Vulnerabilities > CVE-2006-2071 - Unspecified vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus

Summary

Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.

Vulnerable Configurations

Part Description Count
OS
Linux
157

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0710.NASL
    descriptionUpdated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the IPC shared-memory implementation that allowed a local user to cause a denial of service (deadlock) that resulted in freezing the system (CVE-2006-4342, Important) * an information leak in the copy_from_user() implementation on s390 and s390x platforms that allowed a local user to read arbitrary kernel memory (CVE-2006-5174, Important) * a flaw in the ATM subsystem affecting systems with installed ATM hardware and configured ATM support that allowed a remote user to cause a denial of service (panic) by accessing socket buffer memory after it has been freed (CVE-2006-4997, Moderate) * a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via
    last seen2020-06-01
    modified2020-06-02
    plugin id22918
    published2006-10-25
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22918
    titleRHEL 3 : kernel (RHSA-2006:0710)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0710. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22918);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2935", "CVE-2006-4342", "CVE-2006-4997", "CVE-2006-5174");
      script_xref(name:"RHSA", value:"2006:0710");
    
      script_name(english:"RHEL 3 : kernel (RHSA-2006:0710)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix several security issues in the Red
    Hat Enterprise Linux 3 kernel are now available.
    
    This security advisory has been rated as having important security
    impact by the Red Hat Security Response Team.
    
    The Linux kernel handles the basic functions of the operating system.
    
    These new kernel packages contain fixes for the security issues
    described below :
    
    * a flaw in the IPC shared-memory implementation that allowed a local
    user to cause a denial of service (deadlock) that resulted in freezing
    the system (CVE-2006-4342, Important)
    
    * an information leak in the copy_from_user() implementation on s390
    and s390x platforms that allowed a local user to read arbitrary kernel
    memory (CVE-2006-5174, Important)
    
    * a flaw in the ATM subsystem affecting systems with installed ATM
    hardware and configured ATM support that allowed a remote user to
    cause a denial of service (panic) by accessing socket buffer memory
    after it has been freed (CVE-2006-4997, Moderate)
    
    * a directory traversal vulnerability in smbfs that allowed a local
    user to escape chroot restrictions for an SMB-mounted filesystem via
    '..\\' sequences (CVE-2006-1864, Moderate)
    
    * a flaw in the mprotect system call that allowed enabling write
    permission for a read-only attachment of shared memory (CVE-2006-2071,
    Moderate)
    
    * a flaw in the DVD handling of the CDROM driver that could be used
    together with a custom built USB device to gain root privileges
    (CVE-2006-2935, Moderate)
    
    In addition to the security issues described above, a bug fix for a
    clock skew problem (which could lead to unintended keyboard repeat
    under X11) was also included. The problem only occurred when running
    the 32-bit x86 kernel on 64-bit dual-core x86_64 hardware.
    
    Note: The kernel-unsupported package contains various drivers and
    modules that are unsupported and therefore might contain security
    problems that have not been addressed.
    
    All Red Hat Enterprise Linux 3 users are advised to upgrade their
    kernels to the packages associated with their machine architecture and
    configurations as listed in this erratum."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4997"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-5174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0710"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/10/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2935", "CVE-2006-4342", "CVE-2006-4997", "CVE-2006-5174");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2006:0710");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0710";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"kernel-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"kernel-doc-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-unsupported-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-unsupported-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"kernel-source-2.4.21-47.0.1.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"kernel-unsupported-2.4.21-47.0.1.EL")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-302-1.NASL
    descriptionAn integer overflow was discovered in the do_replace() function. A local user process with the CAP_NET_ADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu
    last seen2020-06-01
    modified2020-06-02
    plugin id27877
    published2007-11-10
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27877
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/2.6.12/2.6.15 vulnerabilities (USN-302-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-302-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27877);
      script_version("1.22");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2006-0038", "CVE-2006-0744", "CVE-2006-1055", "CVE-2006-1056", "CVE-2006-1522", "CVE-2006-1527", "CVE-2006-1528", "CVE-2006-1855", "CVE-2006-1856", "CVE-2006-1857", "CVE-2006-1858", "CVE-2006-1859", "CVE-2006-1860", "CVE-2006-1863", "CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2271", "CVE-2006-2272", "CVE-2006-2274", "CVE-2006-2275", "CVE-2006-2444");
      script_bugtraq_id(17600, 18081);
      script_xref(name:"USN", value:"302-1");
    
      script_name(english:"Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/2.6.12/2.6.15 vulnerabilities (USN-302-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An integer overflow was discovered in the do_replace() function. A
    local user process with the CAP_NET_ADMIN capability could exploit
    this to execute arbitrary commands with full root privileges. However,
    none of Ubuntu's supported packages use this capability with any
    non-root user, so this only affects you if you use some third party
    software like the OpenVZ virtualization system. (CVE-2006-0038)
    
    On EMT64 CPUs, the kernel did not properly handle uncanonical return
    addresses. A local user could exploit this to trigger a kernel crash.
    (CVE-2006-0744)
    
    Al Viro discovered a local Denial of Service in the sysfs write buffer
    handling. By writing a block with a length exactly equal to the
    processor's page size to any writable file in /sys, a local attacker
    could cause a kernel crash. (CVE-2006-1055)
    
    Jan Beulich discovered an information leak in the handling of
    registers for the numeric coprocessor when running on AMD processors.
    This allowed processes to see the coprocessor execution state of other
    processes, which could reveal sensitive data in the case of
    cryptographic computations. (CVE-2006-1056)
    
    Marcel Holtmann discovered that the sys_add_key() did not check that a
    new user key is added to a proper keyring. By attempting to add a key
    to a normal user key (which is not a keyring), a local attacker could
    exploit this to crash the kernel. (CVE-2006-1522)
    
    Ingo Molnar discovered that the SCTP protocol connection tracking
    module in netfilter got stuck in an infinite loop on certain empty
    packet chunks. A remote attacker could exploit this to cause the
    computer to hang. (CVE-2006-1527)
    
