Vulnerabilities > CVE-2006-1528 - Improper Input Validation vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-302-1.NASL description An integer overflow was discovered in the do_replace() function. A local user process with the CAP_NET_ADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu last seen 2020-06-01 modified 2020-06-02 plugin id 27877 published 2007-11-10 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27877 title Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/2.6.12/2.6.15 vulnerabilities (USN-302-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-302-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27877); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2006-0038", "CVE-2006-0744", "CVE-2006-1055", "CVE-2006-1056", "CVE-2006-1522", "CVE-2006-1527", "CVE-2006-1528", "CVE-2006-1855", "CVE-2006-1856", "CVE-2006-1857", "CVE-2006-1858", "CVE-2006-1859", "CVE-2006-1860", "CVE-2006-1863", "CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2271", "CVE-2006-2272", "CVE-2006-2274", "CVE-2006-2275", "CVE-2006-2444"); script_bugtraq_id(17600, 18081); script_xref(name:"USN", value:"302-1"); script_name(english:"Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/2.6.12/2.6.15 vulnerabilities (USN-302-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "An integer overflow was discovered in the do_replace() function. A local user process with the CAP_NET_ADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu's supported packages use this capability with any non-root user, so this only affects you if you use some third party software like the OpenVZ virtualization system. (CVE-2006-0038) On EMT64 CPUs, the kernel did not properly handle uncanonical return addresses. A local user could exploit this to trigger a kernel crash. (CVE-2006-0744) Al Viro discovered a local Denial of Service in the sysfs write buffer handling. By writing a block with a length exactly equal to the processor's page size to any writable file in /sys, a local attacker could cause a kernel crash. (CVE-2006-1055) Jan Beulich discovered an information leak in the handling of registers for the numeric coprocessor when running on AMD processors. This allowed processes to see the coprocessor execution state of other processes, which could reveal sensitive data in the case of cryptographic computations. (CVE-2006-1056) Marcel Holtmann discovered that the sys_add_key() did not check that a new user key is added to a proper keyring. By attempting to add a key to a normal user key (which is not a keyring), a local attacker could exploit this to crash the kernel. (CVE-2006-1522) Ingo Molnar discovered that the SCTP protocol connection tracking module in netfilter got stuck in an infinite loop on certain empty packet chunks. A remote attacker could exploit this to cause the computer to hang. (CVE-2006-1527) The SCSI I/O driver did not correctly handle the VM_IO flag for memory mapped pages used for data transfer. A local user could exploit this to cause a kernel crash. (CVE-2006-1528) The choose_new_parent() contained obsolete debugging code. A local user could exploit this to cause a kernel crash. (CVE-2006-1855) Kostik Belousov discovered that the readv() and writev() functions did not query LSM modules for access permission. This could be exploited to circumvent access restrictions defined by LSM modules such as SELinux or AppArmor. (CVE-2006-1856) The SCTP driver did not properly verify certain parameters when receiving a HB-ACK chunk. By sending a specially crafted packet to an SCTP socket, a remote attacker could exploit this to trigger a buffer overflow, which could lead to a crash or possibly even arbitrary code execution. (CVE-2006-1857) The sctp_walk_params() function in the SCTP driver incorrectly used rounded values for bounds checking instead of the precise values. By sending a specially crafted packet to an SCTP socket, a remote attacker could exploit this to crash the kernel. (CVE-2006-1858) Bjoern Steinbrink reported a memory leak in the __setlease() function. A local attacker could exploit this to exhaust kernel memory and render the computer unusable (Denial of Service). (CVE-2006-1859) Daniel Hokka Zakrisson discovered that the lease_init() did not properly handle locking. A local attacker could exploit this to cause a kernel deadlock (Denial of Service). (CVE-2006-1860) Mark Moseley discovered that the CIFS file system driver did not filter out '..\\' path components. A local attacker could exploit this to break out of a chroot environment on a mounted SMB share. (CVE-2006-1863) The same vulnerability applies to the older smb file system. (CVE-2006-1864) Hugh Dickins discovered that the mprotect() function allowed an user to change a read-only shared memory attachment to become writable, which bypasses IPC (inter-process communication) permissions. (CVE-2006-2071) The SCTP (Stream Control Transmission Protocol) driver triggered a kernel panic on unexpected packets while the session was in the CLOSED state, instead of silently ignoring the packets. A remote attacker could exploit this to crash the computer. (CVE-2006-2271) The SCTP driver did not handle control chunks if they arrived in fragmented packets. By sending specially crafted packets to an SCTP socket, a remote attacker could exploit this to crash the target machine. (CVE-2006-2272) The SCTP driver did not correctly handle packets containing more than one DATA fragment. By sending specially crafted packets to an SCTP socket, a remote attacker could exploit this to crash the target machine. (CVE-2006-2274) The SCTP driver did not correcly buffer incoming packets. By sending a large number of small messages to a receiver application that cannot process the messages quickly enough, a remote attacker could exploit this