Vulnerabilities > CVE-2006-5871 - Multiple vulnerability in Linux Kernel 2.4.33/2.6.8

047910
CVSS 4.1 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
linux
nessus

Summary

smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.

Vulnerable Configurations

Part Description Count
OS
Linux
2

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1237.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4093 Olof Johansson reported a local DoS (Denial of Service) vulnerability on the PPC970 platform. Unprivileged users can hang the system by executing the
    last seen2020-06-01
    modified2020-06-02
    plugin id23911
    published2006-12-18
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23911
    titleDebian DSA-1237-1 : kernel-source-2.4.27 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1237. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(23911);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2006-4093", "CVE-2006-4538", "CVE-2006-4997", "CVE-2006-5174", "CVE-2006-5871");
      script_xref(name:"DSA", value:"1237");
    
      script_name(english:"Debian DSA-1237-1 : kernel-source-2.4.27 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several local and remote vulnerabilities have been discovered in the
    Linux kernel that may lead to a denial of service or the execution of
    arbitrary code. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2005-4093
        Olof Johansson reported a local DoS (Denial of Service)
        vulnerability on the PPC970 platform. Unprivileged users
        can hang the system by executing the 'attn' instruction,
        which was not being disabled at boot.
    
      - CVE-2006-4538
        Kirill Korotaev reported a local DoS (Denial of Service)
        vulnerability on the ia64 and sparc architectures. A
        user could cause the system to crash by executing a
        malformed ELF binary due to insufficient verification of
        the memory layout.
    
      - CVE-2006-4997
        ADLab Venustech Info Ltd reported a potential remote DoS
        (Denial of Service) vulnerability in the IP over ATM
        subsystem. A remote system could cause the system to
        crash by sending specially crafted packets that would
        trigger an attempt to free an already-freed pointer
        resulting in a system crash.
    
      - CVE-2006-5174
        Martin Schwidefsky reported a potential leak of
        sensitive information on s390 systems. The
        copy_from_user function did not clear the remaining
        bytes of the kernel buffer after receiving a fault on
        the userspace address, resulting in a leak of
        uninitialized kernel memory. A local user could exploit
        this by appending to a file from a bad address.
    
      - CVE-2006-5649
        Fabio Massimo Di Nitto reported a potential remote DoS
        (Denial of Service) vulnerability on powerpc systems.
        The alignment exception only checked the exception table
        for -EFAULT, not for other errors. This can be exploited
        by a local user to cause a system crash (panic).
    
      - CVE-2006-5871
        Bill Allombert reported that various mount options are
        ignored by smbfs when UNIX extensions are enabled. This
        includes the uid, gid and mode options. Client systems
        would silently use the server-provided settings instead
        of honoring these options, changing the security model.
        This update includes a fix from Haroldo Gamal that
        forces the kernel to honor these mount options. Note
        that, since the current versions of smbmount always pass
        values for these options to the kernel, it is not
        currently possible to activate unix extensions by
        omitting mount options. However, this behavior is
        currently consistent with the current behavior of the
        next Debian release, 'etch'."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2005-4093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4538"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4997"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5649"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1237"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the kernel package immediately and reboot the machine. If you
    have built a custom kernel from the kernel source package, you will
    need to rebuild to take advantage of these fixes.
    
    The following matrix explains which kernel version for which
    architecture fix the problems mentioned above :
    
                                   Debian 3.1 (sarge)           
      Source                       2.4.27-10sarge5              
      Alpha architecture           2.4.27-10sarge5              
      ARM architecture             2.4.27-2sarge5               
      Intel IA-32 architecture     2.4.27-10sarge5              
      Intel IA-64 architecture     2.4.27-10sarge5              
      Motorola 680x0 architecture  2.4.27-3sarge5               
      Big endian MIPS              2.4.27-10.sarge4.040815-2    
      Little endian MIPS           2.4.27-10.sarge4.040815-2    
      PowerPC architecture         2.4.27-10sarge5              
      IBM S/390 architecture       2.4.27-2sarge5               
      Sun Sparc architecture       2.4.27-9sarge5               
    The following matrix lists additional packages that were rebuilt for
    compatibility with or to take advantage of this update :
    