    The SCSI I/O driver did not correctly handle the VM_IO flag for memory
    mapped pages used for data transfer. A local user could exploit this
    to cause a kernel crash. (CVE-2006-1528)
    
    The choose_new_parent() contained obsolete debugging code. A local
    user could exploit this to cause a kernel crash. (CVE-2006-1855)
    
    Kostik Belousov discovered that the readv() and writev() functions did
    not query LSM modules for access permission. This could be exploited
    to circumvent access restrictions defined by LSM modules such as
    SELinux or AppArmor. (CVE-2006-1856)
    
    The SCTP driver did not properly verify certain parameters when
    receiving a HB-ACK chunk. By sending a specially crafted packet to an
    SCTP socket, a remote attacker could exploit this to trigger a buffer
    overflow, which could lead to a crash or possibly even arbitrary code
    execution. (CVE-2006-1857)
    
    The sctp_walk_params() function in the SCTP driver incorrectly used
    rounded values for bounds checking instead of the precise values. By
    sending a specially crafted packet to an SCTP socket, a remote
    attacker could exploit this to crash the kernel. (CVE-2006-1858)
    
    Bjoern Steinbrink reported a memory leak in the __setlease() function.
    A local attacker could exploit this to exhaust kernel memory and
    render the computer unusable (Denial of Service). (CVE-2006-1859)
    
    Daniel Hokka Zakrisson discovered that the lease_init() did not
    properly handle locking. A local attacker could exploit this to cause
    a kernel deadlock (Denial of Service). (CVE-2006-1860)
    
    Mark Moseley discovered that the CIFS file system driver did not
    filter out '..\\' path components. A local attacker could exploit this
    to break out of a chroot environment on a mounted SMB share.
    (CVE-2006-1863) The same vulnerability applies to the older smb file
    system. (CVE-2006-1864)
    
    Hugh Dickins discovered that the mprotect() function allowed an user
    to change a read-only shared memory attachment to become writable,
    which bypasses IPC (inter-process communication) permissions.
    (CVE-2006-2071)
    
    The SCTP (Stream Control Transmission Protocol) driver triggered a
    kernel panic on unexpected packets while the session was in the CLOSED
    state, instead of silently ignoring the packets. A remote attacker
    could exploit this to crash the computer. (CVE-2006-2271)
    
    The SCTP driver did not handle control chunks if they arrived in
    fragmented packets. By sending specially crafted packets to an SCTP
    socket, a remote attacker could exploit this to crash the target
    machine. (CVE-2006-2272)
    
    The SCTP driver did not correctly handle packets containing more than
    one DATA fragment. By sending specially crafted packets to an SCTP
    socket, a remote attacker could exploit this to crash the target
    machine. (CVE-2006-2274)
    
    The SCTP driver did not correcly buffer incoming packets. By sending a
    large number of small messages to a receiver application that cannot
    process the messages quickly enough, a remote attacker could exploit
    this to cause a deadlock in the target machine (Denial of Service).
    (CVE-2006-2275)
    
    Patrick McHardy discovered that the snmp_trap_decode() function did
    not correctly handle memory allocation in some error conditions. By
    sending specially crafted packets to a machine which uses the SNMP
    network address translation (NAT), a remote attacker could exploit
    this to crash that machine. (CVE-2006-2444)
    
    In addition, the Ubuntu 6.06 LTS update fixes a range of bugs.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/302-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-25");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-control");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(5\.04|5\.10|6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10 / 6.06", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2006-0038", "CVE-2006-0744", "CVE-2006-1055", "CVE-2006-1056", "CVE-2006-1522", "CVE-2006-1527", "CVE-2006-1528", "CVE-2006-1855", "CVE-2006-1856", "CVE-2006-1857", "CVE-2006-1858", "CVE-2006-1859", "CVE-2006-1860", "CVE-2006-1863", "CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2271", "CVE-2006-2272", "CVE-2006-2274", "CVE-2006-2275", "CVE-2006-2444");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-302-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"5.04", pkgname:"linux-doc-2.6.10", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-386", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686-smp", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-386", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686-smp", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-patch-ubuntu-2.6.10", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-source-2.6.10", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-tree-2.6.10", pkgver:"2.6.10-34.20")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-doc-2.6.12", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-386", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686-smp", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-386", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686-smp", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-patch-ubuntu-2.6.12", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-source-2.6.12", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-tree-2.6.12", pkgver:"2.6.12-10.34")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-firmware", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-firmware-2.6.15-25", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-kernel-source", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"fglrx-control", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"fglrx-kernel-source", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-386", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-686", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-686-smp", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-generic", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-k8", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-k8-smp", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-server", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-xeon", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-doc", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-doc-2.6.15", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-386", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-686", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-generic", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-k8", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-server", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-amd64-xeon", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-25-server", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-386", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-686", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-generic", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-k8", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-server", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-xeon", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-server", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-386", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-686", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-generic", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-k8", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-server", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-amd64-xeon", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-25-server", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-386", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-686", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-generic", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-k8", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-server", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-xeon", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-server", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-kernel-devel", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-386", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-686", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-amd64-generic", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-amd64-k8", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-25-amd64-xeon", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-386", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-686", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-generic", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-k8", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-xeon", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-common", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-server", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-source", pkgver:"2.6.15.23")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-source-2.6.15", pkgver:"2.6.15-25.43")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-dev", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy-dev", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-kernel-source", pkgver:"1.0.8762+2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-legacy-kernel-source", pkgver:"1.0.7174+2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx", pkgver:"2.6.15.11-2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx-dev", pkgver:"2.6.15.11-2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "avm-fritz-firmware / avm-fritz-firmware-2.6.15-25 / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0579.NASL
    descriptionUpdated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate) * a flaw in ROSE due to missing verification of the ndigis argument of new routes (CVE-2005-3273, moderate) * an info leak on AMD-based x86 systems that allowed a local user to retrieve the floating point exception state of a process run by a different user (CVE-2006-1056, important) * a minor info leak in socket name handling in the network code (CVE-2006-1342, low) * a minor info leak in socket option handling in the network code (CVE-2006-1343, low) * a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via
    last seen2020-06-01
    modified2020-06-02
    plugin id22054
    published2006-07-17
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22054
    titleRHEL 2.1 : kernel (RHSA-2006:0579)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0579. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22054);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2005-3055", "CVE-2005-3273", "CVE-2006-1056", "CVE-2006-1342", "CVE-2006-1343", "CVE-2006-1864", "CVE-2006-2071");
      script_bugtraq_id(17600);
      script_xref(name:"RHSA", value:"2006:0579");
    
      script_name(english:"RHEL 2.1 : kernel (RHSA-2006:0579)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix a number of security issues as well
    as other bugs are now available for Red Hat Enterprise Linux 2.1 (32
    bit architectures)
    
