Vulnerabilities > CVE-2006-2445 - Unspecified vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus

Summary

Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.

Vulnerable Configurations

Part Description Count
OS
Linux
139

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-311-1.NASL
    descriptionA race condition was discovered in the do_add_counters() functions. Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you use third-party software that uses Linux capabilities. (CVE-2006-0039) John Stultz discovered a faulty BUG_ON trigger in the handling of POSIX timers. A local attacker could exploit this to trigger a kernel oops and crash the machine. (CVE-2006-2445) Dave Jones discovered that the PowerPC kernel did not perform certain required access_ok() checks. A local user could exploit this to read arbitrary kernel memory and crash the kernel on 64-bit systems, and possibly read arbitrary kernel memory on 32-bit systems. (CVE-2006-2448) A design flaw was discovered in the prctl(PR_SET_DUMPABLE, ...) system call, which allowed a local user to have core dumps created in a directory he could not normally write to. This could be exploited to drain available disk space on system partitions, or, under some circumstances, to execute arbitrary code with full root privileges. This flaw only affects Ubuntu 6.06 LTS. (CVE-2006-2451) In addition, the Ubuntu 6.06 LTS update fixes a range of bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27886
    published2007-11-10
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27886
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-311-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-311-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27886);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2006-0039", "CVE-2006-2445", "CVE-2006-2448", "CVE-2006-2451");
      script_bugtraq_id(18874);
      script_xref(name:"USN", value:"311-1");
    
      script_name(english:"Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-311-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A race condition was discovered in the do_add_counters() functions.
    Processes which do not run with full root privileges, but have the
    CAP_NET_ADMIN capability can exploit this to crash the machine or read
    a random piece of kernel memory. In Ubuntu there are no packages that
    are affected by this, so this can only be an issue for you if you use
    third-party software that uses Linux capabilities. (CVE-2006-0039)
    
    John Stultz discovered a faulty BUG_ON trigger in the handling of
    POSIX timers. A local attacker could exploit this to trigger a kernel
    oops and crash the machine. (CVE-2006-2445)
    
    Dave Jones discovered that the PowerPC kernel did not perform certain
    required access_ok() checks. A local user could exploit this to read
    arbitrary kernel memory and crash the kernel on 64-bit systems, and
    possibly read arbitrary kernel memory on 32-bit systems.
    (CVE-2006-2448)
    
    A design flaw was discovered in the prctl(PR_SET_DUMPABLE, ...) system
    call, which allowed a local user to have core dumps created in a
    directory he could not normally write to. This could be exploited to
    drain available disk space on system partitions, or, under some
    circumstances, to execute arbitrary code with full root privileges.
    This flaw only affects Ubuntu 6.06 LTS. (CVE-2006-2451)
    