                                   Debian 3.1 (sarge)           
      fai-kernels                  1.9.1sarge5                  
      kernel-image-2.4.27-speakup  2.4.27-1.1sarge4             
      mindi-kernel                 2.4.27-2sarge4               
      systemimager                 3.2.3-6sarge4"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.27");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/18");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27", reference:"2.4.27-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-2", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-3", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-apus", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-nubus", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-powerpc", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-powerpc-small", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-powerpc-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-doc-2.4.27", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-doc-2.4.27-speakup", reference:"2.4.27-1.1sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-386", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-586tsc", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-686", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-686-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-generic", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-itanium", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-itanium-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-k6", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-k7", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-k7-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-mckinley", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-mckinley-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-sparc32", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-sparc32-smp", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-sparc64", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-sparc64-smp", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-386", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-586tsc", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-686", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-686-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-generic", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-itanium", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-itanium-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-k6", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-k7", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-k7-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-mckinley", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-mckinley-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc32", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc32-smp", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc64", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc64-smp", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-apus", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-nubus", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-powerpc", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-speakup", reference:"2.4.27-1.1sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4-itanium", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4-itanium-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4-mckinley", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4-mckinley-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-386", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-586tsc", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-686", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-686-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-generic", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-itanium", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-itanium-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-k6", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-k7", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-k7-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-mckinley", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-mckinley-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-s390", reference:"2.4.27-2sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-s390-tape", reference:"2.4.27-2sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-s390x", reference:"2.4.27-2sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-sparc32", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-sparc32-smp", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-sparc64", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-sparc64-smp", reference:"2.4.27-9sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-386", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-586tsc", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-686", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-686-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-generic", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-itanium", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-itanium-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-k6", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-k7", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-k7-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-mckinley", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-mckinley-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-s390", reference:"2.4.27-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-s390-tape", reference:"2.4.27-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-s390x", reference:"2.4.27-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc32", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc32-smp", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc64", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc64-smp", reference:"2.4.27-9sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-amiga", reference:"2.4.27-3sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-apus", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-atari", reference:"2.4.27-3sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-bast", reference:"2.4.27-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-bvme6000", reference:"2.4.27-3sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-lart", reference:"2.4.27-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-mac", reference:"2.4.27-3sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-mvme147", reference:"2.4.27-3sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-mvme16x", reference:"2.4.27-3sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-netwinder", reference:"2.4.27-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-nubus", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-powerpc", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-powerpc-small", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-powerpc-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-q40", reference:"2.4.27-3sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r3k-kn02", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r4k-ip22", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r4k-kn04", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r5k-cobalt", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r5k-ip22", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r5k-lasat", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-riscpc", reference:"2.4.27-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-riscstation", reference:"2.4.27-2sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-sb1-swarm-bn", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-speakup", reference:"2.4.27-1.1sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-xxs1500", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-patch-2.4.27-apus", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-patch-2.4.27-nubus", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-patch-2.4.27-powerpc", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.4.27", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-386", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-586tsc", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-686", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-686-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-k6", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-k7", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-k7-smp", reference:"2.4.27-10sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-386", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-586tsc", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-686", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-686-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-k6", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-k7", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-k7-smp", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-source-2.4.27", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-tree-2.4.27", reference:"2.4.27-10sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"mindi-kernel", reference:"2.4.27-2sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"mips-tools", reference:"2.4.27-10.sarge4.040815-2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1233.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3741 Stephane Eranian discovered a local DoS (Denial of Service) vulnerability on the ia64 architecture. A local user could exhaust the available file descriptors by exploiting a counting error in the permonctl() system call. - CVE-2006-4538 Kirill Korotaev reported a local DoS (Denial of Service) vulnerability on the ia64 and sparc architectures. A user could cause the system to crash by executing a malformed ELF binary due to insufficient verification of the memory layout. - CVE-2006-4813 Dmitriy Monakhov reported a potential memory leak in the __block_prepare_write function. __block_prepare_write does not properly sanitize kernel buffers during error recovery, which could be exploited by local users to gain access to sensitive kernel memory. - CVE-2006-4997 ADLab Venustech Info Ltd reported a potential remote DoS (Denial of Service) vulnerability in the IP over ATM subsystem. A remote system could cause the system to crash by sending specially crafted packets that would trigger an attempt to free an already-freed pointer resulting in a system crash. - CVE-2006-5174 Martin Schwidefsky reported a potential leak of sensitive information on s390 systems. The copy_from_user function did not clear the remaining bytes of the kernel buffer after receiving a fault on the userspace address, resulting in a leak of uninitialized kernel memory. A local user could exploit this by appending to a file from a bad address. - CVE-2006-5619 James Morris reported a potential local DoS (Denial of Service) vulnerability that could be used to hang or oops a system. The seqfile handling for /proc/net/ip6_flowlabel has a flaw that can be exploited to cause an infinite loop by reading this file after creating a flowlabel. - CVE-2006-5649 Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service) vulnerability on powerpc systems. The alignment exception only checked the exception table for -EFAULT, not for other errors. This can be exploited by a local user to cause a system crash (panic). - CVE-2006-5751 Eugene Teo reported a vulnerability in the get_fdb_entries function that could potentially be exploited to allow arbitrary code execution with escalated privileges. - CVE-2006-5871 Bill Allombert reported that various mount options are ignored by smbfs when UNIX extensions are enabled. This includes the uid, gid and mode options. Client systems would silently use the server-provided settings instead of honoring these options, changing the security model. This update includes a fix from Haroldo Gamal that forces the kernel to honor these mount options. Note that, since the current versions of smbmount always pass values for these options to the kernel, it is not currently possible to activate unix extensions by omitting mount options. However, this behavior is currently consistent with the current behavior of the next Debian release,
    last seen2020-06-01
    modified2020-06-02
    plugin id23846
    published2006-12-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23846
    titleDebian DSA-1233-1 : kernel-source-2.6.8 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1233. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(23846);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2006-3741", "CVE-2006-4538", "CVE-2006-4813", "CVE-2006-4997", "CVE-2006-5871");
      script_xref(name:"DSA", value:"1233");
    
