Vulnerabilities > CVE-2006-1066 - Unspecified vulnerability in Linux Kernel

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1017. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(22559);
  script_version("1.21");
  script_cvs_date("Date: 2019/10/16 10:34:21");

  script_cve_id("CVE-2004-1017", "CVE-2005-0124", "CVE-2005-0449", "CVE-2005-2457", "CVE-2005-2490", "CVE-2005-2555", "CVE-2005-2709", "CVE-2005-2800", "CVE-2005-2973", "CVE-2005-3044", "CVE-2005-3053", "CVE-2005-3055", "CVE-2005-3180", "CVE-2005-3181", "CVE-2005-3257", "CVE-2005-3356", "CVE-2005-3358", "CVE-2005-3783", "CVE-2005-3784", "CVE-2005-3806", "CVE-2005-3847", "CVE-2005-3848", "CVE-2005-3857", "CVE-2005-3858", "CVE-2005-4605", "CVE-2005-4618", "CVE-2006-0095", "CVE-2006-0096", "CVE-2006-0482", "CVE-2006-1066");
  script_xref(name:"DSA", value:"1017");

  script_name(english:"Debian DSA-1017-1 : kernel-source-2.6.8 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2004-1017
    Multiple overflows exist in the io_edgeport driver which
    might be usable as a denial of service attack vector.

  - CVE-2005-0124
    Bryan Fulton reported a bounds checking bug in the
    coda_pioctl function which may allow local users to
    execute arbitrary code or trigger a denial of service
    attack.

  - CVE-2005-0449
    An error in the skb_checksum_help() function from the
    netfilter framework has been discovered that allows the
    bypass of packet filter rules or a denial of service
    attack.

  - CVE-2005-2457
    Tim Yamin discovered that insufficient input validation
    in the zisofs driver for compressed ISO file systems
    allows a denial of service attack through maliciously
    crafted ISO images.

  - CVE-2005-2490
    A buffer overflow in the sendmsg() function allows local
    users to execute arbitrary code.

  - CVE-2005-2555
    Herbert Xu discovered that the setsockopt() function was
    not restricted to users/processes with the CAP_NET_ADMIN
    capability. This allows attackers to manipulate IPSEC
    policies or initiate a denial of service attack. 

  - CVE-2005-2709
    Al Viro discovered a race condition in the /proc
    handling of network devices. A (local) attacker could
    exploit the stale reference after interface shutdown to
    cause a denial of service or possibly execute code in
    kernel mode.

  - CVE-2005-2800
    Jan Blunck discovered that repeated failed reads of
    /proc/scsi/sg/devices leak memory, which allows a denial
    of service attack.

  - CVE-2005-2973
    Tetsuo Handa discovered that the udp_v6_get_port()
    function from the IPv6 code can be forced into an
    endless loop, which allows a denial of service attack.

  - CVE-2005-3044
    Vasiliy Averin discovered that the reference counters
    from sockfd_put() and fput() can be forced into
    overlapping, which allows a denial of service attack
    through a NULL pointer dereference.

  - CVE-2005-3053
    Eric Dumazet discovered that the set_mempolicy() system
    call accepts a negative value for its first argument,
    which triggers a BUG() assert. This allows a denial of
    service attack.

  - CVE-2005-3055
    Harald Welte discovered that if a process issues a USB
    Request Block (URB) to a device and terminates before
    the URB completes, a stale pointer would be
    dereferenced. This could be used to trigger a denial of
    service attack.

  - CVE-2005-3180
    Pavel Roskin discovered that the driver for Orinoco
    wireless cards clears its buffers insufficiently. This
    could leak sensitive information into user space.

  - CVE-2005-3181
    Robert Derr discovered that the audit subsystem uses an
    incorrect function to free memory, which allows a denial
    of service attack.

  - CVE-2005-3257
    Rudolf Polzer discovered that the kernel improperly
    restricts access to the KDSKBSENT ioctl, which can
    possibly lead to privilege escalation.

