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-powerpc-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-sparc32", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-sparc64", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-sparc64-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-generic", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-k8", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-k8-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-em64t-p4", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-em64t-p4-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-32", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-32-smp", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-386", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-64", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-64-smp", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-686", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-686-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-generic", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-itanium", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-itanium-smp", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-k7", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-k7-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-mckinley", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-mckinley-smp", reference:"2.6.8-14sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-s390", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-s390-tape", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-s390x", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc32", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc64", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc64-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32-smp", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-386", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64-smp", reference:"2.6.8-6sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-generic", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390", reference:"2.6.8-5sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390-tape", reference:"2.6.8-5sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390x", reference:"2.6.8-5sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-smp", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc32", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-amiga", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-atari", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-bvme6000", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-hp", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mac", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme147", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme16x", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power3", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power3-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power4", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power4-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-powerpc", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-powerpc-smp", reference:"2.6.8-12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-q40", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-sun3", reference:"2.6.8-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-power3", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-power3-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-power4", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-power4-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-powerpc", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-powerpc-smp", reference:"102sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-2.6.8-s390", reference:"2.6.8-5sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.6.8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-source-2.6.8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-tree-2.6.8", reference:"2.6.8-16sarge2")) flag++; if (deb_check(release:"3.1", prefix:"mol-modules-2.6.8-3-powerpc", reference:"0.9.70+2.6.8+12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"mol-modules-2.6.8-3-powerpc-smp", reference:"0.9.70+2.6.8+12sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-386", reference:"1.1-2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-686", reference:"1.1-2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-686-smp", reference:"1.1-2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-k7", reference:"1.1-2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-k7-smp", reference:"1.1-2sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_067.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:067 (kernel). This kernel update for SUSE Linux 10.0 contains fixes for XEN, various security fixes and bug fixes. This update includes a more recent snapshot of the upcoming XEN 3.0. Many bugs have been fixed. Stability for x86_64 has been improved. Stability has been improved for SMP, and now both i586 and x86_64 kernels are built with SMP support. It also contains several security fixes : - CVE-2005-3783: A check in ptrace(2) handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine. - CVE-2005-3784: A check in reaping of terminating child processes did not consider ptrace(2) attached processes and would leave a ptrace reference dangling. This could lead to a local user being able to crash the machine. - CVE-2005-3271: A task leak problem when releasing POSIX timers was fixed. This could lead to local users causing a local denial of service by exhausting system memory. - CVE-2005-3805: A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine. - CVE-2005-3181: A problem in the Linux auditing code could lead to a memory leak which finally could exhaust system memory of a machine. - CVE-2005-2973: An infinite loop in the IPv6 UDP loopback handling can be easily triggered by a local user and lead to a denial of service. - CVE-2005-3806: A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine. - CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service. This is seen in regular Samba use and could also be triggered by local attackers. - CVE-2005-3055: Unplugging an user space controlled USB device with an URB pending in user space could crash the kernel. This can be easily triggered by local attacker. - CVE-2005-3180: Fixed incorrect padding in Orinoco wireless driver, which could expose kernel data to the air. - CVE-2005-3044: Missing sockfd_put() calls in routing_ioctl() leaked file handles which in turn could exhaust system memory. - CVE-2005-3527: A race condition in do_coredump in signal.c allows local users to cause a denial of service (machine hang) by triggering a core dump in one thread while another thread has a pending SIGSTOP. last seen 2019-10-28 modified 2005-12-08 plugin id 20282 published 2005-12-08 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20282 title SUSE-SA:2005:067: kernel code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:067 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(20282); script_version ("1.8"); name["english"] = "SUSE-SA:2005:067: kernel"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:067 (kernel). This kernel update for SUSE Linux 10.0 contains fixes for XEN, various security fixes and bug fixes. This update includes a more recent snapshot of the upcoming XEN 3.0. Many bugs have been fixed. Stability for x86_64 has been