      script_name(english:"Debian DSA-1233-1 : kernel-source-2.6.8 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several local and remote vulnerabilities have been discovered in the
    Linux kernel that may lead to a denial of service or the execution of
    arbitrary code. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2006-3741
        Stephane Eranian discovered a local DoS (Denial of
        Service) vulnerability on the ia64 architecture. A local
        user could exhaust the available file descriptors by
        exploiting a counting error in the permonctl() system
        call.
    
      - CVE-2006-4538
        Kirill Korotaev reported a local DoS (Denial of Service)
        vulnerability on the ia64 and sparc architectures. A
        user could cause the system to crash by executing a
        malformed ELF binary due to insufficient verification of
        the memory layout.
    
      - CVE-2006-4813
        Dmitriy Monakhov reported a potential memory leak in the
        __block_prepare_write function. __block_prepare_write
        does not properly sanitize kernel buffers during error
        recovery, which could be exploited by local users to
        gain access to sensitive kernel memory.
    
      - CVE-2006-4997
        ADLab Venustech Info Ltd reported a potential remote DoS
        (Denial of Service) vulnerability in the IP over ATM
        subsystem. A remote system could cause the system to
        crash by sending specially crafted packets that would
        trigger an attempt to free an already-freed pointer
        resulting in a system crash.
    
      - CVE-2006-5174
        Martin Schwidefsky reported a potential leak of
        sensitive information on s390 systems. The
        copy_from_user function did not clear the remaining
        bytes of the kernel buffer after receiving a fault on
        the userspace address, resulting in a leak of
        uninitialized kernel memory. A local user could exploit
        this by appending to a file from a bad address.
    