  - CVE-2005-3356
    Doug Chapman discovered that the mq_open syscall can be
    tricked into decrementing an internal counter twice,
    which allows a denial of service attack through a kernel
    panic.

  - CVE-2005-3358
    Doug Chapman discovered that passing a zero bitmask to
    the set_mempolicy() system call leads to a kernel panic,
    which allows a denial of service attack.

  - CVE-2005-3783
    The ptrace code using CLONE_THREAD didn't use the thread
    group ID to determine whether the caller is attaching to
    itself, which allows a denial of service attack.

  - CVE-2005-3784
    The auto-reaping of child processes functionality
    included ptraced-attached processes, which allows denial
    of service through dangling references.

  - CVE-2005-3806
    Yen Zheng discovered that the IPv6 flow label code
    modified an incorrect variable, which could lead to
    memory corruption and denial of service.

  - CVE-2005-3847
    It was discovered that a threaded real-time process,
    which is currently dumping core can be forced into a
    dead-lock situation by sending it a SIGKILL signal,
    which allows a denial of service attack. 

  - CVE-2005-3848
    Ollie Wild discovered a memory leak in the
    icmp_push_reply() function, which allows denial of
    service through memory consumption.

  - CVE-2005-3857
    Chris Wright discovered that excessive allocation of
    broken file lock leases in the VFS layer can exhaust
    memory and fill up the system logging, which allows
    denial of service.

  - CVE-2005-3858
    Patrick McHardy discovered a memory leak in the
    ip6_input_finish() function from the IPv6 code, which
    allows denial of service.

  - CVE-2005-4605
    Karl Janmar discovered that a signedness error in the
    procfs code can be exploited to read kernel memory,
    which may disclose sensitive information.

  - CVE-2005-4618
    Yi Ying discovered that sysctl does not properly enforce
    the size of a buffer, which allows a denial of service
    attack.

  - CVE-2006-0095
    Stefan Rompf discovered that dm_crypt does not clear an
    internal struct before freeing it, which might disclose
    sensitive information.

  - CVE-2006-0096
    It was discovered that the SDLA driver's capability
    checks were too lax for firmware upgrades.

  - CVE-2006-0482
    Ludovic Courtes discovered that get_compat_timespec()
    performs insufficient input sanitizing, which allows a
    local denial of service attack.

  - CVE-2006-1066
    It was discovered that ptrace() on the ia64 architecture
    allows a local denial of service attack, when preemption
    is enabled."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332587"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332596"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330343"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0124"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0449"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-2457"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-2490"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-2555"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-2709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-2800"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-2973"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3044"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3180"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3181"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3356"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3358"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3783"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3784"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3857"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-3858"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4605"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-0095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-0096"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-0482"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-1066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1017"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the kernel package immediately and reboot the machine. If you
have built a custom kernel from the kernel source package, you will
need to rebuild to take advantage of these fixes.

The following matrix explains which kernel version for which
architecture fix the problems mentioned above :

                               Debian 3.1 (sarge)           
  Source                       2.6.8-16sarge2               
  Alpha architecture           2.6.8-16sarge2               
  AMD64 architecture           2.6.8-16sarge2               
  HP Precision architecture    2.6.8-6sarge2                
  Intel IA-32 architecture     2.6.8-16sarge2               
  Intel IA-64 architecture     2.6.8-14sarge2               
  Motorola 680x0 architecture  2.6.8-4sarge2                
  PowerPC architecture         2.6.8-12sarge2               
  IBM S/390 architecture       2.6.8-5sarge2                
  Sun Sparc architecture       2.6.8-15sarge2               
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update :