    In addition, the Ubuntu 6.06 LTS update fixes a range of bugs.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/311-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(362);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-26");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-control");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(5\.04|5\.10|6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10 / 6.06", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2006-0039", "CVE-2006-2445", "CVE-2006-2448", "CVE-2006-2451");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-311-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"5.04", pkgname:"linux-doc-2.6.10", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-386", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-686-smp", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-headers-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-386", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-686-smp", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-generic", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-k8-smp", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-image-2.6.10-6-amd64-xeon", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-patch-ubuntu-2.6.10", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-source-2.6.10", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"linux-tree-2.6.10", pkgver:"2.6.10-34.21")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-doc-2.6.12", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-386", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-686-smp", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-headers-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-386", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-686-smp", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-generic", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-k8-smp", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-image-2.6.12-10-amd64-xeon", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-patch-ubuntu-2.6.12", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-source-2.6.12", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"linux-tree-2.6.12", pkgver:"2.6.12-10.35")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-firmware", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-firmware-2.6.15-26", pkgver:"3.11+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"avm-fritz-kernel-source", pkgver:"3.11+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"fglrx-control", pkgver:"8.25.18+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"fglrx-kernel-source", pkgver:"8.25.18+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-386", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-686", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-686-smp", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-generic", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-k8", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-k8-smp", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-server", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-amd64-xeon", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-doc", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-doc-2.6.15", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-26", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-26-386", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-26-686", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-26-amd64-generic", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-26-amd64-k8", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-26-amd64-server", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-26-amd64-xeon", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-26-server", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-386", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-686", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-generic", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-k8", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-server", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-amd64-xeon", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-server", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-26-386", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-26-686", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-26-amd64-generic", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-26-amd64-k8", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-26-amd64-server", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-26-amd64-xeon", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-26-server", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-386", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-686", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-generic", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-k8", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-server", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-amd64-xeon", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-server", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-kernel-devel", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-26-386", pkgver:"2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-26-686", pkgver:"2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-26-amd64-generic", pkgver:"2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-26-amd64-k8", pkgver:"2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-2.6.15-26-amd64-xeon", pkgver:"2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-386", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-686", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-generic", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-k8", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-amd64-xeon", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-restricted-modules-common", pkgver:"2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-server", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-source", pkgver:"2.6.15.24")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-source-2.6.15", pkgver:"2.6.15-26.44")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx", pkgver:"1.0.8762+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-dev", pkgver:"1.0.8762+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy", pkgver:"1.0.7174+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-glx-legacy-dev", pkgver:"1.0.7174+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-kernel-source", pkgver:"1.0.8762+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"nvidia-legacy-kernel-source", pkgver:"1.0.7174+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx", pkgver:"7.0.0-8.25.18+2.6.15.11-3")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xorg-driver-fglrx-dev", pkgver:"7.0.0-8.25.18+2.6.15.11-3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "avm-fritz-firmware / avm-fritz-firmware-2.6.15-26 / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-151.NASL
    descriptionA number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Prior to and including 2.6.16-rc2, when running on x86_64 systems with preemption enabled, local users can cause a DoS (oops) via multiple ptrace tasks that perform single steps (CVE-2006-1066). Prior to 2.6.16, a directory traversal vulnerability in CIFS could allow a local user to escape chroot restrictions for an SMB-mounted filesystem via
    last seen2020-06-01
    modified2020-06-02
    plugin id23897
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23897
    titleMandrake Linux Security Advisory : kernel (MDKSA-2006:151)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2006:151. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(23897);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2006-1066", "CVE-2006-1863", "CVE-2006-1864", "CVE-2006-2934", "CVE-2006-2935", "CVE-2006-2936", "CVE-2006-3468", "CVE-2006-3745");
      script_bugtraq_id(18847, 19033, 19396, 19666);
      script_xref(name:"MDKSA", value:"2006:151");
    
      script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2006:151)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of vulnerabilities were discovered and corrected in the Linux
    2.6 kernel :
    
    Prior to and including 2.6.16-rc2, when running on x86_64 systems with
    preemption enabled, local users can cause a DoS (oops) via multiple
    ptrace tasks that perform single steps (CVE-2006-1066).
    
    Prior to 2.6.16, a directory traversal vulnerability in CIFS could
    allow a local user to escape chroot restrictions for an SMB-mounted
    filesystem via '..\' sequences (CVE-2006-1863).
    
    Prior to 2.6.16, a directory traversal vulnerability in smbfs could
    allow a local user to escape chroot restrictions for an SMB-mounted
    filesystem via '..\' sequences (CVE-2006-1864).
    
    Prior to to 2.6.16.23, SCTP conntrack in netfilter allows remote
    attackers to cause a DoS (crash) via a packet without any chunks,
    causing a variable to contain an invalid value that is later used to
    dereference a pointer (CVE-2006-2934).
    
    The dvd_read_bca function in the DVD handling code assigns the wrong
    value to a length variable, which could allow local users to execute
    arbitrary code via a crafted USB storage device that triggers a buffer
    overflow (CVE-2006-2935).
    
    Prior to 2.6.17, the ftdi_sio driver could allow local users to cause
    a DoS (memory consumption) by writing more data to the serial port
    than the hardware can handle, causing the data to be queued
    (CVE-2006-2936).
    
    The 2.6 kernel, when using both NFS and EXT3, allowed remote attackers
    to cause a DoS (file system panic) via a crafted UDP packet with a V2
    lookup procedure that specifies a bad file handle (inode number),
    triggering an error and causing an exported directory to be remounted
    read-only (CVE-2006-3468).
    