      - CVE-2006-5619
        James Morris reported a potential local DoS (Denial of
        Service) vulnerability that could be used to hang or
        oops a system. The seqfile handling for
        /proc/net/ip6_flowlabel has a flaw that can be exploited
        to cause an infinite loop by reading this file after
        creating a flowlabel.
    
      - CVE-2006-5649
        Fabio Massimo Di Nitto reported a potential remote DoS
        (Denial of Service) vulnerability on powerpc systems.
        The alignment exception only checked the exception table
        for -EFAULT, not for other errors. This can be exploited
        by a local user to cause a system crash (panic).
    
      - CVE-2006-5751
        Eugene Teo reported a vulnerability in the
        get_fdb_entries function that could potentially be
        exploited to allow arbitrary code execution with
        escalated privileges.
    
      - CVE-2006-5871
        Bill Allombert reported that various mount options are
        ignored by smbfs when UNIX extensions are enabled. This
        includes the uid, gid and mode options. Client systems
        would silently use the server-provided settings instead
        of honoring these options, changing the security model.
        This update includes a fix from Haroldo Gamal that
        forces the kernel to honor these mount options. Note
        that, since the current versions of smbmount always pass
        values for these options to the kernel, it is not
        currently possible to activate unix extensions by
        omitting mount options. However, this behavior is
        currently consistent with the current behavior of the
        next Debian release, 'etch'."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-3741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4538"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4997"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5619"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5649"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1233"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the kernel package immediately and reboot the machine. If you
    have built a custom kernel from the kernel source package, you will
    need to rebuild to take advantage of these fixes.
    
    The following matrix explains which kernel version for which
    architecture fix the problems mentioned above :
    
                                   Debian 3.1 (sarge)           
      Source                       2.6.8-16sarge6               
      Alpha architecture           2.6.8-16sarge6               
      AMD64 architecture           2.6.8-16sarge6               
      HP Precision architecture    2.6.8-6sarge6                
      Intel IA-32 architecture     2.6.8-16sarge6               
      Intel IA-64 architecture     2.6.8-14sarge6               
      Motorola 680x0 architecture  2.6.8-4sarge6                
      PowerPC architecture         2.6.8-12sarge6               
      IBM S/390 architecture       2.6.8-5sarge6                
      Sun Sparc architecture       2.6.8-15sarge6               
    The following matrix lists additional packages that were rebuilt for
    compatibility with or to take advantage of this update :
    
