Vulnerabilities > CVE-2006-5871 - Unspecified vulnerability in Linux Kernel 2.4.33/2.6.8

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus
NVD
Published: 2006-12-11
Updated: 2024-11-21

Summary

smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.

Vulnerable Configurations

Part Description Count
OS
Linux
2

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1237.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4093 Olof Johansson reported a local DoS (Denial of Service) vulnerability on the PPC970 platform. Unprivileged users can hang the system by executing the
    last seen2020-06-01
    modified2020-06-02
    plugin id23911
    published2006-12-18
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23911
    titleDebian DSA-1237-1 : kernel-source-2.4.27 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1237. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(23911);
  script_version("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:20");

  script_cve_id("CVE-2006-4093", "CVE-2006-4538", "CVE-2006-4997", "CVE-2006-5174", "CVE-2006-5871");
  script_xref(name:"DSA", value:"1237");

  script_name(english:"Debian DSA-1237-1 : kernel-source-2.4.27 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2005-4093
    Olof Johansson reported a local DoS (Denial of Service)
    vulnerability on the PPC970 platform. Unprivileged users
    can hang the system by executing the 'attn' instruction,
    which was not being disabled at boot.

  - CVE-2006-4538
    Kirill Korotaev reported a local DoS (Denial of Service)
    vulnerability on the ia64 and sparc architectures. A
    user could cause the system to crash by executing a
    malformed ELF binary due to insufficient verification of
    the memory layout.

  - CVE-2006-4997
    ADLab Venustech Info Ltd reported a potential remote DoS
    (Denial of Service) vulnerability in the IP over ATM
    subsystem. A remote system could cause the system to
    crash by sending specially crafted packets that would
    trigger an attempt to free an already-freed pointer
    resulting in a system crash.

  - CVE-2006-5174
    Martin Schwidefsky reported a potential leak of
    sensitive information on s390 systems. The
    copy_from_user function did not clear the remaining
    bytes of the kernel buffer after receiving a fault on
    the userspace address, resulting in a leak of
    uninitialized kernel memory. A local user could exploit
    this by appending to a file from a bad address.

  - CVE-2006-5649
    Fabio Massimo Di Nitto reported a potential remote DoS
    (Denial of Service) vulnerability on powerpc systems.
    The alignment exception only checked the exception table
    for -EFAULT, not for other errors. This can be exploited
    by a local user to cause a system crash (panic).

  - CVE-2006-5871
    Bill Allombert reported that various mount options are
    ignored by smbfs when UNIX extensions are enabled. This
    includes the uid, gid and mode options. Client systems
    would silently use the server-provided settings instead
    of honoring these options, changing the security model.
    This update includes a fix from Haroldo Gamal that
    forces the kernel to honor these mount options. Note
    that, since the current versions of smbmount always pass
    values for these options to the kernel, it is not
    currently possible to activate unix extensions by
    omitting mount options. However, this behavior is
    currently consistent with the current behavior of the
    next Debian release, 'etch'."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4093"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-4538"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-4997"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-5174"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-5649"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-5871"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1237"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the kernel package immediately and reboot the machine. If you
have built a custom kernel from the kernel source package, you will
need to rebuild to take advantage of these fixes.

The following matrix explains which kernel version for which
architecture fix the problems mentioned above :

                               Debian 3.1 (sarge)           
  Source                       2.4.27-10sarge5              
  Alpha architecture           2.4.27-10sarge5              
  ARM architecture             2.4.27-2sarge5               
  Intel IA-32 architecture     2.4.27-10sarge5              
  Intel IA-64 architecture     2.4.27-10sarge5              
  Motorola 680x0 architecture  2.4.27-3sarge5               
  Big endian MIPS              2.4.27-10.sarge4.040815-2    
  Little endian MIPS           2.4.27-10.sarge4.040815-2    
  PowerPC architecture         2.4.27-10sarge5              
  IBM S/390 architecture       2.4.27-2sarge5               
  Sun Sparc architecture       2.4.27-9sarge5               
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update :