    The 2.6 kernel's SCTP was found to cause system crashes and allow for
    the possibility of local privilege escalation due to a bug in the
    get_user_iov_size() function that doesn't properly handle overflow
    when calculating the length of iovec (CVE-2006-3745).
    
    The provided packages are patched to fix these vulnerabilities. All
    users are encouraged to upgrade to these updated kernels immediately
    and reboot to effect the fixes.
    
    In addition to these security fixes, other fixes have been included
    such as :
    
      - added support for new devices: o Testo products in
        usb-serial o ATI SB600 IDE o ULI M-1573 south Bridge o
        PATA and SATA support for nVidia MCP55, MCP61, MCP65,
        and AMD CS5536 o Asus W6A motherboard in snd-hda-intel o
        bcm 5780
    
      - fixed ip_gre module unload OOPS
    
        - enabled opti621 driver for x86 and x86_64
    
        - fixed a local DoS introduced by an imcomplete fix for
          CVE-2006-2445
    
        - updated to Xen 3.0.1 with selected fixes
    
        - enable hugetlbfs
    
    To update your kernel, please follow the directions located at :
    
    http://www.mandriva.com/en/security/kernelupdate"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-BOOT-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.12.25mdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-BOOT-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i586-up-1GB-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-smp-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-source-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-source-stripped-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xbox-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-xen0-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-xenU-2.6.12.25mdk-1-1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-123.NASL
    descriptionA number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The kernel did not clear sockaddr_in.sin_zero before returning IPv4 socket names for the getsockopt function, which could allow a local user to obtain portions of potentially sensitive memory if getsockopt() is called with SO_ORIGINAL_DST (CVE-2006-1343). Prior to 2.6.16, a buffer overflow in the USB Gadget RNDIS implementation could allow a remote attacker to cause a Denial of Service via a remote NDIS response (CVE-2006-1368). Prior to 2.6.13, local users could cause a Denial of Service (crash) via a dio transfer from the sg driver to memory mapped IO space (CVE-2006-1528). Prior to and including 2.6.16, the kernel did not add the appropriate LSM file_permission hooks to the readv and writev functions, which could allow an attacker to bypass intended access restrictions (CVE-2006-1856). Prior to 2.6.16.17, a buffer oveflow in SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk (CVE-2006-1857). Prior to 2.6.16.17, SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters (CVE-2006-1858). Prior to 2.6.16.16, a memory leak in fs/locks.c could allow an attacker to cause a DoS (memory consumption) via unspecified actions (CVE-2006-1859). Prior to 2.6.16.16, lease_init in fs/locks.c could allow an attacker to cause a DoS (fcntl_setlease lockup) via certain actions (CVE-2006-1860). Prior to 2.6.17, SCTP allowed remote attackers to cause a DoS (infinite recursion and crash) via a packet that contains two or more DATA fragments (CVE-2006-2274). Prior to 2.6.16.21, a race condition in run_posix_cpu timers could allow a local user to cause a DoS (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting (CVE-2006-2445). Prior to 2.6.17.1, xt_sctp in netfilter could allow an attacker to cause a DoS (infinite loop) via an SCTP chunk with a 0 length (CVE-2006-3085). As well, an issue where IPC could hit an unmapped vmalloc page when near the page boundary has been corrected. In addition to these security fixes, other fixes have been included such as : - avoid automatic update of kernel-source without updating the kernel - fix USB EHCI handoff code, which made some machines hang while booting - disable USB_BANDWIDTH which corrects a known problem in some USB sound devices - fix a bluetooth refcounting bug which could hang the machine - fix a NULL pointer dereference in USB-Serial
    last seen2020-06-01
    modified2020-06-02
    plugin id22058
    published2006-07-18
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22058
    titleMandrake Linux Security Advisory : kernel (MDKSA-2006:123)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2006:123. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22058);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2006-1342", "CVE-2006-1343", "CVE-2006-1368", "CVE-2006-1528", "CVE-2006-1856", "CVE-2006-1857", "CVE-2006-1858", "CVE-2006-1859", "CVE-2006-1860", "CVE-2006-2274", "CVE-2006-2445", "CVE-2006-3085");
      script_xref(name:"MDKSA", value:"2006:123");
    
      script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2006:123)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of vulnerabilities were discovered and corrected in the Linux
    2.6 kernel :
    
    The kernel did not clear sockaddr_in.sin_zero before returning IPv4
    socket names for the getsockopt function, which could allow a local
    user to obtain portions of potentially sensitive memory if
    getsockopt() is called with SO_ORIGINAL_DST (CVE-2006-1343).
    