to cause a deadlock in the target machine (Denial of Service). (CVE-2006-2275) Patrick McHardy discovered that the snmp_trap_decode() function did not correctly handle memory allocation in some error conditions. By sending specially crafted packets to a machine which uses the SNMP network address translation (NAT), a remote attacker could exploit this to crash that machine. (CVE-2006-2444) In addition, the Ubuntu 6.06 LTS update fixes a range of bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/302-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-25"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-control"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/22"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04|5\.10|6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10 / 6.06", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2006-0038", "CVE-2006-0744", "CVE-2006-1055", "CVE-2006-1056", "CVE-2006-1522", "CVE-2006-1527", "CVE-2006-1528", "CVE-2006-1855", "CVE-2006-1856", "CVE-2006-1857", "CVE-2006-1858", "CVE-2006-1859", "CVE-2006-1860", "CVE-2006-1863", "CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2271", "CVE-2006-2272", "CVE-2006-2274", "CVE-2006-2275", "CVE-2006-2444"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-302-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"linux-doc-2.6.10", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-386", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686-smp", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-386", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686-smp", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-patch-ubuntu-2.6.10", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-source-2.6.10", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"linux-tree-2.6.10", pkgver:"2.6.10-34.20")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-doc-2.6.12", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-386", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686-smp", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-386", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686-smp", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-patch-ubuntu-2.6.12", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-source-2.6.12", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"linux-tree-2.6.12", pkgver:"2.6.12-10.34")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-firmware", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-firmware-2.6.15-25", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-kernel-source", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"fglrx-control", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"fglrx-kernel-source", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-386", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-686", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-686-smp", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-generic", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-k8", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-k8-smp", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-xeon", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-doc", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-doc-2.6.15", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-386", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-686", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-generic", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-k8", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-server", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-xeon", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-server", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-386", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-686", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-generic", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-k8", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-xeon", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-386", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-686", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-generic", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-k8", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-server", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-xeon", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-server", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-386", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-686", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-generic", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-k8", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-xeon", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-kernel-devel", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-386", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-686", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-amd64-generic", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-amd64-k8", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-amd64-xeon", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-386", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-686", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-generic", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-k8", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-xeon", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-common", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-server", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-source", pkgver:"2.6.15.23")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-source-2.6.15", pkgver:"2.6.15-25.43")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-dev", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy-dev", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-kernel-source", pkgver:"1.0.8762+2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"nvidia-legacy-kernel-source", pkgver:"1.0.7174+2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx", pkgver:"2.6.15.11-2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx-dev", pkgver:"2.6.15.11-2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "avm-fritz-firmware / avm-fritz-firmware-2.6.15-25 / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1183.NASL description Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4798 A buffer overflow in NFS readlink handling allows a malicious remote server to cause a denial of service. - CVE-2006-2935 Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD USB storage device to execute arbitrary code. - CVE-2006-1528 A bug in the SCSI driver allows a local user to cause a denial of service. - CVE-2006-2444 Patrick McHardy discovered a bug in the SNMP NAT helper that allows remote attackers to cause a denial of service. - CVE-2006-2446 A race condition in the socket buffer handling allows remote attackers to cause a denial of service. - CVE-2006-3745 Wei Wang discovered a bug in the SCTP implementation that allows local users to cause a denial of service and possibly gain root privileges. - CVE-2006-4535 David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system via an SCTP socket with a certain SO_LINGER value. The following matrix explains which kernel version for which architecture fixes the problem mentioned above : stable (sarge) Source 2.4.27-10sarge4 Alpha architecture 2.4.27-10sarge4 ARM architecture 2.4.27-2sarge4 Intel IA-32 architecture 2.4.27-10sarge4 Intel IA-64 architecture 2.4.27-10sarge4 Motorola 680x0 architecture 2.4.27-3sarge4 MIPS architectures 2.4.27-10.sarge4.040815-1 PowerPC architecture 2.4.27-10sarge4 IBM S/390 2.4.27-2sarge4 Sun Sparc architecture 2.4.27-9sarge4 FAI 1.9.1sarge4 mindi-kernel 2.4.27-2sarge3 kernel-image-speakup-i386 2.4.27-1.1sarge3 systemimager 3.2.3-6sarge3 last seen 2020-06-01 modified 2020-06-02 plugin id 22725 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22725 title Debian DSA-1183-1 : kernel-source-2.4.27 - several vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1184.NASL description This advisory covers the S/390 components of the recent security update for the Linux 2.6.8 kernel that were missing due to technical problems. For reference, please see the text of the original advisory. Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-2660 Toshihiro Iwamoto discovered a memory leak in the handling of direct I/O writes that allows local users to cause a denial of service. - CVE-2005-4798 A buffer overflow in NFS readlink handling allows a malicious remote server to cause a denial of service. - CVE-2006-1052 Stephen Smalley discovered a bug in the SELinux ptrace handling that allows local users with ptrace permissions to change the tracer SID to the SID of another process. - CVE-2006-1343 Pavel Kankovsky discovered an information leak in the getsockopt system call which can be exploited by a local program to leak potentially sensitive memory to userspace. - CVE-2006-1528 Douglas Gilbert reported a bug in the sg driver that allows local users to cause a denial of service by performing direct I/O transfers from the sg driver to memory mapped I/O space. - CVE-2006-1855 Mattia Belletti noticed that certain debugging code left in the process management code could be exploited by a local attacker to cause a denial of service. - CVE-2006-1856 Kostik Belousov discovered a missing LSM file_permission check in the readv and writev functions which might allow attackers to bypass intended access restrictions. - CVE-2006-2444 Patrick McHardy discovered a bug in the SNMP NAT helper that allows remote attackers to cause a denial of service. - CVE-2006-2446 A race condition in the socket buffer handling allows remote attackers to cause a denial of service. - CVE-2006-2935 Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD USB storage device to execute arbitrary code. - CVE-2006-2936 A bug in the serial USB driver has been discovered that could be exploited by a custom made USB serial adapter to consume arbitrary amounts of memory. - CVE-2006-3468 James McKenzie discovered a denial of service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. - CVE-2006-3745 Wei Wang discovered a bug in the SCTP implementation that allows local users to cause a denial of service and possibly gain root privileges. - CVE-2006-4093 Olof Johansson discovered that the kernel does not disable the HID0 bit on PowerPC 970 processors which could be exploited by a local attacker to cause a denial of service. - CVE-2006-4145 A bug in the Universal Disk Format (UDF) filesystem driver could be exploited by a local user to cause a denial of service. - CVE-2006-4535 David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system via an SCTP socket with a certain SO_LINGER value. The following matrix explains which kernel version for which architecture fixes the problem mentioned above : stable (sarge) Source 2.6.8-16sarge5 Alpha architecture 2.6.8-16sarge5 AMD64 architecture 2.6.8-16sarge5 HP Precision architecture 2.6.8-6sarge5 Intel IA-32 architecture 2.6.8-16sarge5 Intel IA-64 architecture 2.6.8-14sarge5 Motorola 680x0 architecture 2.6.8-4sarge5 PowerPC architecture 2.6.8-12sarge5 IBM S/390 2.6.8-5sarge5 Sun Sparc architecture 2.6.8-15sarge5 FAI 1.9.1sarge4 last seen 2020-06-01 modified 2020-06-02 plugin id 22726 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22726 title Debian DSA-1184-2 : kernel-source-2.6.8 - several vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-123.NASL description A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The