                          Debian 3.1 (sarge)  
      fai-kernels         1.9.1sarge5"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.6.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"fai-kernels", reference:"1.9.1sarge5")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3", reference:"2.6.8-15sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3-smp", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4-smp", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-doc-2.6.8", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium-smp", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley-smp", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3", reference:"2.6.8-15sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32", reference:"2.6.8-6sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32-smp", reference:"2.6.8-6sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-386", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64", reference:"2.6.8-6sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64-smp", reference:"2.6.8-6sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-generic", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc32", reference:"2.6.8-15sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64", reference:"2.6.8-15sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium-smp", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley-smp", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32", reference:"2.6.8-6sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32-smp", reference:"2.6.8-6sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-386", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64", reference:"2.6.8-6sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64-smp", reference:"2.6.8-6sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-generic", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3-smp", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4-smp", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390", reference:"2.6.8-5sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390-tape", reference:"2.6.8-5sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390x", reference:"2.6.8-5sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-smp", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc32", reference:"2.6.8-15sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64", reference:"2.6.8-15sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-amiga", reference:"2.6.8-4sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-atari", reference:"2.6.8-4sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-bvme6000", reference:"2.6.8-4sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-hp", reference:"2.6.8-4sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mac", reference:"2.6.8-4sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme147", reference:"2.6.8-4sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme16x", reference:"2.6.8-4sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-q40", reference:"2.6.8-4sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-sun3", reference:"2.6.8-4sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-patch-2.6.8-s390", reference:"2.6.8-5sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.6.8", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-source-2.6.8", reference:"2.6.8-16sarge6")) flag++;
    if (deb_check(release:"3.1", prefix:"kernel-tree-2.6.8", reference:"2.6.8-16sarge6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-514.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the second regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the second regular kernel update to Red Hat Enterprise Linux 4. New features introduced in this update include: - Audit support - systemtap - kprobes, relayfs - Keyring support - iSCSI Initiator - iscsi_sfnet 4:0.1.11-1 - Device mapper multipath support - Intel dual core support - esb2 chipset support - Increased exec-shield coverage - Dirty page tracking for HA systems - Diskdump -- allow partial diskdumps and directing to swap There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following security bugs were fixed in this update, detailed below with corresponding CAN names available from the Common Vulnerabilities and Exposures project (cve.mitre.org) : - flaws in ptrace() syscall handling on 64-bit systems that allowed a local user to cause a denial of service (crash) (CVE-2005-0756, CVE-2005-1761, CVE-2005-1762, CVE-2005-1763) - flaws in IPSEC network handling that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2456, CVE-2005-2555) - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490) - a flaw in sendmsg() syscall handling that allowed a local user to cause a denial of service by altering hardware state (CVE-2005-2492) - a flaw that prevented the topdown allocator from allocating mmap areas all the way down to address zero (CVE-2005-1265) - flaws dealing with keyrings that could cause a local denial of service (CVE-2005-2098, CVE-2005-2099) - a flaw in the 4GB split patch that could allow a local denial of service (CVE-2005-2100) - a xattr sharing bug in the ext2 and ext3 file systems that could cause default ACLs to disappear (CVE-2005-2801) - a flaw in the ipt_recent module on 64-bit architectures which could allow a remote denial of service (CVE-2005-2872) The following device drivers have been upgraded to new versions : qla2100 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2200 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2300 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2322 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2xxx --------- 8.00.00b21-k to 8.01.00b5-rh2 qla6312 --------- 8.00.00b21-k to 8.01.00b5-rh2 megaraid_mbox --- 2.20.4.5 to 2.20.4.6 megaraid_mm ----- 2.20.2.5 to 2.20.2.6 lpfc ------------ 0:8.0.16.6_x2 to 0:8.0.16.17 cciss ----------- 2.6.4 to 2.6.6 ipw2100 --------- 1.0.3 to 1.1.0 tg3 ------------- 3.22-rh to 3.27-rh e100 ------------ 3.3.6-k2-NAPI to 3.4.8-k2-NAPI e1000 ----------- 5.6.10.1-k2-NAPI to 6.0.54-k2-NAPI 3c59x ----------- LK1.1.19 mptbase --------- 3.01.16 to 3.02.18 ixgb ------------ 1.0.66 to 1.0.95-k2-NAPI libata ---------- 1.10 to 1.11 sata_via -------- 1.0 to 1.1 sata_ahci ------- 1.00 to 1.01 sata_qstor ------ 0.04 sata_sil -------- 0.8 to 0.9 sata_svw -------- 1.05 to 1.06 s390: crypto ---- 1.31 to 1.57 s390: zfcp ------ s390: CTC-MPC --- s390: dasd ------- s390: cio ------- s390: qeth ------ All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id21943