                               Debian 3.1 (sarge)           
  fai-kernels                  1.9.1sarge5                  
  kernel-image-2.4.27-speakup  2.4.27-1.1sarge4             
  mindi-kernel                 2.4.27-2sarge4               
  systemimager                 3.2.3-6sarge4"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.27");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/18");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27", reference:"2.4.27-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-2", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-3", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-apus", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-nubus", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-powerpc", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-powerpc-small", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.4.27-powerpc-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-doc-2.4.27", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-doc-2.4.27-speakup", reference:"2.4.27-1.1sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27", reference:"2.4.27-10.sarge4.040815-2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-386", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-586tsc", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-686", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-686-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-generic", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-itanium", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-itanium-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-k6", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-k7", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-k7-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-mckinley", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-mckinley-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-sparc32", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-sparc32-smp", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-sparc64", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-2-sparc64-smp", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-386", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-586tsc", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-686", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-686-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-generic", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-itanium", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-itanium-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-k6", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-k7", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-k7-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-mckinley", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-mckinley-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc32", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc32-smp", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc64", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-3-sparc64-smp", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-apus", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-nubus", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-powerpc", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.4.27-speakup", reference:"2.4.27-1.1sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4-itanium", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4-itanium-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4-mckinley", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4-mckinley-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-386", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-586tsc", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-686", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-686-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-generic", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-itanium", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-itanium-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-k6", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-k7", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-k7-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-mckinley", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-mckinley-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-s390", reference:"2.4.27-2sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-s390-tape", reference:"2.4.27-2sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-s390x", reference:"2.4.27-2sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-sparc32", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-sparc32-smp", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-sparc64", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-2-sparc64-smp", reference:"2.4.27-9sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-386", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-586tsc", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-686", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-686-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-generic", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-itanium", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-itanium-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-k6", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-k7", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-k7-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-mckinley", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-mckinley-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-s390", reference:"2.4.27-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-s390-tape", reference:"2.4.27-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-s390x", reference:"2.4.27-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc32", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc32-smp", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc64", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-3-sparc64-smp", reference:"2.4.27-9sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-amiga", reference:"2.4.27-3sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-apus", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-atari", reference:"2.4.27-3sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-bast", reference:"2.4.27-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-bvme6000", reference:"2.4.27-3sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-lart", reference:"2.4.27-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-mac", reference:"2.4.27-3sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-mvme147", reference:"2.4.27-3sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-mvme16x", reference:"2.4.27-3sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-netwinder", reference:"2.4.27-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-nubus", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-powerpc", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-powerpc-small", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-powerpc-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-q40", reference:"2.4.27-3sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r3k-kn02", reference:"2.4.27-10.sarge4.040815-2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r4k-ip22", reference:"2.4.27-10.sarge4.040815-2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r4k-kn04", reference:"2.4.27-10.sarge4.040815-2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r5k-cobalt", reference:"2.4.27-10.sarge4.040815-2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r5k-ip22", reference:"2.4.27-10.sarge4.040815-2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-r5k-lasat", reference:"2.4.27-10.sarge4.040815-2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-riscpc", reference:"2.4.27-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-riscstation", reference:"2.4.27-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-sb1-swarm-bn", reference:"2.4.27-10.sarge4.040815-2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-speakup", reference:"2.4.27-1.1sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.4.27-xxs1500", reference:"2.4.27-10.sarge4.040815-2")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-patch-2.4.27-apus", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-patch-2.4.27-nubus", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-patch-2.4.27-powerpc", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.4.27", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-386", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-586tsc", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-686", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-686-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-k6", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-k7", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-2-k7-smp", reference:"2.4.27-10sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-386", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-586tsc", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-686", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-686-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-k6", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-k7", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-pcmcia-modules-2.4.27-3-k7-smp", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-source-2.4.27", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-tree-2.4.27", reference:"2.4.27-10sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"mindi-kernel", reference:"2.4.27-2sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"mips-tools", reference:"2.4.27-10.sarge4.040815-2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1233.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3741 Stephane Eranian discovered a local DoS (Denial of Service) vulnerability on the ia64 architecture. A local user could exhaust the available file descriptors by exploiting a counting error in the permonctl() system call. - CVE-2006-4538 Kirill Korotaev reported a local DoS (Denial of Service) vulnerability on the ia64 and sparc architectures. A user could cause the system to crash by executing a malformed ELF binary due to insufficient verification of the memory layout. - CVE-2006-4813 Dmitriy Monakhov reported a potential memory leak in the __block_prepare_write function. __block_prepare_write does not properly sanitize kernel buffers during error recovery, which could be exploited by local users to gain access to sensitive kernel memory. - CVE-2006-4997 ADLab Venustech Info Ltd reported a potential remote DoS (Denial of Service) vulnerability in the IP over ATM subsystem. A remote system could cause the system to crash by sending specially crafted packets that would trigger an attempt to free an already-freed pointer resulting in a system crash. - CVE-2006-5174 Martin Schwidefsky reported a potential leak of sensitive information on s390 systems. The copy_from_user function did not clear the remaining bytes of the kernel buffer after receiving a fault on the userspace address, resulting in a leak of uninitialized kernel memory. A local user could exploit this by appending to a file from a bad address. - CVE-2006-5619 James Morris reported a potential local DoS (Denial of Service) vulnerability that could be used to hang or oops a system. The seqfile handling for /proc/net/ip6_flowlabel has a flaw that can be exploited to cause an infinite loop by reading this file after creating a flowlabel. - CVE-2006-5649 Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service) vulnerability on powerpc systems. The alignment exception only checked the exception table for -EFAULT, not for other errors. This can be exploited by a local user to cause a system crash (panic). - CVE-2006-5751 Eugene Teo reported a vulnerability in the get_fdb_entries function that could potentially be exploited to allow arbitrary code execution with escalated privileges. - CVE-2006-5871 Bill Allombert reported that various mount options are ignored by smbfs when UNIX extensions are enabled. This includes the uid, gid and mode options. Client systems would silently use the server-provided settings instead of honoring these options, changing the security model. This update includes a fix from Haroldo Gamal that forces the kernel to honor these mount options. Note that, since the current versions of smbmount always pass values for these options to the kernel, it is not currently possible to activate unix extensions by omitting mount options. However, this behavior is currently consistent with the current behavior of the next Debian release,
    last seen2020-06-01
    modified2020-06-02
    plugin id23846
    published2006-12-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23846
    titleDebian DSA-1233-1 : kernel-source-2.6.8 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1233. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(23846);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:20");