improved. Stability has been improved for SMP, and now both i586 and x86_64 kernels are built with SMP support. It also contains several security fixes : - CVE-2005-3783: A check in ptrace(2) handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine. - CVE-2005-3784: A check in reaping of terminating child processes did not consider ptrace(2) attached processes and would leave a ptrace reference dangling. This could lead to a local user being able to crash the machine. - CVE-2005-3271: A task leak problem when releasing POSIX timers was fixed. This could lead to local users causing a local denial of service by exhausting system memory. - CVE-2005-3805: A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine. - CVE-2005-3181: A problem in the Linux auditing code could lead to a memory leak which finally could exhaust system memory of a machine. - CVE-2005-2973: An infinite loop in the IPv6 UDP loopback handling can be easily triggered by a local user and lead to a denial of service. - CVE-2005-3806: A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine. - CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service. This is seen in regular Samba use and could also be triggered by local attackers. - CVE-2005-3055: Unplugging an user space controlled USB device with an URB pending in user space could crash the kernel. This can be easily triggered by local attacker. - CVE-2005-3180: Fixed incorrect padding in Orinoco wireless driver, which could expose kernel data to the air. - CVE-2005-3044: Missing sockfd_put() calls in routing_ioctl() leaked file handles which in turn could exhaust system memory. - CVE-2005-3527: A race condition in do_coredump in signal.c allows local users to cause a denial of service (machine hang) by triggering a core dump in one thread while another thread has a pending SIGSTOP." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_67_kernel.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/08"); script_end_attributes(); summary["english"] = "Check for the version of the kernel package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"Intel-536ep-4.69-14.2", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-nongpl-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-nongpl-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-nongpl-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-nongpl-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-xen-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-xen-nongpl-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-kernel-2.6.13-15.7", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-3.0_7608-2.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-devel-3.0_7608-2.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-doc-html-3.0_7608-2.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-doc-pdf-3.0_7608-2.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-doc-ps-3.0_7608-2.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-tools-3.0_7608-2.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-tools-ioemu-3.0_7608-2.1", release:"SUSE10.0") ) { security_hole(0); exit(0); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1018.NASL description The original update lacked recompiled ALSA modules against the new kernel ABI. Furthermore, kernel-latest-2.4-sparc now correctly depends on the updated packages. For completeness we last seen 2020-06-01 modified 2020-06-02 plugin id 22560 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22560 title Debian DSA-1018-2 : kernel-source-2.4.27 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1018. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(22560); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2004-0887", "CVE-2004-1058", "CVE-2004-2607", "CVE-2005-0449", "CVE-2005-1761", "CVE-2005-2457", "CVE-2005-2555", "CVE-2005-2709", "CVE-2005-2973", "CVE-2005-3257", "CVE-2005-3783", "CVE-2005-3806", "CVE-2005-3848", "CVE-2005-3857", "CVE-2005-3858", "CVE-2005-4618"); script_xref(name:"DSA", value:"1018"); script_name(english:"Debian DSA-1018-2 : kernel-source-2.4.27 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The original update lacked recompiled ALSA modules against the new kernel ABI. Furthermore, kernel-latest-2.4-sparc now correctly depends on the updated packages. For completeness we're providing the original problem description : Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0887 Martin Schwidefsky discovered that the privileged instruction SACF (Set Address Space Control Fast) on the S/390 platform is not handled properly, allowing for a local user to gain root privileges. - CVE-2004-1058 A race condition allows for a local user to read the environment variables of another process that is still spawning through /proc/.../cmdline. - CVE-2004-2607 A numeric casting discrepancy in sdla_xfer allows local users to read portions of kernel memory via a large len argument which is received as an int but cast to a short, preventing read loop from filling a buffer. - CVE-2005-0449 An error in the skb_checksum_help() function from the netfilter framework has been discovered that allows the bypass of packet filter rules or a denial of service attack. - CVE-2005-1761 A vulnerability in the ptrace subsystem of the IA-64 architecture can allow local attackers to overwrite kernel memory and crash the kernel. - CVE-2005-2457 Tim Yamin discovered that insufficient input validation in the compressed ISO file system (zisofs) allows a denial of service attack through maliciously crafted ISO images. - CVE-2005-2555 Herbert Xu discovered that the setsockopt() function was not restricted to users/processes with the CAP_NET_ADMIN capability. This allows attackers to manipulate IPSEC policies or initiate a denial of service attack. - CVE-2005-2709 Al Viro discovered a race condition in the /proc handling of network devices. A (local) attacker could exploit the stale reference after interface shutdown to cause a denial of service or possibly execute code in kernel mode. - CVE-2005-2973 Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code can be forced into an endless loop, which allows a denial of service attack. - CVE-2005-3257 Rudolf Polzer discovered that the kernel improperly restricts access to the KDSKBSENT ioctl, which can possibly lead to privilege escalation. - CVE-2005-3783 The ptrace code using CLONE_THREAD didn't use the thread group ID to determine whether the caller is attaching to itself, which allows a denial of service attack. - CVE-2005-3806 Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable, which could lead to memory corruption and denial of service. - CVE-2005-3848 Ollie Wild discovered a memory leak in the icmp_push_reply() function, which allows denial of service through memory consumption. - CVE-2005-3857 Chris Wright discovered that excessive allocation of broken file lock leases in the VFS layer can exhaust memory and fill up the system logging, which allows denial of service. - CVE-2005-3858 Patrick McHardy discovered a memory leak in the ip6_input_finish() function from the IPv6 code, which allows denial of service. - CVE-2005-4618 Yi Ying discovered that sysctl does not properly enforce the size of a buffer, which allows a denial of service attack." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-0887" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-1058" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2004-2607" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-0449" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-1761" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2457" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2555" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2709" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-2973" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3257" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3783" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3806" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3848" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3857" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-3858" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4618" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1018" ); script_set_attribute( attribute:"solution", value: "Upgrade the kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. The following matrix explains which kernel version for which architecture fix the problems mentioned above : Debian 3.1 (sarge) Source 2.4.27-10sarge2 Alpha architecture 2.4.27-10sarge2 ARM architecture 2.4.27-2sarge2 Intel IA-32 architecture 2.4.27-10sarge2 Intel IA-64 architecture 2.4.27-10sarge2 Motorola 680x0 architecture 2.4.27-3sarge2 Big endian MIPS architecture 2.4.27-10.sarge1.040815-2 Little endian MIPS architecture 2.4.27-10.sarge1.040815-2 PowerPC architecture 2.4.27-10sarge2 IBM S/390 architecture 2.4.27-2sarge2 Sun Sparc architecture 2.4.27-9sarge2 The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update : Debian 3.1 (sarge) kernel-latest-2.4-alpha 101sarge1 kernel-latest-2.4-i386 101sarge1 kernel-latest-2.4-s390 2.4.27-1sarge1 kernel-latest-2.4-sparc 42sarge1 kernel-latest-powerpc 102sarge1 fai-kernels 1.9.1sarge1 i2c 1:2.9.1-1sarge1 kernel-image-speakup-i386 2.4.27-1.1sasrge1 lm-sensors 1:2.9.1-1sarge3 mindi-kernel 2.4.27-2sarge1 pcmcia-modules-2.4.27-i386 3.2.5+2sarge1 systemimager 3.2.3-6sarge1 This update introduces a change in the kernel's binary interface, the affected kernel packages inside Debian have been rebuilt, if you're running local addons you'll need to rebuild these as well." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.27"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/04/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"i2c-2.4.27-3-386", reference:"2.9.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"i2c-2.4.27-3-586tsc", reference:"2.9.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"i2c-2.4.27-3-686", reference:"2.9.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"i2c-2.4.27-3-686-smp", reference:"2.9.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"i2c-2.4.27-3-k6", reference:"2.9.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"i2c-2.4.27-3-k7", reference:"2.9.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"i2c-2.4.27-3-k7-smp", reference:"2.9.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"i2c-source", reference:"2.9.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27", reference:"2.4.27-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-3", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-apus", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-nubus", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-powerpc", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-powerpc-small", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-powerpc-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-doc-2.4.27", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-doc-2.4.27-speakup", reference:"2.4.27-1.1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-386", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-586tsc", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-686", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-686-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-generic", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-k6", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-k7", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-k7-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-s390", reference:"2.4.27-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-sparc32", reference:"42sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-sparc32-smp", reference:"42sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-sparc64", reference:"42sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4-sparc64-smp", reference:"42sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-386", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-586tsc", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-686", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-686-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-generic", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-itanium", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-itanium-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-k6", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-k7", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-k7-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-mckinley", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-mckinley-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc32", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc32-smp", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc64", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc64-smp", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-apus", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-nubus", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-powerpc", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-speakup", reference:"2.4.27-1.1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-386", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-586tsc", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-686", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-686-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-generic", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-itanium", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-itanium-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-k6", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-k7", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-k7-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-mckinley", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-mckinley-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-s390", reference:"2.4.27-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-s390x", reference:"2.4.27-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-sparc32", reference:"42sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-sparc32-smp", reference:"42sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-sparc64", reference:"42sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4-sparc64-smp", reference:"42sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-386", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-586tsc", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-686", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-686-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-generic", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-itanium", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-itanium-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-k6", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-k7", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-k7-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-mckinley", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-mckinley-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-s390", reference:"2.4.27-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-s390-tape", reference:"2.4.27-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-s390x", reference:"2.4.27-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc32", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc32-smp", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc64", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc64-smp", reference:"2.4.27-9sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-amiga", reference:"2.4.27-3sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-apus", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-atari", reference:"2.4.27-3sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-bast", reference:"2.4.27-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-bvme6000", reference:"2.4.27-3sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-lart", reference:"2.4.27-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-mac", reference:"2.4.27-3sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-mvme147", reference:"2.4.27-3sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-mvme16x", reference:"2.4.27-3sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-netwinder", reference:"2.4.27-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-nubus", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-powerpc", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-powerpc-small", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-powerpc-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-q40", reference:"2.4.27-3sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r3k-kn02", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r4k-ip22", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r4k-kn04", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r5k-cobalt", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r5k-ip22", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r5k-lasat", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-riscpc", reference:"2.4.27-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-riscstation", reference:"2.4.27-2sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-sb1-swarm-bn", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-speakup", reference:"2.4.27-1.1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-xxs1500", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-2.4-i2c", reference:"2.9.1-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-2.4-lm-sensors", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-2.4.27-apus", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-2.4.27-nubus", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-2.4.27-powerpc", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.4.27", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4-386", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4-586tsc", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4-686", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4-686-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4-k6", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4-k7", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4-k7-smp", reference:"101sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-386", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-586tsc", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-686", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-686-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-k6", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-k7", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-k7-smp", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-source-2.4.27", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kernel-tree-2.4.27", reference:"2.4.27-10sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libsensors-dev", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"libsensors3", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"lm-sensors", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-3-386", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-3-586tsc", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-3-686", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-3-686-smp", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-3-k6", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-3-k7", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"lm-sensors-2.4.27-3-k7-smp", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"lm-sensors-source", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"mindi-kernel", reference:"2.4.27-2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"mips-tools", reference:"2.4.27-10.sarge2.040815-1")) flag++; if (deb_check(release:"3.1", prefix:"pcmcia-modules-2.4.27-3-386", reference:"3.2.5+2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pcmcia-modules-2.4.27-3-586tsc", reference:"3.2.5+2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pcmcia-modules-2.4.27-3-686", reference:"3.2.5+2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pcmcia-modules-2.4.27-3-686-smp", reference:"3.2.5+2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pcmcia-modules-2.4.27-3-k6", reference:"3.2.5+2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pcmcia-modules-2.4.27-3-k7", reference:"3.2.5+2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"pcmcia-modules-2.4.27-3-k7-smp", reference:"3.2.5+2sarge1")) flag++; if (deb_check(release:"3.1", prefix:"sensord", reference:"2.9.1-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"systemimager-boot-i386-standard", reference:"3.2.3-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"systemimager-boot-ia64-standard", reference:"3.2.3-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"systemimager-client", reference:"3.2.3-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"systemimager-common", reference:"3.2.3-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"systemimager-doc", reference:"3.2.3-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"systemimager-server", reference:"3.2.3-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"systemimager-server-flamethrowerd", reference:"3.2.3-6sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.2
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174075
- http://www.securityfocus.com/bid/15642
- http://secunia.com/advisories/17761
- http://www.securityfocus.com/advisories/9806
- http://secunia.com/advisories/17917
- http://secunia.com/advisories/17918
- http://secunia.com/advisories/18203
- http://secunia.com/advisories/17787
- http://www.debian.org/security/2006/dsa-1017
- http://www.debian.org/security/2006/dsa-1018
- http://secunia.com/advisories/19374
- http://secunia.com/advisories/19369
- ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
- http://secunia.com/advisories/19607
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:018
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:072
- https://usn.ubuntu.com/231-1/
- http://www.securityfocus.com/archive/1/419522/100/0/threaded
- http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git%3Ba=blobdiff%3Bh=fcfc4568b45f3f190ba320b0d5853836921cb8bc%3Bhp=019e04ec065a55d8f28157d3a1f7ba06cafd347f%3Bhb=082d52c56f642d21b771a13221068d40915a1409%3Bf=kernel/ptrace.c
- http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git%3Ba=commit%3Bh=082d52c56f642d21b771a13221068d40915a1409