Vulnerabilities > CVE-2005-3806 - Resource Management Errors vulnerability in Linux Kernel

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

linux

CWE-399

nessus

NVD

Published: 2005-11-25

Updated: 2023-11-07

Summary

The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 2.4.18 Linux Linux Kernel 2.4.15 Linux Linux Kernel 2.4.30 Linux Linux Kernel 2.6.11 Linux Linux Kernel 2.6.14 Linux Linux Kernel 2.4.0 Linux Linux Kernel 2.6.11.2 Linux Linux Kernel 2.6.5 Linux Linux Kernel 2.4.11 Linux Linux Kernel 2.6.11.10 Linux Linux Kernel 2.6.1 Linux Linux Kernel 2.4.32 Linux Linux Kernel 2.4.27 Linux Linux Kernel 2.6.13 Linux Linux Kernel 2.6.11.8 Linux Linux Kernel 2.4.26 Linux Linux Kernel 2.4.19 Linux Linux Kernel 2.4.21 Linux Linux Kernel 2.6.10 Linux Linux Kernel 2.4.12 Linux Linux Kernel 2.4.13 Linux Linux Kernel 2.6.11.6 Linux Linux Kernel 2.6.11.11 Linux Linux Kernel 2.6.3 Linux Linux Kernel 2.4.17 Linux Linux Kernel 2.6.4 Linux Linux Kernel 2.6.11.5 Linux Linux Kernel 2.4.23_Ow2 Linux Linux Kernel 2.4.22 Linux Linux Kernel 2.4.23 Linux Linux Kernel 2.4.29 Linux Linux Kernel 2.6.2 Linux Linux Kernel 2.4.25 Linux Linux Kernel 2.6.8 Linux Linux Kernel 2.4.24 Linux Linux Kernel 2.4.31 Linux Linux Kernel 2.6.12.1 Linux Linux Kernel 2.6.11.9 Linux Linux Kernel 2.4.28 Linux Linux Kernel 2.6.0 Linux Linux Kernel 2.4.24_Ow1 Linux Linux Kernel 2.4.10 Linux Linux Kernel 2.6.12.2 Linux Linux Kernel 2.4.2 Linux Linux Kernel 2.4.16 Linux Linux Kernel 2.4.14 Linux Linux Kernel 2.6.12.4 Linux Linux Kernel 2.6.11.3 Linux Linux Kernel 2.6.12.3 Linux Linux Kernel 2.6.7 Linux Linux Kernel 2.6.9 Linux Linux Kernel 2.4.3 Linux Linux Kernel 2.6.11.7 Linux Linux Kernel 2.4.1 Linux Linux Kernel 2.6.8.1 Linux Linux Kernel 2.6.11.4 Linux Linux Kernel 2.4.20 Linux Linux Kernel 2.6.11.12 Linux Linux Kernel 2.6.11.1 Linux Linux Kernel 2.6.6 Linux Linux Kernel 2.6.12	106