    This security advisory has been rated as having important security
    impact by the Red Hat Security Response Team.
    
    The Linux kernel handles the basic functions of the operating system.
    
    These new kernel packages contain fixes for the security issues
    described below :
    
    * a flaw in the USB devio handling of device removal that allowed a
    local user to cause a denial of service (crash) (CVE-2005-3055,
    moderate)
    
    * a flaw in ROSE due to missing verification of the ndigis argument of
    new routes (CVE-2005-3273, moderate)
    
    * an info leak on AMD-based x86 systems that allowed a local user to
    retrieve the floating point exception state of a process run by a
    different user (CVE-2006-1056, important)
    
    * a minor info leak in socket name handling in the network code
    (CVE-2006-1342, low)
    
    * a minor info leak in socket option handling in the network code
    (CVE-2006-1343, low)
    
    * a directory traversal vulnerability in smbfs that allowed a local
    user to escape chroot restrictions for an SMB-mounted filesystem via
    '..\\' sequences (CVE-2006-1864, moderate)
    
    * a flaw in the mprotect system call that allowed to give write
    permission to a readonly attachment of shared memory (CVE-2006-2071,
    moderate)
    
    A performance bug in the NFS implementation that caused clients to
    frequently pause when sending TCP segments during heavy write loads
    was also addressed.
    
    All Red Hat Enterprise Linux 2.1 users are advised to upgrade their
    kernels to these updated packages, which contain backported fixes to
    correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3273"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1056"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0579"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-enterprise");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-summit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2005-3055", "CVE-2005-3273", "CVE-2006-1056", "CVE-2006-1342", "CVE-2006-1343", "CVE-2006-1864", "CVE-2006-2071");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2006:0579");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0579";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-2.4.9-e.70")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-BOOT-2.4.9-e.70")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-debug-2.4.9-e.70")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-doc-2.4.9-e.70")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-enterprise-2.4.9-e.70")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-headers-2.4.9-e.70")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-smp-2.4.9-e.70")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-source-2.4.9-e.70")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-summit-2.4.9-e.70")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-debug / kernel-doc / etc");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-086.NASL
    descriptionA number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Prior to Linux kernel 2.6.16.5, the kernel does not properly handle uncanonical return addresses on Intel EM64T CPUs which causes the kernel exception handler to run on the user stack with the wrong GS (CVE-2006-0744). The selinux_ptrace logic hooks in SELinux for 2.6.6 allow local users with ptrace permissions to change the tracer SID to an SID of another process (CVE-2006-1052). Prior to 2.6.16, the ip_push_pending_frames function increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows a remote attacker to conduct an idle scan attack, bypassing any intended protection against such an attack (CVE-2006-1242). In kernel 2.6.16.1 and some earlier versions, the sys_add_key function in the keyring code allows local users to cause a DoS (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, causing an invalid dereference (CVE-2006-1522). Prior to 2.6.16.8, the ip_route_input function allows local users to cause a DoS (panic) via a request for a route for a multicast IP address, which triggers a null dereference (CVE-2006-1525). Prior to 2.6.16.13, the SCTP-netfilter code allows remote attackers to cause a DoS (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed (CVE-2006-1527). Prior to 2.6.16, local users can bypass IPC permissions and modify a read-only attachment of shared memory by using mprotect to give write permission to the attachment (CVE-2006-2071). Prior to 2.6.17, the ECNE chunk handling in SCTP (lksctp) allows remote attackers to cause a DoS (kernel panic) via an unexpected chucnk when the session is in CLOSED state (CVE-2006-2271). Prior to 2.6.17, SCTP (lksctp) allows remote attacker to cause a DoS (kernel panic) via incoming IP fragmented COOKIE_ECHO and HEARTBEAT SCTP control chunks (CVE-2006-2272). In addition to these security fixes, other fixes have been included such as : - fix a scheduler deadlock - Yenta oops fix - ftdi_sio: adds support for iPlus devices - enable kprobes on i386 and x86_64 - avoid a panic on bind mount of autofs owned directory - fix a kernel OOPs when booting with
    last seen2020-06-01
    modified2020-06-02
    plugin id21575
    published2006-05-19
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21575
    titleMandrake Linux Security Advisory : kernel (MDKSA-2006:086)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2006:086. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21575);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2006-0744", "CVE-2006-1052", "CVE-2006-1242", "CVE-2006-1522", "CVE-2006-1525", "CVE-2006-1527", "CVE-2006-2071", "CVE-2006-2271", "CVE-2006-2272");
      script_xref(name:"MDKSA", value:"2006:086");
    
      script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2006:086)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of vulnerabilities were discovered and corrected in the Linux
    2.6 kernel :
    
    Prior to Linux kernel 2.6.16.5, the kernel does not properly handle
    uncanonical return addresses on Intel EM64T CPUs which causes the
    kernel exception handler to run on the user stack with the wrong GS
    (CVE-2006-0744).
    
    The selinux_ptrace logic hooks in SELinux for 2.6.6 allow local users
    with ptrace permissions to change the tracer SID to an SID of another
    process (CVE-2006-1052).
    