                            Debian 3.1 (sarge)        
  kernel-latest-2.6-alpha   101sarge1                 
  kernel-latest-2.6-amd64   103sarge1                 
  kernel-latest-2.6-hppa    2.6.8-1sarge1             
  kernel-latest-2.6-sparc   101sarge1                 
  kernel-latest-2.6-i386    101sarge1                 
  kernel-latest-powerpc     102sarge1                 
  fai-kernels               1.9.1sarge1               
  hostap-modules-i386       0.3.7-1sarge1             
  mol-modules-2.6.8         0.9.70+2.6.8+12sarge1     
  ndiswrapper-modules-i386  1.1-2sarge1               
This update introduces a change in the kernel's binary interface, the
affected kernel packages inside Debian have been rebuilt, if you're
running local addons you'll need to rebuild these as well. Due to the
change in the package name you need to use apt-get dist-upgrade to
update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(20, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.6.8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"fai-kernels", reference:"1.9.1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-386", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-586tsc", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-686", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-686-smp", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-k6", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-k7", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.4.27-3-k7-smp", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-386", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-686", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-686-smp", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-k7", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"hostap-modules-2.6.8-3-k7-smp", reference:"0.3.7-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-2", reference:"2.6.8-15sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3", reference:"2.6.8-15sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3-smp", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4-smp", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power3", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power3-smp", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power4", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-power4-smp", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-powerpc", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-powerpc-smp", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-doc-2.6.8", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-32", reference:"2.6.8-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-32-smp", reference:"2.6.8-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-386", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-64", reference:"2.6.8-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-64-smp", reference:"2.6.8-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-686", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-686-smp", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-amd64-generic", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-amd64-k8", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-amd64-k8-smp", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-em64t-p4", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-em64t-p4-smp", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-generic", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium-smp", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-k7", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-k7-smp", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley-smp", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-smp", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-sparc32", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-sparc64", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-sparc64-smp", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-generic", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-k8", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-amd64-k8-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-em64t-p4", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-11-em64t-p4-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2", reference:"2.6.8-15sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-32", reference:"2.6.8-6sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-32-smp", reference:"2.6.8-6sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-386", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-64", reference:"2.6.8-6sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-64-smp", reference:"2.6.8-6sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-686", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-686-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-generic", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-itanium", reference:"2.6.8-14sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-itanium-smp", reference:"2.6.8-14sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-k7", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-k7-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-mckinley", reference:"2.6.8-14sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-mckinley-smp", reference:"2.6.8-14sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc32", reference:"2.6.8-15sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc64", reference:"2.6.8-15sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-2-sparc64-smp", reference:"2.6.8-15sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3", reference:"2.6.8-15sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32", reference:"2.6.8-6sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32-smp", reference:"2.6.8-6sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-386", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64", reference:"2.6.8-6sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64-smp", reference:"2.6.8-6sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-generic", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc32", reference:"2.6.8-15sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64", reference:"2.6.8-15sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4-powerpc", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4-powerpc-smp", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-32", reference:"2.6.8-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-32-smp", reference:"2.6.8-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-386", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-64", reference:"2.6.8-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-64-smp", reference:"2.6.8-1sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-686", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-686-smp", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-amd64-generic", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-amd64-k8", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-amd64-k8-smp", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-em64t-p4", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-em64t-p4-smp", reference:"103sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-generic", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium-smp", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-k7", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-k7-smp", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley-smp", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power3", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power3-smp", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power4", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-power4-smp", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-powerpc", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-powerpc-smp", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-smp", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-sparc32", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-sparc64", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-sparc64-smp", reference:"101sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-generic", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-k8", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-amd64-k8-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-em64t-p4", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-11-em64t-p4-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-32", reference:"2.6.8-6sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-32-smp", reference:"2.6.8-6sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-386", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-64", reference:"2.6.8-6sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-64-smp", reference:"2.6.8-6sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-686", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-686-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-generic", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-itanium", reference:"2.6.8-14sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-itanium-smp", reference:"2.6.8-14sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-k7", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-k7-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-mckinley", reference:"2.6.8-14sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-mckinley-smp", reference:"2.6.8-14sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-s390", reference:"2.6.8-5sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-s390-tape", reference:"2.6.8-5sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-s390x", reference:"2.6.8-5sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-smp", reference:"2.6.8-16sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc32", reference:"2.6.8-15sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc64", reference:"2.6.8-15sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-2-sparc64-smp", reference:"2.6.8-15sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32", reference:"2.6.8-6sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32-smp", reference:"2.6.8-6sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-386", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64", reference:"2.6.8-6sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64-smp", reference:"2.6.8-6sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-generic", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3-smp", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4-smp", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390", reference:"2.6.8-5sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390-tape", reference:"2.6.8-5sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390x", reference:"2.6.8-5sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-smp", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc32", reference:"2.6.8-15sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64", reference:"2.6.8-15sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-amiga", reference:"2.6.8-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-atari", reference:"2.6.8-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-bvme6000", reference:"2.6.8-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-hp", reference:"2.6.8-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mac", reference:"2.6.8-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme147", reference:"2.6.8-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme16x", reference:"2.6.8-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power3", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power3-smp", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power4", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-power4-smp", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-powerpc", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-powerpc-smp", reference:"2.6.8-12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-q40", reference:"2.6.8-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-sun3", reference:"2.6.8-4sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-power3", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-power3-smp", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-power4", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-power4-smp", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-powerpc", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-powerpc-smp", reference:"102sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-patch-2.6.8-s390", reference:"2.6.8-5sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.6.8", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-source-2.6.8", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-tree-2.6.8", reference:"2.6.8-16sarge2")) flag++;
if (deb_check(release:"3.1", prefix:"mol-modules-2.6.8-3-powerpc", reference:"0.9.70+2.6.8+12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"mol-modules-2.6.8-3-powerpc-smp", reference:"0.9.70+2.6.8+12sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-386", reference:"1.1-2sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-686", reference:"1.1-2sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-686-smp", reference:"1.1-2sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-k7", reference:"1.1-2sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"ndiswrapper-modules-2.6.8-3-k7-smp", reference:"1.1-2sarge1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-281-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(21375);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:33:00");