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2006-0101.NASL
description	Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw which allowed a local user to write to firmware on read-only opened /dev/cdrom devices (CVE-2004-1190, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in the SCSI procfs interface that allowed a local user to cause a denial of service (crash) (CVE-2005-2800, moderate) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a race condition when threads share memory mapping that allowed local users to cause a denial of service (deadlock) (CVE-2005-3106, important) - a flaw when trying to mount a non-hfsplus filesystem using hfsplus that allowed local users to cause a denial of service (crash) (CVE-2005-3109, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356, important) - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358, important) - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605, important) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
last seen	2020-06-01
modified	2020-06-02
plugin id	21977
published	2006-07-05
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21977
title	CentOS 4 : kernel (CESA-2006:0101)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0101 and # CentOS Errata and Security Advisory 2006:0101 respectively. # include("compat.inc"); if (description) { script_id(21977); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2002-2185", "CVE-2004-1190", "CVE-2005-2458", "CVE-2005-2709", "CVE-2005-2800", "CVE-2005-3044", "CVE-2005-3106", "CVE-2005-3109", "CVE-2005-3276", "CVE-2005-3356", "CVE-2005-3358", "CVE-2005-3784", "CVE-2005-3806", "CVE-2005-3848", "CVE-2005-3857", "CVE-2005-3858", "CVE-2005-4605"); script_xref(name:"RHSA", value:"2006:0101"); script_name(english:"CentOS 4 : kernel (CESA-2006:0101)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw which allowed a local user to write to firmware on read-only opened /dev/cdrom devices (CVE-2004-1190, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in the SCSI procfs interface that allowed a local user to cause a denial of service (crash) (CVE-2005-2800, moderate) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a race condition when threads share memory mapping that allowed local users to cause a denial of service (deadlock) (CVE-2005-3106, important) - a flaw when trying to mount a non-hfsplus filesystem using hfsplus that allowed local users to cause a denial of service (crash) (CVE-2005-3109, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356, important) - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358, important) - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605, important) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum." ); # https://lists.centos.org/pipermail/centos-announce/2006-January/012580.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4839b252" ); # https://lists.centos.org/pipermail/centos-announce/2006-January/012581.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d8112949" ); # https://lists.centos.org/pipermail/centos-announce/2006-January/012582.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ec839998" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2006/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"kernel-2.6.9-22.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", reference:"kernel-devel-2.6.9-22.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-doc-2.6.9-22.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-doc-2.6.9-22.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-22.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-22.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-22.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-22.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-22.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-22.0.2.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2005_068.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2005:068 (kernel). The Linux kernel was updated to fix several security problems and several bugs, listed below: Security fixes: - CVE-2005-3783: A check in ptrace(2) handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine. (All) - CVE-2005-3784: A check in reaping of terminating child processes did not consider ptrace(2) attached processes and would leave a ptrace reference dangling. This could lead to a local user being able to crash the machine. (Linux kernel 2.6 based products only) - CVE-2005-3806: A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine. (All) - CVE-2005-3805: A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine. (SUSE Linux 9.3) - CVE-2005-3527: A race condition in do_coredump in signal.c allows local users to cause a denial of service (machine hang) by triggering a core dump in one thread while another thread has a pending SIGSTOP. (SUSE Linux 9.3) - CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service. This is seen in regular Samba use and could also be triggered by local attackers. (SUSE Linux 9.3) - Others: see original advisory
last seen	2019-10-28
modified	2005-12-20
plugin id	20334
published	2005-12-20
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20334
title	SUSE-SA:2005:068: kernel
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:068 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(20334); script_version ("1.8"); name["english"] = "SUSE-SA:2005:068: kernel"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:068 (kernel). The Linux kernel was updated to fix several security problems and several bugs, listed below: Security fixes: - CVE-2005-3783: A check in ptrace(2) handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine. (All) - CVE-2005-3784: A check in reaping of terminating child processes did not consider ptrace(2) attached processes and would leave a ptrace reference dangling. This could lead to a local user being able to crash the machine. (Linux kernel 2.6 based products only) - CVE-2005-3806: A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine. (All) - CVE-2005-3805: A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine. (SUSE Linux 9.3) - CVE-2005-3527: A race condition in do_coredump in signal.c allows local users to cause a denial of service (machine hang) by triggering a core dump in one thread while another thread has a pending SIGSTOP. (SUSE Linux 9.3) - CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service. This is seen in regular Samba use and could also be triggered by local attackers. (SUSE Linux 9.3) - Others: see original advisory" ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_68_kernel.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/20"); script_end_attributes(); summary["english"] = "Check for the version of the kernel package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"Intel-536ep-4.62-27", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"Intel-v92ham-4.53-27", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_athlon-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_deflt-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_smp-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_smp4G-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"k_um-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.4.21-303", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-8.26a-216", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-2.6.2-38.19", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-docs-2.6.5-7.202.7", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"Intel-536ep-4.69-5.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-nongpl-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-nongpl-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-nongpl-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-nongpl-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-8.31a8-6.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-install-initrd-1.0-48.11", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-kernel-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-docs-2.6.8-24.19", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"Intel-536ep-4.69-10.4", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-xen-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-xen-nongpl-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ltmodem-8.31a10-7.4", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-install-initrd-1.0-50.4", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-kernel-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-docs-2.6.11.4-21.10", release:"SUSE9.3") ) { security_hole(0); exit(0); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2006-0140.NASL
description	Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw in remap_page_range() with O_DIRECT writes that allowed a local user to cause a denial of service (crash) (CVE-2004-1057, important) - a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708, important) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.
last seen	2020-06-01
modified	2020-06-02
plugin id	20751
published	2006-01-20
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/20751
title	RHEL 3 : kernel (RHSA-2006:0140)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-231-1.NASL
description	Rudolf Polzer reported an abuse of the
last seen	2020-06-01
modified	2020-06-02
plugin id	20775
published	2006-01-21
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20775
title	Ubuntu 4.10 / 5.04 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-231-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2006-0191.NASL