    Prior to 2.6.16, the ip_push_pending_frames function increments the IP
    ID field when sending a RST after receiving unsolicited TCP SYN-ACK
    packets, which allows a remote attacker to conduct an idle scan
    attack, bypassing any intended protection against such an attack
    (CVE-2006-1242).
    
    In kernel 2.6.16.1 and some earlier versions, the sys_add_key function
    in the keyring code allows local users to cause a DoS (OOPS) via
    keyctl requests that add a key to a user key instead of a keyring key,
    causing an invalid dereference (CVE-2006-1522).
    
    Prior to 2.6.16.8, the ip_route_input function allows local users to
    cause a DoS (panic) via a request for a route for a multicast IP
    address, which triggers a null dereference (CVE-2006-1525).
    
    Prior to 2.6.16.13, the SCTP-netfilter code allows remote attackers to
    cause a DoS (infinite loop) via unknown vectors that cause an invalid
    SCTP chunk size to be processed (CVE-2006-1527).
    
    Prior to 2.6.16, local users can bypass IPC permissions and modify a
    read-only attachment of shared memory by using mprotect to give write
    permission to the attachment (CVE-2006-2071).
    
    Prior to 2.6.17, the ECNE chunk handling in SCTP (lksctp) allows
    remote attackers to cause a DoS (kernel panic) via an unexpected
    chucnk when the session is in CLOSED state (CVE-2006-2271).
    
    Prior to 2.6.17, SCTP (lksctp) allows remote attacker to cause a DoS
    (kernel panic) via incoming IP fragmented COOKIE_ECHO and HEARTBEAT
    SCTP control chunks (CVE-2006-2272).
    
    In addition to these security fixes, other fixes have been included
    such as :
    
      - fix a scheduler deadlock
    
        - Yenta oops fix
    
        - ftdi_sio: adds support for iPlus devices
    
        - enable kprobes on i386 and x86_64
    
        - avoid a panic on bind mount of autofs owned directory
    
        - fix a kernel OOPs when booting with 'console=ttyUSB0'
          but without a USB-serial dongle plugged in
    
      - make dm-mirror not issue invalid resync requests
    
        - fix media change detection on scsi removable devices
    
        - add support for the realtek 8168 chipset
    
        - update hfsplus driver to 2.6.16 state
    
        - backport 'Gilgal' support from e1000 7.0.33
    
        - selected ACPI video fixes
    
        - update 3w-9xxx to 2.26.02.005 (9550SX support)
    
        - fix a deadlock in the ext2 filesystem
    
        - fix usbserial use-after-free bug
    
        - add i945GM DRI support
    
        - S3 resume fixes
    
        - add ECS PF22 hda model support
    
        - SMP suspend
    
        - CPU hotplug
    
        - miscellaneous AGP fixes
    
        - added sata-suspend patch for 2.6.12 for Napa platform
    
    The provided packages are patched to fix these vulnerabilities. All
    users are encouraged to upgrade to these updated kernels.
    
    As well, updated mkinitrd and bootsplash packages are provided to fix
    minor issues; users should upgrade both packages prior to installing a
    new kernel.
    
    To update your kernel, please follow the directions located at :
    
    http://www.mandriva.com/en/security/kernelupdate"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bootsplash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.12.21mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-BOOT-2.6.12.21mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.12.21mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.12.21mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.21mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.21mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.21mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.12.21mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mkinitrd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/05/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2006.0", reference:"bootsplash-3.1.12-0.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-2.6.12.21mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-BOOT-2.6.12.21mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i586-up-1GB-2.6.12.21mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.12.21mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-smp-2.6.12.21mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-source-2.6-2.6.12-21mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-source-stripped-2.6-2.6.12-21mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xbox-2.6.12.21mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xen0-2.6.12.21mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xenU-2.6.12.21mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"mkinitrd-4.2.17-17.2.20060mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0710.NASL
    descriptionUpdated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the IPC shared-memory implementation that allowed a local user to cause a denial of service (deadlock) that resulted in freezing the system (CVE-2006-4342, Important) * an information leak in the copy_from_user() implementation on s390 and s390x platforms that allowed a local user to read arbitrary kernel memory (CVE-2006-5174, Important) * a flaw in the ATM subsystem affecting systems with installed ATM hardware and configured ATM support that allowed a remote user to cause a denial of service (panic) by accessing socket buffer memory after it has been freed (CVE-2006-4997, Moderate) * a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via
    last seen2020-06-01
    modified2020-06-02
    plugin id22879
    published2006-10-20
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22879
    titleCentOS 3 : kernel (CESA-2006:0710)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0710 and 
    # CentOS Errata and Security Advisory 2006:0710 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22879);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2935", "CVE-2006-4342", "CVE-2006-4997", "CVE-2006-5174");
      script_xref(name:"RHSA", value:"2006:0710");
    
      script_name(english:"CentOS 3 : kernel (CESA-2006:0710)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix several security issues in the Red
    Hat Enterprise Linux 3 kernel are now available.
    
    This security advisory has been rated as having important security
    impact by the Red Hat Security Response Team.
    
    The Linux kernel handles the basic functions of the operating system.
    
    These new kernel packages contain fixes for the security issues
    described below :
    
    * a flaw in the IPC shared-memory implementation that allowed a local
    user to cause a denial of service (deadlock) that resulted in freezing
    the system (CVE-2006-4342, Important)
    
    * an information leak in the copy_from_user() implementation on s390
    and s390x platforms that allowed a local user to read arbitrary kernel
    memory (CVE-2006-5174, Important)
    
    * a flaw in the ATM subsystem affecting systems with installed ATM
    hardware and configured ATM support that allowed a remote user to
    cause a denial of service (panic) by accessing socket buffer memory
    after it has been freed (CVE-2006-4997, Moderate)
    
    * a directory traversal vulnerability in smbfs that allowed a local
    user to escape chroot restrictions for an SMB-mounted filesystem via
    '..\\' sequences (CVE-2006-1864, Moderate)
    
    * a flaw in the mprotect system call that allowed enabling write
    permission for a read-only attachment of shared memory (CVE-2006-2071,
    Moderate)
    
    * a flaw in the DVD handling of the CDROM driver that could be used
    together with a custom built USB device to gain root privileges
    (CVE-2006-2935, Moderate)
    
    In addition to the security issues described above, a bug fix for a
    clock skew problem (which could lead to unintended keyboard repeat
    under X11) was also included. The problem only occurred when running
    the 32-bit x86 kernel on 64-bit dual-core x86_64 hardware.
    