    Prior to 2.6.16, a buffer overflow in the USB Gadget RNDIS
    implementation could allow a remote attacker to cause a Denial of
    Service via a remote NDIS response (CVE-2006-1368).
    
    Prior to 2.6.13, local users could cause a Denial of Service (crash)
    via a dio transfer from the sg driver to memory mapped IO space
    (CVE-2006-1528).
    
    Prior to and including 2.6.16, the kernel did not add the appropriate
    LSM file_permission hooks to the readv and writev functions, which
    could allow an attacker to bypass intended access restrictions
    (CVE-2006-1856).
    
    Prior to 2.6.16.17, a buffer oveflow in SCTP could allow a remote
    attacker to cause a DoS (crash) and possibly execute arbitrary code
    via a malformed HB-ACK chunk (CVE-2006-1857).
    
    Prior to 2.6.16.17, SCTP could allow a remote attacker to cause a DoS
    (crash) and possibly execute arbitrary code via a chunk length that is
    inconsistent with the actual length of provided parameters
    (CVE-2006-1858).
    
    Prior to 2.6.16.16, a memory leak in fs/locks.c could allow an
    attacker to cause a DoS (memory consumption) via unspecified actions
    (CVE-2006-1859).
    
    Prior to 2.6.16.16, lease_init in fs/locks.c could allow an attacker
    to cause a DoS (fcntl_setlease lockup) via certain actions
    (CVE-2006-1860).
    
    Prior to 2.6.17, SCTP allowed remote attackers to cause a DoS
    (infinite recursion and crash) via a packet that contains two or more
    DATA fragments (CVE-2006-2274).
    
    Prior to 2.6.16.21, a race condition in run_posix_cpu timers could
    allow a local user to cause a DoS (BUG_ON crash) by causing one CPU to
    attach a timer to a process that is exiting (CVE-2006-2445).
    
    Prior to 2.6.17.1, xt_sctp in netfilter could allow an attacker to
    cause a DoS (infinite loop) via an SCTP chunk with a 0 length
    (CVE-2006-3085).
    
    As well, an issue where IPC could hit an unmapped vmalloc page when
    near the page boundary has been corrected.
    
    In addition to these security fixes, other fixes have been included
    such as :
    
      - avoid automatic update of kernel-source without updating
        the kernel
    
        - fix USB EHCI handoff code, which made some machines
          hang while booting
    
      - disable USB_BANDWIDTH which corrects a known problem in
        some USB sound devices
    
      - fix a bluetooth refcounting bug which could hang the
        machine
    
        - fix a NULL pointer dereference in USB-Serial's
          serial_open() function
    
      - add missing wakeup in pl2303 TIOCMIWAIT handling
    
        - fix a possible user-after-free in USB-Serial core
    
        - suspend/resume fixes
    
        - HPET timer fixes
    
        - prevent fixed button event to reach userspace on S3
          resume
    
        - add sysfs support in ide-tape
    
        - fix ASUS P5S800 reboot
    
    Finally, a new drbd-utils package is provided that is a required
    upgrade with this new kernel due to a logic bug in the previously
    shipped version of drbd-utils that could cause a kernel panic on the
    master when a slave went offline.
    
    The provided packages are patched to fix these vulnerabilities. All
    users are encouraged to upgrade to these updated kernels.
    
    To update your kernel, please follow the directions located at :
    
    http://www.mandriva.com/en/security/kernelupdate"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:drbd-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:drbd-utils-heartbeat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-BOOT-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.12.23mdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2006.0", reference:"drbd-utils-0.7.19-2.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"drbd-utils-heartbeat-0.7.19-2.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-BOOT-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i586-up-1GB-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-smp-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-source-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"kernel-source-stripped-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xbox-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xen0-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"kernel-xenU-2.6.12.23mdk-1-1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");