description	Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a race condition that allowed local users to read the environment variables of another process (CVE-2004-1058, low) - a flaw in the open_exec function of execve that allowed a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073, moderate). Red Hat originally reported this flaw as being fixed by RHSA-2004:504, but a patch for this issue was missing from that update. - a flaw in the coda module that allowed a local user to cause a denial of service (crash) or possibly gain privileges (CVE-2005-0124, moderate) - a potential leak of kernel data from ext2 file system handling (CVE-2005-0400, low) - flaws in ISO-9660 file system handling that allowed the mounting of an invalid image on a CD-ROM to cause a denial of service (crash) or potentially execute arbitrary code (CVE-2005-0815, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) The following bugs were also addressed : - Handle set_brk() errors in binfmt_elf/aout - Correct error handling in shmem_ioctl - Correct scsi error return - Fix netdump time keeping bug - Fix netdump link-down freeze - Fix FAT fs deadlock All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
last seen	2020-06-01
modified	2020-06-02
plugin id	20855
published	2006-02-05
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/20855
title	RHEL 2.1 : kernel (RHSA-2006:0191)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2006-018.NASL
description	A number of vulnerabilities have been corrected in the Linux kernel : A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527). The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which could allow local users to cause a DoS (CVE-2005-3783). The auto-reap child process in 2.6 kernels prior to 2.6.15 include processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a crash (CVE-2005-3784). A locking problem in the POSIX timer cleanup handling on exit on kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local user to cause a deadlock involving process CPU timers (CVE-2005-3805). The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to 2.4.32 and 2.6.14 modifes the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a crash by triggering a free of non-allocated memory (CVE-2005-3806). An integer overflow in 2.6.14 and earlier could allow a local user to cause a hang via 64-bit mmap calls that are not properly handled on a 32-bit system (CVE-2005-3808). As well, other bugfixes are included in this update : Fixes to swsup and HDA sound fixes (DMA buffer fixes, and fixes for the AD1986a codec, added support for Nvidia chipsets, and new model information for the Gigabyte K8N51). MCP51 forcedeth support has been added.
last seen	2020-06-01
modified	2020-06-02
plugin id	20796
published	2006-01-22
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20796
title	Mandrake Linux Security Advisory : kernel (MDKSA-2006:018)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2006-0140.NASL
description	Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw in remap_page_range() with O_DIRECT writes that allowed a local user to cause a denial of service (crash) (CVE-2004-1057, important) - a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708, important) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.
last seen	2020-06-01
modified	2020-06-02
plugin id	21881
published	2006-07-03
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21881
title	CentOS 3 : kernel (CESA-2006:0140)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1017.NASL
description	Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. - CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. - CVE-2005-0449 An error in the skb_checksum_help() function from the netfilter framework has been discovered that allows the bypass of packet filter rules or a denial of service attack. - CVE-2005-2457 Tim Yamin discovered that insufficient input validation in the zisofs driver for compressed ISO file systems allows a denial of service attack through maliciously crafted ISO images. - CVE-2005-2490 A buffer overflow in the sendmsg() function allows local users to execute arbitrary code. - CVE-2005-2555 Herbert Xu discovered that the setsockopt() function was not restricted to users/processes with the CAP_NET_ADMIN capability. This allows attackers to manipulate IPSEC policies or initiate a denial of service attack. - CVE-2005-2709 Al Viro discovered a race condition in the /proc handling of network devices. A (local) attacker could exploit the stale reference after interface shutdown to cause a denial of service or possibly execute code in kernel mode. - CVE-2005-2800 Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices leak memory, which allows a denial of service attack. - CVE-2005-2973 Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code can be forced into an endless loop, which allows a denial of service attack. - CVE-2005-3044 Vasiliy Averin discovered that the reference counters from sockfd_put() and fput() can be forced into overlapping, which allows a denial of service attack through a NULL pointer dereference. - CVE-2005-3053 Eric Dumazet discovered that the set_mempolicy() system call accepts a negative value for its first argument, which triggers a BUG() assert. This allows a denial of service attack. - CVE-2005-3055 Harald Welte discovered that if a process issues a USB Request Block (URB) to a device and terminates before the URB completes, a stale pointer would be dereferenced. This could be used to trigger a denial of service attack. - CVE-2005-3180 Pavel Roskin discovered that the driver for Orinoco wireless cards clears its buffers insufficiently. This could leak sensitive information into user space. - CVE-2005-3181 Robert Derr discovered that the audit subsystem uses an incorrect function to free memory, which allows a denial of service attack. - CVE-2005-3257 Rudolf Polzer discovered that the kernel improperly restricts access to the KDSKBSENT ioctl, which can possibly lead to privilege escalation. - CVE-2005-3356 Doug Chapman discovered that the mq_open syscall can be tricked into decrementing an internal counter twice, which allows a denial of service attack through a kernel panic. - CVE-2005-3358 Doug Chapman discovered that passing a zero bitmask to the set_mempolicy() system call leads to a kernel panic, which allows a denial of service attack. - CVE-2005-3783 The ptrace code using CLONE_THREAD didn
last seen	2020-06-01
modified	2020-06-02
plugin id	22559
published	2006-10-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22559
title	Debian DSA-1017-1 : kernel-source-2.6.8 - several vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2006-0101.NASL
description	Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw which allowed a local user to write to firmware on read-only opened /dev/cdrom devices (CVE-2004-1190, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in the SCSI procfs interface that allowed a local user to cause a denial of service (crash) (CVE-2005-2800, moderate) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a race condition when threads share memory mapping that allowed local users to cause a denial of service (deadlock) (CVE-2005-3106, important) - a flaw when trying to mount a non-hfsplus filesystem using hfsplus that allowed local users to cause a denial of service (crash) (CVE-2005-3109, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356, important) - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358, important) - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605, important) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
last seen	2020-06-01
modified	2020-06-02
plugin id	20732
published	2006-01-17
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/20732
title	RHEL 4 : kernel (RHSA-2006:0101)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2005_067.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2005:067 (kernel). This kernel update for SUSE Linux 10.0 contains fixes for XEN, various security fixes and bug fixes. This update includes a more recent snapshot of the upcoming XEN 3.0. Many bugs have been fixed. Stability for x86_64 has been improved. Stability has been improved for SMP, and now both i586 and x86_64 kernels are built with SMP support. It also contains several security fixes : - CVE-2005-3783: A check in ptrace(2) handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine. - CVE-2005-3784: A check in reaping of terminating child processes did not consider ptrace(2) attached processes and would leave a ptrace reference dangling. This could lead to a local user being able to crash the machine. - CVE-2005-3271: A task leak problem when releasing POSIX timers was fixed. This could lead to local users causing a local denial of service by exhausting system memory. - CVE-2005-3805: A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine. - CVE-2005-3181: A problem in the Linux auditing code could lead to a memory leak which finally could exhaust system memory of a machine. - CVE-2005-2973: An infinite loop in the IPv6 UDP loopback handling can be easily triggered by a local user and lead to a denial of service. - CVE-2005-3806: A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine. - CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service. This is seen in regular Samba use and could also be triggered by local attackers. - CVE-2005-3055: Unplugging an user space controlled USB device with an URB pending in user space could crash the kernel. This can be easily triggered by local attacker. - CVE-2005-3180: Fixed incorrect padding in Orinoco wireless driver, which could expose kernel data to the air. - CVE-2005-3044: Missing sockfd_put() calls in routing_ioctl() leaked file handles which in turn could exhaust system memory. - CVE-2005-3527: A race condition in do_coredump in signal.c allows local users to cause a denial of service (machine hang) by triggering a core dump in one thread while another thread has a pending SIGSTOP.
last seen	2019-10-28
modified	2005-12-08
plugin id	20282
published	2005-12-08
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20282
title	SUSE-SA:2005:067: kernel