    Note: The kernel-unsupported package contains various drivers and
    modules that are unsupported and therefore might contain security
    problems that have not been addressed.
    
    All Red Hat Enterprise Linux 3 users are advised to upgrade their
    kernels to the packages associated with their machine architecture and
    configurations as listed in this erratum."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-October/013332.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e723e2cb"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-October/013333.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e06a02a7"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-October/013334.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3f117f13"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-BOOT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-unsupported");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/10/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"kernel-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-BOOT-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"kernel-doc-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-hugemem-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-hugemem-unsupported-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-smp-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-smp-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-smp-unsupported-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"kernel-source-2.4.21-47.0.1.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"kernel-unsupported-2.4.21-47.0.1.EL")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0617.NASL
    descriptionUpdated kernel packages that fix security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : From Red Hat Security Advisory 2006-0617 : * a flaw in the proc file system that allowed a local user to use a suid-wrapper for scripts to gain root privileges (CVE-2006-3626, Important) * a flaw in the SCTP implementation that allowed a local user to cause a denial of service (panic) or to possibly gain root privileges (CVE-2006-3745, Important) * a flaw in NFS exported ext2/ext3 partitions when handling invalid inodes that allowed a remote authenticated user to cause a denial of service (filesystem panic) (CVE-2006-3468, Important) * a flaw in the restore_all code path of the 4/4GB split support of non-hugemem kernels that allowed a local user to cause a denial of service (panic) (CVE-2006-2932, Important) * a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT processing that allowed a remote user to cause a denial of service (crash) or potential memory corruption (CVE-2006-2444, Moderate) * a flaw in the DVD handling of the CDROM driver that could be used together with a custom built USB device to gain root privileges (CVE-2006-2935, Moderate) * a flaw in the handling of O_DIRECT writes that allowed a local user to cause a denial of service (memory consumption) (CVE-2004-2660, Low) * a flaw in the SCTP chunk length handling that allowed a remote user to cause a denial of service (crash) (CVE-2006-1858, Low) * a flaw in the input handling of the ftdi_sio driver that allowed a local user to cause a denial of service (memory consumption) (CVE-2006-2936, Low) In addition a bugfix was added to enable a clean reboot for the IBM Pizzaro machines. Red Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill Korotaev for reporting issues fixed in this erratum. From Red Hat Security Advisory ELSA-2006-0689 : * a flaw in the SCTP support that allowed a local user to cause a denial of service (crash) with a specific SO_LINGER value. (CVE-2006-4535, Important) * a flaw in the hugepage table support that allowed a local user to cause a denial of service (crash). (CVE-2005-4811, Important) * a flaw in the mprotect system call that allowed setting write permission for a read-only attachment of shared memory. (CVE-2006-2071, Moderate) * a flaw in HID0[31] (en_attn) register handling on PowerPC 970 systems that allowed a local user to cause a denial of service. (crash) (CVE-2006-4093, Moderate) * a flaw in the perfmon support of Itanium systems that allowed a local user to cause a denial of service by consuming all file descriptors. (CVE-2006-3741, Moderate) * a flaw in the ATM subsystem. On systems with installed ATM hardware and configured ATM support, a remote user could cause a denial of service (panic) by accessing socket buffers memory after freeing them. (CVE-2006-4997, Moderate) * a flaw in the DVB subsystem. On systems with installed DVB hardware and configured DVB support, a remote user could cause a denial of service (panic) by sending a ULE SNDU packet with length of 0. (CVE-2006-4623, Low) * an information leak in the network subsystem that possibly allowed a local user to read sensitive data from kernel memory. (CVE-2006-0039, Low) In addition, two bugfixes for the IPW-2200 wireless driver were included. The first one ensures that wireless management applications correctly identify IPW-2200 controlled devices, while the second fix ensures that DHCP requests using the IPW-2200 operate correctly. Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar Designer for reporting issues fixed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id67401
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67401
    titleOracle Linux 4 : kernel (ELSA-2006-0617 / ELSA-2006-0689)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisories ELSA-2006-0617 / 
    # ELSA-2006-0689.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67401);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2004-2660", "CVE-2005-4811", "CVE-2006-0039", "CVE-2006-1858", "CVE-2006-2071", "CVE-2006-2444", "CVE-2006-2932", "CVE-2006-2935", "CVE-2006-2936", "CVE-2006-3468", "CVE-2006-3626", "CVE-2006-3741", "CVE-2006-3745", "CVE-2006-4093", "CVE-2006-4535", "CVE-2006-4623", "CVE-2006-4997");
      script_xref(name:"RHSA", value:"2006:0617");
      script_xref(name:"RHSA", value:"2006:0689");
    
      script_name(english:"Oracle Linux 4 : kernel (ELSA-2006-0617 / ELSA-2006-0689)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix security issues are now available. 
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team. 
    
    The Linux kernel handles the basic functions of the operating system. 
    
