Vulnerabilities > CVE-2005-3808 - Local Integer Overflow vulnerability in Linux Kernel INVALIDATE_INODE_PAGES2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system.
Vulnerable Configurations
Exploit-Db
| description | Linux Kernel 2.6.x INVALIDATE_INODE_PAGES2 Local Integer Overflow Vulnerability. CVE-2005-3808. Dos exploit for linux platform |
| id | EDB-ID:26811 |
| last seen | 2016-02-03 |
| modified | 2005-12-13 |
| published | 2005-12-13 |
| reporter | Oleg Drokin |
| source | https://www.exploit-db.com/download/26811/ |
| title | Linux Kernel 2.6.x - INVALIDATE_INODE_PAGES2 - Local Integer Overflow Vulnerability |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-231-1.NASL description Rudolf Polzer reported an abuse of the last seen 2020-06-01 modified 2020-06-02 plugin id 20775 published 2006-01-21 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20775 title Ubuntu 4.10 / 5.04 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-231-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-231-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20775); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-3257", "CVE-2005-3783", "CVE-2005-3784", "CVE-2005-3805", "CVE-2005-3806", "CVE-2005-3807", "CVE-2005-3808", "CVE-2005-3848", "CVE-2005-3857", "CVE-2005-3858"); script_xref(name:"USN", value:"231-1"); script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-231-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Rudolf Polzer reported an abuse of the 'loadkeys' command. By redefining one or more keys and tricking another user (like root) into logging in on a text console and typing something that involves the redefined keys, a local user could cause execution of arbitrary commands with the privileges of the target user. The updated kernel restricts the usage of 'loadkeys' to root. (CVE-2005-3257) The ptrace() system call did not correctly check whether a process tried to attach to itself. A local attacker could exploit this to cause a kernel crash. (CVE-2005-3783) A Denial of Service vulnerability was found in the handler that automatically cleans up and terminates child processes that are not correctly handled by their parent process ('auto-reaper'). The check did not correctly handle processes which were currently traced by another process. A local attacker could exploit this to cause a kernel crash. (CVE-2005-3784) A locking problem was discovered in the POSIX timer cleanup handling on process exit. A local attacker could exploit this to cause the machine to hang (Denial of Service). This flaw only affects multiprocessor (SMP) systems. (CVE-2005-3805) A Denial of Service vulnerability was discovered in the IPv6 flowlabel handling code. By invoking setsockopt(IPV6_FLOWLABEL_MGR) in a special way, a local attacker could cause memory corruption which eventually led to a kernel crash. (CVE-2005-3806) A memory leak was discovered in the VFS lease handling. These operations are commonly executed by the Samba server, which led to steady memory exhaustion. By repeatedly triggering the affected operations in quick succession, a local attacker could exploit this to drain all memory, which leads to a Denial of Service. (CVE-2005-3807) An integer overflow was discovered in the invalidate_inode_pages2_range() function. By issuing 64-bit mmap calls on a 32 bit system, a local user could exploit this to crash the machine, thereby causing Denial of Service. This flaw does not affect the amd64 platform, and does only affect Ubuntu 5.10. (CVE-2005-3808) Ollie Wild discovered a memory leak in the icmp_push_reply() function. By sending a large amount of specially crafted packets, a remote attacker could exploit this to drain all memory, which eventually leads to a Denial of Service. (CVE-2005-3848) Chris Wrigth found a Denial of Service vulnerability in the time_out_leases() function. By allocating a large number of VFS file lock leases and having them timeout at the same time, a large number of 'printk' debugging statements was generated at the same time, which could exhaust kernel memory. (CVE-2005-3857) Patrick McHardy discovered a memory leak in the ip6_input_finish() function. A remote attacker could exploit this by sending specially crafted IPv6 packets, which would eventually drain all available kernel memory, thus causing a Denial of Service. (CVE-2005-3858). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"linux-doc-2.6.8.1", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-386", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-686", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-686-smp", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-amd64-generic", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-amd64-k8", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-amd64-k8-smp", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-6-amd64-xeon", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-386", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-686", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-686-smp", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-amd64-generic", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-amd64-k8", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-amd64-k8-smp", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-6-amd64-xeon", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-patch-debian-2.6.8.1", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-source-2.6.8.1", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"linux-tree-2.6.8.1", pkgver:"2.6.8.1-16.26")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-doc-2.6.10", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-386", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686-smp", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-386", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686-smp", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-patch-ubuntu-2.6.10", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-source-2.6.10", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-tree-2.6.10", pkgver:"2.6.10-34.9")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-doc-2.6.12", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-386", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686-smp", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-386", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686-smp", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-patch-ubuntu-2.6.12", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-source-2.6.12", pkgver:"2.6.12-10.25")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-tree-2.6.12", pkgver:"2.6.12-10.25")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc-2.6.10 / linux-doc-2.6.12 / linux-doc-2.6.8.1 / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2005-1138.NASL description This update fixes several minor security related issues. A problem was discovered where users could reprogram keys, leaving last seen 2020-06-01 modified 2020-06-02 plugin id 20306 published 2005-12-15 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20306 title Fedora Core 4 : kernel-2.6.14-1.1653_FC4 (2005-1138) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-1138. # include("compat.inc"); if (description) { script_id(20306); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2005-3808"); script_xref(name:"FEDORA", value:"2005-1138"); script_name(english:"Fedora Core 4 : kernel-2.6.14-1.1653_FC4 (2005-1138)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes several minor security related issues. A problem was discovered where users could reprogram keys, leaving 'traps' for the next user of a console. The ability has been restricted to root. A 32 bit integer overflow was discovered in the invalidate_inode_pages2() function which could lead to a local denial of service attack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-December/001650.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1ce8d468" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC4", reference:"kernel-2.6.14-1.1653_FC4")) flag++; if (rpm_check(release:"FC4", reference:"kernel-debuginfo-2.6.14-1.1653_FC4")) flag++; if (rpm_check(release:"FC4", reference:"kernel-devel-2.6.14-1.1653_FC4")) flag++; if (rpm_check(release:"FC4", reference:"kernel-doc-2.6.14-1.1653_FC4")) flag++; if (rpm_check(release:"FC4", reference:"kernel-smp-2.6.14-1.1653_FC4")) flag++; if (rpm_check(release:"FC4", reference:"kernel-smp-devel-2.6.14-1.1653_FC4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-devel / kernel-doc / kernel-smp / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-018.NASL description A number of vulnerabilities have been corrected in the Linux kernel : A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527). The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which could allow local users to cause a DoS (CVE-2005-3783). The auto-reap child process in 2.6 kernels prior to 2.6.15 include processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a crash (CVE-2005-3784). A locking problem in the POSIX timer cleanup handling on exit on kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local user to cause a deadlock involving process CPU timers (CVE-2005-3805). The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to 2.4.32 and 2.6.14 modifes the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a crash by triggering a free of non-allocated memory (CVE-2005-3806). An integer overflow in 2.6.14 and earlier could allow a local user to cause a hang via 64-bit mmap calls that are not properly handled on a 32-bit system (CVE-2005-3808). As well, other bugfixes are included in this update : Fixes to swsup and HDA sound fixes (DMA buffer fixes, and fixes for the AD1986a codec, added support for Nvidia chipsets, and new model information for the Gigabyte K8N51). MCP51 forcedeth support has been added. last seen 2020-06-01 modified 2020-06-02 plugin id 20796 published 2006-01-22 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20796 title Mandrake Linux Security Advisory : kernel (MDKSA-2006:018) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:018. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(20796); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2005-3527", "CVE-2005-3783", "CVE-2005-3784", "CVE-2005-3805", "CVE-2005-3806", "CVE-2005-3808"); script_xref(name:"MDKSA", value:"2006:018"); script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2006:018)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A number of vulnerabilities have been corrected in the Linux kernel : A race condition in the 2.6 kernel could allow a local user to cause a DoS by triggering a core dump in one thread while another thread has a pending SIGSTOP (CVE-2005-3527). The ptrace functionality in 2.6 kernels prior to 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which could allow local users to cause a DoS (CVE-2005-3783). The auto-reap child process in 2.6 kernels prior to 2.6.15 include processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a crash (CVE-2005-3784). A locking problem in the POSIX timer cleanup handling on exit on kernels 2.6.10 to 2.6.14 when running on SMP systems, allows a local user to cause a deadlock involving process CPU timers (CVE-2005-3805). The IPv6 flowlabel handling code in 2.4 and 2.6 kernels prior to 2.4.32 and 2.6.14 modifes the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a crash by triggering a free of non-allocated memory (CVE-2005-3806). An integer overflow in 2.6.14 and earlier could allow a local user to cause a hang via 64-bit mmap calls that are not properly handled on a 32-bit system (CVE-2005-3808). As well, other bugfixes are included in this update : Fixes to swsup and HDA sound fixes (DMA buffer fixes, and fixes for the AD1986a codec, added support for Nvidia chipsets, and new model information for the Gigabyte K8N51). MCP51 forcedeth support has been added." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.12.15mdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"kernel-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i586-up-1GB-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"kernel-smp-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"kernel-source-2.6-2.6.12-15mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"kernel-source-stripped-2.6-2.6.12-15mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xbox-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xen0-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xenU-2.6.12.15mdk-1-1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_006.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:006 (kernel). The Linux kernel on SUSE Linux 10.0 has been updated to fix following security problems: - CVE-2006-0454: An extra dst release when ip_options_echo failed was fixed. This problem could be triggered by remote attackers and can potentially crash the machine. This is possible even with SuSEfirewall2 enabled. This affects only SUSE Linux 10.0, all other SUSE distributions are not affected. - CVE-2005-3356: A double decrement in mq_open system call could lead to local users crashing the machine. - CVE-2005-3358: A 0 argument passed to the set_mempolicy() system call could lead to a local user crashing the machine. - CVE-2005-4605: Kernel memory could be leaked to user space through a problem with seek() in /proc files . - CVE-2005-3623: Remote users could set ACLs even on read-only exported NFS Filesystems and so circumvent access control. - CVE-2005-3808: A 32 bit integer overflow on 64bit mmap calls could be used by local users to hang the machine. - CVE-2005-4635: Add sanity checks for headers and payload of netlink messages, which could be used by local attackers to crash the machine. Also various non-security bugs were fixed: - Fix up patch for cpufreq drivers that do not initialize current freq. - Handle BIOS cpufreq changes gracefully. - Updates to inotify handling. - Various XEN Updates. - Catches processor declarations with same ACPI id (P4HT) - PowerPC: g5 thermal overtemp bug on fluid cooled systems. - Fixed buffered ACPI events on a lot ASUS and some other machines. - Fix fs/exec.c:788 (de_thread()) BUG_ON (OSDL 5170). last seen 2019-10-28 modified 2006-02-10 plugin id 20879 published 2006-02-10 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20879 title SUSE-SA:2006:006: kernel code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:006 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(20879); script_version ("1.8"); name["english"] = "SUSE-SA:2006:006: kernel"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2006:006 (kernel). The Linux kernel on SUSE Linux 10.0 has been updated to fix following security problems: - CVE-2006-0454: An extra dst release when ip_options_echo failed was fixed. This problem could be triggered by remote attackers and can potentially crash the machine. This is possible even with SuSEfirewall2 enabled. This affects only SUSE Linux 10.0, all other SUSE distributions are not affected. - CVE-2005-3356: A double decrement in mq_open system call could lead to local users crashing the machine. - CVE-2005-3358: A 0 argument passed to the set_mempolicy() system call could lead to a local user crashing the machine. - CVE-2005-4605: Kernel memory could be leaked to user space through a problem with seek() in /proc files . - CVE-2005-3623: Remote users could set ACLs even on read-only exported NFS Filesystems and so circumvent access control. - CVE-2005-3808: A 32 bit integer overflow on 64bit mmap calls could be used by local users to hang the machine. - CVE-2005-4635: Add sanity checks for headers and payload of netlink messages, which could be used by local attackers to crash the machine. Also various non-security bugs were fixed: - Fix up patch for cpufreq drivers that do not initialize current freq. - Handle BIOS cpufreq changes gracefully. - Updates to inotify handling. - Various XEN Updates. - Catches processor declarations with same ACPI id (P4HT) - PowerPC: g5 thermal overtemp bug on fluid cooled systems. - Fixed buffered ACPI events on a lot ASUS and some other machines. - Fix fs/exec.c:788 (de_thread()) BUG_ON (OSDL 5170)." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2006_06_kernel.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2006/02/10"); script_end_attributes(); summary["english"] = "Check for the version of the kernel package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"Intel-536ep-4.69-14.3", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-bigsmp-nongpl-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-default-nongpl-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-smp-nongpl-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-source-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-syms-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-um-nongpl-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-xen-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"kernel-xen-nongpl-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"um-host-kernel-2.6.13-15.8", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-3.0_8259-0.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-devel-3.0_8259-0.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-doc-html-3.0_8259-0.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-doc-pdf-3.0_8259-0.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-doc-ps-3.0_8259-0.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-tools-3.0_8259-0.1", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xen-tools-ioemu-3.0_8259-0.1", release:"SUSE10.0") ) { security_hole(0); exit(0); }
References
- http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
- http://seclists.org/lists/linux-kernel/2005/Nov/7839.html
- http://secunia.com/advisories/18203
- http://secunia.com/advisories/18788
- http://secunia.com/advisories/19038
- http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:018
- http://www.novell.com/linux/security/advisories/2006_06_kernel.html
- http://www.securityfocus.com/advisories/9852
- http://www.securityfocus.com/bid/15846
- https://usn.ubuntu.com/231-1/