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1018.NASL
description	The original update lacked recompiled ALSA modules against the new kernel ABI. Furthermore, kernel-latest-2.4-sparc now correctly depends on the updated packages. For completeness we
last seen	2020-06-01
modified	2020-06-02
plugin id	22560
published	2006-10-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22560
title	Debian DSA-1018-2 : kernel-source-2.4.27 - several vulnerabilities

Oval

accepted

2013-04-29T04:23:12.754-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:9903

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa
id RHSA-2006:0101
rhsa
id RHSA-2006:0140
rhsa
id RHSA-2006:0190
rhsa
id RHSA-2006:0191

rpms

kernel-0:2.6.9-22.0.2.EL
kernel-debuginfo-0:2.6.9-22.0.2.EL
kernel-devel-0:2.6.9-22.0.2.EL
kernel-doc-0:2.6.9-22.0.2.EL
kernel-hugemem-0:2.6.9-22.0.2.EL
kernel-hugemem-devel-0:2.6.9-22.0.2.EL
kernel-smp-0:2.6.9-22.0.2.EL
kernel-smp-devel-0:2.6.9-22.0.2.EL
kernel-0:2.4.21-37.0.1.EL
kernel-BOOT-0:2.4.21-37.0.1.EL
kernel-debuginfo-0:2.4.21-37.0.1.EL
kernel-doc-0:2.4.21-37.0.1.EL
kernel-hugemem-0:2.4.21-37.0.1.EL
kernel-hugemem-unsupported-0:2.4.21-37.0.1.EL
kernel-smp-0:2.4.21-37.0.1.EL
kernel-smp-unsupported-0:2.4.21-37.0.1.EL
kernel-source-0:2.4.21-37.0.1.EL
kernel-unsupported-0:2.4.21-37.0.1.EL

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Redhat

References