    These new kernel packages contain fixes for the security issues
    described below :
    
    
    From Red Hat Security Advisory 2006-0617 :
    
    * a flaw in the proc file system that allowed a local user to use a
    suid-wrapper for scripts to gain root privileges (CVE-2006-3626,
    Important)
    
    * a flaw in the SCTP implementation that allowed a local user to cause
    a denial of service (panic) or to possibly gain root privileges
    (CVE-2006-3745, Important)
    
    * a flaw in NFS exported ext2/ext3 partitions when handling invalid
    inodes that allowed a remote authenticated user to cause a denial of
    service (filesystem panic) (CVE-2006-3468, Important)
    
    * a flaw in the restore_all code path of the 4/4GB split support of
    non-hugemem kernels that allowed a local user to cause a denial of
    service (panic) (CVE-2006-2932, Important)
    
    * a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT
    processing that allowed a remote user to cause a denial of service
    (crash) or potential memory corruption (CVE-2006-2444, Moderate)
    
    * a flaw in the DVD handling of the CDROM driver that could be used
    together with a custom built USB device to gain root privileges
    (CVE-2006-2935, Moderate)
    
    * a flaw in the handling of O_DIRECT writes that allowed a local user
    to cause a denial of service (memory consumption) (CVE-2004-2660, Low)
    
    * a flaw in the SCTP chunk length handling that allowed a remote user
    to cause a denial of service (crash) (CVE-2006-1858, Low)
    
    * a flaw in the input handling of the ftdi_sio driver that allowed a
    local user to cause a denial of service (memory consumption)
    (CVE-2006-2936, Low)
    
    In addition a bugfix was added to enable a clean reboot for the IBM
    Pizzaro machines.
    
    Red Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill
    Korotaev for reporting issues fixed in this erratum.
    
    
    From Red Hat Security Advisory ELSA-2006-0689 :
    
    * a flaw in the SCTP support that allowed a local user to cause a
    denial of service (crash) with a specific SO_LINGER value.
    (CVE-2006-4535, Important)
    
    * a flaw in the hugepage table support that allowed a local user to
    cause a denial of service (crash). (CVE-2005-4811, Important)
    
    * a flaw in the mprotect system call that allowed setting write
    permission for a read-only attachment of shared memory.
    (CVE-2006-2071, Moderate)
    
    * a flaw in HID0[31] (en_attn) register handling on PowerPC 970
    systems that allowed a local user to cause a denial of service.
    (crash) (CVE-2006-4093, Moderate)
    
    * a flaw in the perfmon support of Itanium systems that allowed a
    local user to cause a denial of service by consuming all file
    descriptors. (CVE-2006-3741, Moderate)
    
    * a flaw in the ATM subsystem. On systems with installed ATM hardware
    and configured ATM support, a remote user could cause a denial of
    service (panic) by accessing socket buffers memory after freeing them.
    (CVE-2006-4997, Moderate)
    
    * a flaw in the DVB subsystem. On systems with installed DVB hardware
    and configured DVB support, a remote user could cause a denial of
    service (panic) by sending a ULE SNDU packet with length of 0.
    (CVE-2006-4623, Low)
    
    * an information leak in the network subsystem that possibly allowed a
    local user to read sensitive data from kernel memory. (CVE-2006-0039,
    Low)
    
    In addition, two bugfixes for the IPW-2200 wireless driver were
    included. The first one ensures that wireless management applications
    correctly identify IPW-2200 controlled devices, while the second fix
    ensures that DHCP requests using the IPW-2200 operate correctly.
    
    Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar
    Designer for reporting issues fixed in this erratum."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2006-November/000011.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 362);
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/11/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"kernel-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"kernel-devel-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-devel-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-42.0.3.0.2.EL")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-42.0.3.0.2.EL")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0689.NASL
    descriptionUpdated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the SCTP support that allowed a local user to cause a denial of service (crash) with a specific SO_LINGER value. (CVE-2006-4535, Important) * a flaw in the hugepage table support that allowed a local user to cause a denial of service (crash). (CVE-2005-4811, Important) * a flaw in the mprotect system call that allowed setting write permission for a read-only attachment of shared memory. (CVE-2006-2071, Moderate) * a flaw in HID0[31] (en_attn) register handling on PowerPC 970 systems that allowed a local user to cause a denial of service. (crash) (CVE-2006-4093, Moderate) * a flaw in the perfmon support of Itanium systems that allowed a local user to cause a denial of service by consuming all file descriptors. (CVE-2006-3741, Moderate) * a flaw in the ATM subsystem. On systems with installed ATM hardware and configured ATM support, a remote user could cause a denial of service (panic) by accessing socket buffers memory after freeing them. (CVE-2006-4997, Moderate) * a flaw in the DVB subsystem. On systems with installed DVB hardware and configured DVB support, a remote user could cause a denial of service (panic) by sending a ULE SNDU packet with length of 0. (CVE-2006-4623, Low) * an information leak in the network subsystem that possibly allowed a local user to read sensitive data from kernel memory. (CVE-2006-0039, Low) In addition, two bugfixes for the IPW-2200 wireless driver were included. The first one ensures that wireless management applications correctly identify IPW-2200 controlled devices, while the second fix ensures that DHCP requests using the IPW-2200 operate correctly. Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar Designer for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id22513
    published2006-10-10
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22513
    titleCentOS 4 : kernel (CESA-2006:0689)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0689 and 
    # CentOS Errata and Security Advisory 2006:0689 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22513);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2005-4811", "CVE-2006-0039", "CVE-2006-2071", "CVE-2006-3741", "CVE-2006-4093", "CVE-2006-4535", "CVE-2006-4623", "CVE-2006-4997");
      script_bugtraq_id(19615, 19939, 20361, 20363);
      script_xref(name:"RHSA", value:"2006:0689");
    
      script_name(english:"CentOS 4 : kernel (CESA-2006:0689)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix several security issues in the Red
    Hat Enterprise Linux 4 kernel are now available.
    
    This security advisory has been rated as having important security
    impact by the Red Hat Security Response Team.
    
    The Linux kernel handles the basic functions of the operating system.
    