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21943
    titleCentOS 4 : kernel (CESA-2005:514)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-395-1.NASL
    descriptionMark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will follow soon. (CVE-2006-4572) Dmitriy Monakhov discovered an information leak in the __block_prepare_write() function. During error recovery, this function did not properly clear memory buffers which could allow local users to read portions of unlinked files. This only affects Ubuntu 5.10. (CVE-2006-4813) ADLab Venustech Info Ltd discovered that the ATM network driver referenced an already released pointer in some circumstances. By sending specially crafted packets to a host over ATM, a remote attacker could exploit this to crash that host. This does not affect Ubuntu 6.10. (CVE-2006-4997) Matthias Andree discovered that the NFS locking management daemon (lockd) did not correctly handle mixing of
    last seen2020-06-01
    modified2020-06-02
    plugin id27981
    published2007-11-10
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27981
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/-2.6.15/-2.6.17 vulnerabilities (USN-395-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-514.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the second regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the second regular kernel update to Red Hat Enterprise Linux 4. New features introduced in this update include: - Audit support - systemtap - kprobes, relayfs - Keyring support - iSCSI Initiator - iscsi_sfnet 4:0.1.11-1 - Device mapper multipath support - Intel dual core support - esb2 chipset support - Increased exec-shield coverage - Dirty page tracking for HA systems - Diskdump -- allow partial diskdumps and directing to swap There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following security bugs were fixed in this update, detailed below with corresponding CAN names available from the Common Vulnerabilities and Exposures project (cve.mitre.org) : - flaws in ptrace() syscall handling on 64-bit systems that allowed a local user to cause a denial of service (crash) (CVE-2005-0756, CVE-2005-1761, CVE-2005-1762, CVE-2005-1763) - flaws in IPSEC network handling that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2456, CVE-2005-2555) - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490) - a flaw in sendmsg() syscall handling that allowed a local user to cause a denial of service by altering hardware state (CVE-2005-2492) - a flaw that prevented the topdown allocator from allocating mmap areas all the way down to address zero (CVE-2005-1265) - flaws dealing with keyrings that could cause a local denial of service (CVE-2005-2098, CVE-2005-2099) - a flaw in the 4GB split patch that could allow a local denial of service (CVE-2005-2100) - a xattr sharing bug in the ext2 and ext3 file systems that could cause default ACLs to disappear (CVE-2005-2801) - a flaw in the ipt_recent module on 64-bit architectures which could allow a remote denial of service (CVE-2005-2872) The following device drivers have been upgraded to new versions : qla2100 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2200 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2300 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2322 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2xxx --------- 8.00.00b21-k to 8.01.00b5-rh2 qla6312 --------- 8.00.00b21-k to 8.01.00b5-rh2 megaraid_mbox --- 2.20.4.5 to 2.20.4.6 megaraid_mm ----- 2.20.2.5 to 2.20.2.6 lpfc ------------ 0:8.0.16.6_x2 to 0:8.0.16.17 cciss ----------- 2.6.4 to 2.6.6 ipw2100 --------- 1.0.3 to 1.1.0 tg3 ------------- 3.22-rh to 3.27-rh e100 ------------ 3.3.6-k2-NAPI to 3.4.8-k2-NAPI e1000 ----------- 5.6.10.1-k2-NAPI to 6.0.54-k2-NAPI 3c59x ----------- LK1.1.19 mptbase --------- 3.01.16 to 3.02.18 ixgb ------------ 1.0.66 to 1.0.95-k2-NAPI libata ---------- 1.10 to 1.11 sata_via -------- 1.0 to 1.1 sata_ahci ------- 1.00 to 1.01 sata_qstor ------ 0.04 sata_sil -------- 0.8 to 0.9 sata_svw -------- 1.05 to 1.06 s390: crypto ---- 1.31 to 1.57 s390: zfcp ------ s390: CTC-MPC --- s390: dasd ------- s390: cio ------- s390: qeth ------ All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id19989
    published2005-10-11
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19989
    titleRHEL 4 : kernel (RHSA-2005:514)

Oval

accepted2013-04-29T04:02:37.653-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionsmbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.
familyunix
idoval:org.mitre.oval:def:10171
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlesmbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.
version26

Redhat

rpms
  • kernel-0:2.6.9-22.EL
  • kernel-debuginfo-0:2.6.9-22.EL
  • kernel-devel-0:2.6.9-22.EL
  • kernel-doc-0:2.6.9-22.EL
  • kernel-hugemem-0:2.6.9-22.EL
  • kernel-hugemem-devel-0:2.6.9-22.EL
  • kernel-smp-0:2.6.9-22.EL
  • kernel-smp-devel-0:2.6.9-22.EL