  script_cve_id("CVE-2006-0557", "CVE-2006-1052", "CVE-2006-1055", "CVE-2006-1066", "CVE-2006-1242", "CVE-2006-1342", "CVE-2006-1343", "CVE-2006-1368", "CVE-2006-1525");
  script_xref(name:"USN", value:"281-1");

  script_name(english:"Ubuntu 5.04 / 5.10 : linux-source-2.6.10, linux-source-2.6.12 vulnerabilities (USN-281-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The sys_mbind() function did not properly verify the validity of the
'maxnod' argument. A local user could exploit this to trigger a buffer
overflow, which caused a kernel crash. (CVE-2006-0557)

The SELinux module did not correctly handle the tracer SID when a
process was already being traced. A local attacker could exploit this
to cause a kernel crash. (CVE-2006-1052)

Al Viro discovered a local Denial of Service in the sysfs write buffer
handling. By writing a block with a length exactly equal to the
processor's page size to any writable file in /sys, a local attacker
could cause a kernel crash. (CVE-2006-1055)

John Blackwood discovered a race condition with single-step debugging
multiple processes at the same time. A local attacker could exploit
this to crash the system. This only affects the amd64 platform.
(CVE-2006-1066)

Marco Ivaldi discovered a flaw in the handling of the ID number of IP
packets. This number was incremented after receiving unsolicited TCP
SYN-ACK packets. A remote attacker could exploit this to conduct port
scans with the 'Idle scan' method (nmap -sI), which bypassed intended
port scan protections. (CVE-2006-1242)

Pavel Kankovsky discovered that the getsockopt() function, when called
with an SO_ORIGINAL_DST argument, does not properly clear the returned
structure, so that a random piece of kernel memory is exposed to the
user. This could potentially reveal sensitive data like passwords or
encryption keys. (CVE-2006-1343)

A buffer overflow was discovered in the USB Gadget RNDIS
implementation. While creating a reply message, the driver did not
allocate enough memory for the reply structure. A remote attacker
could exploit this to cause a kernel crash. (CVE-2006-1368)