    These new kernel packages contain fixes for the security issues
    described below :
    
    * a flaw in the SCTP support that allowed a local user to cause a
    denial of service (crash) with a specific SO_LINGER value.
    (CVE-2006-4535, Important)
    
    * a flaw in the hugepage table support that allowed a local user to
    cause a denial of service (crash). (CVE-2005-4811, Important)
    
    * a flaw in the mprotect system call that allowed setting write
    permission for a read-only attachment of shared memory.
    (CVE-2006-2071, Moderate)
    
    * a flaw in HID0[31] (en_attn) register handling on PowerPC 970
    systems that allowed a local user to cause a denial of service.
    (crash) (CVE-2006-4093, Moderate)
    
    * a flaw in the perfmon support of Itanium systems that allowed a
    local user to cause a denial of service by consuming all file
    descriptors. (CVE-2006-3741, Moderate)
    
    * a flaw in the ATM subsystem. On systems with installed ATM hardware
    and configured ATM support, a remote user could cause a denial of
    service (panic) by accessing socket buffers memory after freeing them.
    (CVE-2006-4997, Moderate)
    
    * a flaw in the DVB subsystem. On systems with installed DVB hardware
    and configured DVB support, a remote user could cause a denial of
    service (panic) by sending a ULE SNDU packet with length of 0.
    (CVE-2006-4623, Low)
    
    * an information leak in the network subsystem that possibly allowed a
    local user to read sensitive data from kernel memory. (CVE-2006-0039,
    Low)
    
    In addition, two bugfixes for the IPW-2200 wireless driver were
    included. The first one ensures that wireless management applications
    correctly identify IPW-2200 controlled devices, while the second fix
    ensures that DHCP requests using the IPW-2200 operate correctly.
    
    Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar
    Designer for reporting issues fixed in this erratum.
    
    All Red Hat Enterprise Linux 4 users are advised to upgrade their
    kernels to the packages associated with their machine architectures
    and configurations as listed in this erratum."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-October/013312.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dee9ad88"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-October/013313.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f1183b83"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-October/013316.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b9b4a3a7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(362);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/10/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"kernel-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"kernel-devel-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-doc-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-doc-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"kernel-largesmp-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"kernel-largesmp-devel-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-42.0.3.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-42.0.3.EL")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0710.NASL
    descriptionFrom Red Hat Security Advisory 2006:0710 : Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the IPC shared-memory implementation that allowed a local user to cause a denial of service (deadlock) that resulted in freezing the system (CVE-2006-4342, Important) * an information leak in the copy_from_user() implementation on s390 and s390x platforms that allowed a local user to read arbitrary kernel memory (CVE-2006-5174, Important) * a flaw in the ATM subsystem affecting systems with installed ATM hardware and configured ATM support that allowed a remote user to cause a denial of service (panic) by accessing socket buffer memory after it has been freed (CVE-2006-4997, Moderate) * a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via
    last seen2020-06-01
    modified2020-06-02
    plugin id67413
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67413
    titleOracle Linux 3 : kernel (ELSA-2006-0710)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2006:0710 and 
    # Oracle Linux Security Advisory ELSA-2006-0710 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67413);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2935", "CVE-2006-4342", "CVE-2006-4997", "CVE-2006-5174");
      script_xref(name:"RHSA", value:"2006:0710");
    
      script_name(english:"Oracle Linux 3 : kernel (ELSA-2006-0710)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2006:0710 :
    
    Updated kernel packages that fix several security issues in the Red
    Hat Enterprise Linux 3 kernel are now available.
    
    This security advisory has been rated as having important security
    impact by the Red Hat Security Response Team.
    
    The Linux kernel handles the basic functions of the operating system.
    
    These new kernel packages contain fixes for the security issues
    described below :
    
    * a flaw in the IPC shared-memory implementation that allowed a local
    user to cause a denial of service (deadlock) that resulted in freezing
    the system (CVE-2006-4342, Important)
    
    * an information leak in the copy_from_user() implementation on s390
    and s390x platforms that allowed a local user to read arbitrary kernel
    memory (CVE-2006-5174, Important)
    
    * a flaw in the ATM subsystem affecting systems with installed ATM
    hardware and configured ATM support that allowed a remote user to
    cause a denial of service (panic) by accessing socket buffer memory
    after it has been freed (CVE-2006-4997, Moderate)
    
    * a directory traversal vulnerability in smbfs that allowed a local
    user to escape chroot restrictions for an SMB-mounted filesystem via
    '..\\' sequences (CVE-2006-1864, Moderate)
    
    * a flaw in the mprotect system call that allowed enabling write
    permission for a read-only attachment of shared memory (CVE-2006-2071,
    Moderate)
    
    * a flaw in the DVD handling of the CDROM driver that could be used
    together with a custom built USB device to gain root privileges
    (CVE-2006-2935, Moderate)
    
    In addition to the security issues described above, a bug fix for a
    clock skew problem (which could lead to unintended keyboard repeat
    under X11) was also included. The problem only occurred when running
    the 32-bit x86 kernel on 64-bit dual-core x86_64 hardware.
    
    Note: The kernel-unsupported package contains various drivers and
    modules that are unsupported and therefore might contain security
    problems that have not been addressed.
    