kernel did not clear sockaddr_in.sin_zero before returning IPv4 socket names for the getsockopt function, which could allow a local user to obtain portions of potentially sensitive memory if getsockopt() is called with SO_ORIGINAL_DST (CVE-2006-1343). Prior to 2.6.16, a buffer overflow in the USB Gadget RNDIS implementation could allow a remote attacker to cause a Denial of Service via a remote NDIS response (CVE-2006-1368). Prior to 2.6.13, local users could cause a Denial of Service (crash) via a dio transfer from the sg driver to memory mapped IO space (CVE-2006-1528). Prior to and including 2.6.16, the kernel did not add the appropriate LSM file_permission hooks to the readv and writev functions, which could allow an attacker to bypass intended access restrictions (CVE-2006-1856). Prior to 2.6.16.17, a buffer oveflow in SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk (CVE-2006-1857). Prior to 2.6.16.17, SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters (CVE-2006-1858). Prior to 2.6.16.16, a memory leak in fs/locks.c could allow an attacker to cause a DoS (memory consumption) via unspecified actions (CVE-2006-1859). Prior to 2.6.16.16, lease_init in fs/locks.c could allow an attacker to cause a DoS (fcntl_setlease lockup) via certain actions (CVE-2006-1860). Prior to 2.6.17, SCTP allowed remote attackers to cause a DoS (infinite recursion and crash) via a packet that contains two or more DATA fragments (CVE-2006-2274). Prior to 2.6.16.21, a race condition in run_posix_cpu timers could allow a local user to cause a DoS (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting (CVE-2006-2445). Prior to 2.6.17.1, xt_sctp in netfilter could allow an attacker to cause a DoS (infinite loop) via an SCTP chunk with a 0 length (CVE-2006-3085). As well, an issue where IPC could hit an unmapped vmalloc page when near the page boundary has been corrected. In addition to these security fixes, other fixes have been included such as : - avoid automatic update of kernel-source without updating the kernel - fix USB EHCI handoff code, which made some machines hang while booting - disable USB_BANDWIDTH which corrects a known problem in some USB sound devices - fix a bluetooth refcounting bug which could hang the machine - fix a NULL pointer dereference in USB-Serial last seen 2020-06-01 modified 2020-06-02 plugin id 22058 published 2006-07-18 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22058 title Mandrake Linux Security Advisory : kernel (MDKSA-2006:123) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0493.NASL description Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the IPv6 implementation that allowed a local user to cause a denial of service (infinite loop and crash) (CVE-2005-2973, important) * a flaw in the bridge implementation that allowed a remote user to cause forwarding of spoofed packets via poisoning of the forwarding table with already dropped frames (CVE-2005-3272, moderate) * a flaw in the atm module that allowed a local user to cause a denial of service (panic) via certain socket calls (CVE-2005-3359, important) * a flaw in the NFS client implementation that allowed a local user to cause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555, important) * a difference in last seen 2020-06-01 modified 2020-06-02 plugin id 21592 published 2006-05-24 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21592 title RHEL 4 : kernel (RHSA-2006:0493) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0493.NASL description Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the IPv6 implementation that allowed a local user to cause a denial of service (infinite loop and crash) (CVE-2005-2973, important) * a flaw in the bridge implementation that allowed a remote user to cause forwarding of spoofed packets via poisoning of the forwarding table with already dropped frames (CVE-2005-3272, moderate) * a flaw in the atm module that allowed a local user to cause a denial of service (panic) via certain socket calls (CVE-2005-3359, important) * a flaw in the NFS client implementation that allowed a local user to cause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555, important) * a difference in last seen 2020-06-01 modified 2020-06-02 plugin id 21997 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21997 title CentOS 4 : kernel (CESA-2006:0493)
Oval
accepted | 2013-04-29T04:10:57.924-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:11037 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space. | ||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168791
- http://www.redhat.com/support/errata/RHSA-2006-0493.html
- http://secunia.com/advisories/20237
- http://www.securityfocus.com/bid/18101
- http://www.ubuntu.com/usn/usn-302-1
- http://secunia.com/advisories/20716
- http://secunia.com/advisories/21045
- http://www.novell.com/linux/security/advisories/2006_42_kernel.html
- http://secunia.com/advisories/21179
- http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.1
- http://www.novell.com/linux/security/advisories/2006_47_kernel.html
- http://secunia.com/advisories/21555
- http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
- http://secunia.com/advisories/21745
- http://www.debian.org/security/2006/dsa-1183
- http://www.debian.org/security/2006/dsa-1184
- http://secunia.com/advisories/22082
- http://secunia.com/advisories/22093
- http://secunia.com/advisories/21498
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
- http://www.vupen.com/english/advisories/2006/3330
- http://marc.info/?l=linux-scsi&m=112540053711489&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28510
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11037
- http://linux.bkbits.net:8080/linux-2.6/cset%4043220081yu9ClBQNuqSSnW_9amW7iQ