Alexandra Kossovsky discovered an invalid memory access in the
ip_route_input() function. By using the 'ip' command in a particular
way to retrieve multicast routes, a local attacker could exploit this
to crash the kernel. (CVE-2006-1525).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"5.04", pkgname:"linux-doc-2.6.10", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-386", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686-smp", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-386", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686-smp", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-patch-ubuntu-2.6.10", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-source-2.6.10", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"linux-tree-2.6.10", pkgver:"2.6.10-34.17")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-doc-2.6.12", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-386", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686-smp", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-386", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686-smp", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-patch-ubuntu-2.6.12", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-source-2.6.12", pkgver:"2.6.12-10.32")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"linux-tree-2.6.12", pkgver:"2.6.12-10.32")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc-2.6.10 / linux-doc-2.6.12 / linux-headers-2.6 / etc");
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:151. 
# The text itself is copyright (C) Mandriva S.A.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(23897);
  script_version ("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:48");

  script_cve_id("CVE-2006-1066", "CVE-2006-1863", "CVE-2006-1864", "CVE-2006-2934", "CVE-2006-2935", "CVE-2006-2936", "CVE-2006-3468", "CVE-2006-3745");
  script_bugtraq_id(18847, 19033, 19396, 19666);
  script_xref(name:"MDKSA", value:"2006:151");

  script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2006:151)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities were discovered and corrected in the Linux
2.6 kernel :

Prior to and including 2.6.16-rc2, when running on x86_64 systems with
preemption enabled, local users can cause a DoS (oops) via multiple
ptrace tasks that perform single steps (CVE-2006-1066).

Prior to 2.6.16, a directory traversal vulnerability in CIFS could
allow a local user to escape chroot restrictions for an SMB-mounted
filesystem via '..\' sequences (CVE-2006-1863).

Prior to 2.6.16, a directory traversal vulnerability in smbfs could
allow a local user to escape chroot restrictions for an SMB-mounted
filesystem via '..\' sequences (CVE-2006-1864).

Prior to to 2.6.16.23, SCTP conntrack in netfilter allows remote
attackers to cause a DoS (crash) via a packet without any chunks,
causing a variable to contain an invalid value that is later used to
dereference a pointer (CVE-2006-2934).

The dvd_read_bca function in the DVD handling code assigns the wrong
value to a length variable, which could allow local users to execute
arbitrary code via a crafted USB storage device that triggers a buffer
overflow (CVE-2006-2935).

Prior to 2.6.17, the ftdi_sio driver could allow local users to cause
a DoS (memory consumption) by writing more data to the serial port
than the hardware can handle, causing the data to be queued
(CVE-2006-2936).

The 2.6 kernel, when using both NFS and EXT3, allowed remote attackers
to cause a DoS (file system panic) via a crafted UDP packet with a V2
lookup procedure that specifies a bad file handle (inode number),
triggering an error and causing an exported directory to be remounted
read-only (CVE-2006-3468).

The 2.6 kernel's SCTP was found to cause system crashes and allow for
the possibility of local privilege escalation due to a bug in the
get_user_iov_size() function that doesn't properly handle overflow
when calculating the length of iovec (CVE-2006-3745).

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels immediately
and reboot to effect the fixes.

In addition to these security fixes, other fixes have been included
such as :

  - added support for new devices: o Testo products in
    usb-serial o ATI SB600 IDE o ULI M-1573 south Bridge o
    PATA and SATA support for nVidia MCP55, MCP61, MCP65,
    and AMD CS5536 o Asus W6A motherboard in snd-hda-intel o
    bcm 5780

  - fixed ip_gre module unload OOPS

    - enabled opti621 driver for x86 and x86_64

    - fixed a local DoS introduced by an imcomplete fix for
      CVE-2006-2445

    - updated to Xen 3.0.1 with selected fixes

    - enable hugetlbfs

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-BOOT-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.12.25mdk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/08/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2006.0", reference:"kernel-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"kernel-BOOT-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i586-up-1GB-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"kernel-smp-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"kernel-source-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"kernel-source-stripped-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xbox-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"kernel-xen0-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"kernel-xenU-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");