    All Red Hat Enterprise Linux 3 users are advised to upgrade their
    kernels to the packages associated with their machine architecture and
    configurations as listed in this erratum."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-March/000086.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-BOOT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-unsupported");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2935", "CVE-2006-4342", "CVE-2006-4997", "CVE-2006-5174");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2006-0710");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.4";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL3", rpm:"kernel-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-BOOT-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-doc-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-doc-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-doc-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-doc-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-hugemem-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-hugemem-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-hugemem-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-hugemem-unsupported-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-smp-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-smp-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-smp-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-smp-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-smp-unsupported-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-smp-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-source-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-source-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-source-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-source-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-unsupported-2.4.21-47.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-unsupported-2.4.21-47.0.1.EL")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0689.NASL
    descriptionUpdated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the SCTP support that allowed a local user to cause a denial of service (crash) with a specific SO_LINGER value. (CVE-2006-4535, Important) * a flaw in the hugepage table support that allowed a local user to cause a denial of service (crash). (CVE-2005-4811, Important) * a flaw in the mprotect system call that allowed setting write permission for a read-only attachment of shared memory. (CVE-2006-2071, Moderate) * a flaw in HID0[31] (en_attn) register handling on PowerPC 970 systems that allowed a local user to cause a denial of service. (crash) (CVE-2006-4093, Moderate) * a flaw in the perfmon support of Itanium systems that allowed a local user to cause a denial of service by consuming all file descriptors. (CVE-2006-3741, Moderate) * a flaw in the ATM subsystem. On systems with installed ATM hardware and configured ATM support, a remote user could cause a denial of service (panic) by accessing socket buffers memory after freeing them. (CVE-2006-4997, Moderate) * a flaw in the DVB subsystem. On systems with installed DVB hardware and configured DVB support, a remote user could cause a denial of service (panic) by sending a ULE SNDU packet with length of 0. (CVE-2006-4623, Low) * an information leak in the network subsystem that possibly allowed a local user to read sensitive data from kernel memory. (CVE-2006-0039, Low) In addition, two bugfixes for the IPW-2200 wireless driver were included. The first one ensures that wireless management applications correctly identify IPW-2200 controlled devices, while the second fix ensures that DHCP requests using the IPW-2200 operate correctly. Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar Designer for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id22523
    published2006-10-10
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22523
    titleRHEL 4 : kernel (RHSA-2006:0689)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0689. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22523);
      script_version ("1.26");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2005-4811", "CVE-2006-0039", "CVE-2006-2071", "CVE-2006-3741", "CVE-2006-4093", "CVE-2006-4535", "CVE-2006-4623", "CVE-2006-4997");
      script_bugtraq_id(19615, 19939, 20361, 20363);
      script_xref(name:"RHSA", value:"2006:0689");
    
      script_name(english:"RHEL 4 : kernel (RHSA-2006:0689)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix several security issues in the Red
    Hat Enterprise Linux 4 kernel are now available.
    
    This security advisory has been rated as having important security
    impact by the Red Hat Security Response Team.
    
    The Linux kernel handles the basic functions of the operating system.
    
    These new kernel packages contain fixes for the security issues
    described below :
    
    * a flaw in the SCTP support that allowed a local user to cause a
    denial of service (crash) with a specific SO_LINGER value.
    (CVE-2006-4535, Important)
    
    * a flaw in the hugepage table support that allowed a local user to
    cause a denial of service (crash). (CVE-2005-4811, Important)
    
    * a flaw in the mprotect system call that allowed setting write
    permission for a read-only attachment of shared memory.
    (CVE-2006-2071, Moderate)
    
    * a flaw in HID0[31] (en_attn) register handling on PowerPC 970
    systems that allowed a local user to cause a denial of service.
    (crash) (CVE-2006-4093, Moderate)
    
    * a flaw in the perfmon support of Itanium systems that allowed a
    local user to cause a denial of service by consuming all file
    descriptors. (CVE-2006-3741, Moderate)
    
    * a flaw in the ATM subsystem. On systems with installed ATM hardware
    and configured ATM support, a remote user could cause a denial of
    service (panic) by accessing socket buffers memory after freeing them.
    (CVE-2006-4997, Moderate)
    
    * a flaw in the DVB subsystem. On systems with installed DVB hardware
    and configured DVB support, a remote user could cause a denial of
    service (panic) by sending a ULE SNDU packet with length of 0.
    (CVE-2006-4623, Low)
    
    * an information leak in the network subsystem that possibly allowed a
    local user to read sensitive data from kernel memory. (CVE-2006-0039,
    Low)
    
    In addition, two bugfixes for the IPW-2200 wireless driver were
    included. The first one ensures that wireless management applications
    correctly identify IPW-2200 controlled devices, while the second fix
    ensures that DHCP requests using the IPW-2200 operate correctly.
    
    Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar
    Designer for reporting issues fixed in this erratum.
    
    All Red Hat Enterprise Linux 4 users are advised to upgrade their
    kernels to the packages associated with their machine architectures
    and configurations as listed in this erratum."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-4811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4535"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4623"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-4997"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0689"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(362);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2005-4811", "CVE-2006-0039", "CVE-2006-2071", "CVE-2006-3741", "CVE-2006-4093", "CVE-2006-4535", "CVE-2006-4623", "CVE-2006-4997");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2006:0689");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0689";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"kernel-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", reference:"kernel-devel-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", reference:"kernel-doc-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-devel-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-devel-2.6.9-42.0.3.EL")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-42.0.3.EL")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
      }
    }
    

Oval

accepted2013-04-29T04:23:50.053-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionLinux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.
familyunix
idoval:org.mitre.oval:def:9978
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleLinux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.
version26

Redhat

advisories
  • rhsa
    idRHSA-2006:0579
  • rhsa
    idRHSA-2006:0580
  • rhsa
    idRHSA-2006:0689
  • rhsa
    idRHSA-2006:0710
rpms
  • kernel-0:2.6.9-42.0.3.EL
  • kernel-debuginfo-0:2.6.9-42.0.3.EL
  • kernel-devel-0:2.6.9-42.0.3.EL
  • kernel-doc-0:2.6.9-42.0.3.EL
  • kernel-hugemem-0:2.6.9-42.0.3.EL
  • kernel-hugemem-devel-0:2.6.9-42.0.3.EL
  • kernel-largesmp-0:2.6.9-42.0.3.EL
  • kernel-largesmp-devel-0:2.6.9-42.0.3.EL
  • kernel-smp-0:2.6.9-42.0.3.EL
  • kernel-smp-devel-0:2.6.9-42.0.3.EL
  • kernel-0:2.4.21-47.0.1.EL
  • kernel-BOOT-0:2.4.21-47.0.1.EL
  • kernel-debuginfo-0:2.4.21-47.0.1.EL
  • kernel-doc-0:2.4.21-47.0.1.EL
  • kernel-hugemem-0:2.4.21-47.0.1.EL
  • kernel-hugemem-unsupported-0:2.4.21-47.0.1.EL
  • kernel-smp-0:2.4.21-47.0.1.EL
  • kernel-smp-unsupported-0:2.4.21-47.0.1.EL
  • kernel-source-0:2.4.21-47.0.1.EL
  • kernel-unsupported-0:2.4.21-47.0.1.EL

References