  script_cve_id("CVE-2006-3741", "CVE-2006-4538", "CVE-2006-4813", "CVE-2006-4997", "CVE-2006-5871");
  script_xref(name:"DSA", value:"1233");

  script_name(english:"Debian DSA-1233-1 : kernel-source-2.6.8 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2006-3741
    Stephane Eranian discovered a local DoS (Denial of
    Service) vulnerability on the ia64 architecture. A local
    user could exhaust the available file descriptors by
    exploiting a counting error in the permonctl() system
    call.

  - CVE-2006-4538
    Kirill Korotaev reported a local DoS (Denial of Service)
    vulnerability on the ia64 and sparc architectures. A
    user could cause the system to crash by executing a
    malformed ELF binary due to insufficient verification of
    the memory layout.

  - CVE-2006-4813
    Dmitriy Monakhov reported a potential memory leak in the
    __block_prepare_write function. __block_prepare_write
    does not properly sanitize kernel buffers during error
    recovery, which could be exploited by local users to
    gain access to sensitive kernel memory.

  - CVE-2006-4997
    ADLab Venustech Info Ltd reported a potential remote DoS
    (Denial of Service) vulnerability in the IP over ATM
    subsystem. A remote system could cause the system to
    crash by sending specially crafted packets that would
    trigger an attempt to free an already-freed pointer
    resulting in a system crash.

  - CVE-2006-5174
    Martin Schwidefsky reported a potential leak of
    sensitive information on s390 systems. The
    copy_from_user function did not clear the remaining
    bytes of the kernel buffer after receiving a fault on
    the userspace address, resulting in a leak of
    uninitialized kernel memory. A local user could exploit
    this by appending to a file from a bad address.

  - CVE-2006-5619
    James Morris reported a potential local DoS (Denial of
    Service) vulnerability that could be used to hang or
    oops a system. The seqfile handling for
    /proc/net/ip6_flowlabel has a flaw that can be exploited
    to cause an infinite loop by reading this file after
    creating a flowlabel.

  - CVE-2006-5649
    Fabio Massimo Di Nitto reported a potential remote DoS
    (Denial of Service) vulnerability on powerpc systems.
    The alignment exception only checked the exception table
    for -EFAULT, not for other errors. This can be exploited
    by a local user to cause a system crash (panic).

  - CVE-2006-5751
    Eugene Teo reported a vulnerability in the
    get_fdb_entries function that could potentially be
    exploited to allow arbitrary code execution with
    escalated privileges.

  - CVE-2006-5871
    Bill Allombert reported that various mount options are
    ignored by smbfs when UNIX extensions are enabled. This
    includes the uid, gid and mode options. Client systems
    would silently use the server-provided settings instead
    of honoring these options, changing the security model.
    This update includes a fix from Haroldo Gamal that
    forces the kernel to honor these mount options. Note
    that, since the current versions of smbmount always pass
    values for these options to the kernel, it is not
    currently possible to activate unix extensions by
    omitting mount options. However, this behavior is
    currently consistent with the current behavior of the
    next Debian release, 'etch'."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-3741"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-4538"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-4813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-4997"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-5174"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-5619"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-5649"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-5751"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2006-5871"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1233"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the kernel package immediately and reboot the machine. If you
have built a custom kernel from the kernel source package, you will
need to rebuild to take advantage of these fixes.

The following matrix explains which kernel version for which
architecture fix the problems mentioned above :

                               Debian 3.1 (sarge)           
  Source                       2.6.8-16sarge6               
  Alpha architecture           2.6.8-16sarge6               
  AMD64 architecture           2.6.8-16sarge6               
  HP Precision architecture    2.6.8-6sarge6                
  Intel IA-32 architecture     2.6.8-16sarge6               
  Intel IA-64 architecture     2.6.8-14sarge6               
  Motorola 680x0 architecture  2.6.8-4sarge6                
  PowerPC architecture         2.6.8-12sarge6               
  IBM S/390 architecture       2.6.8-5sarge6                
  Sun Sparc architecture       2.6.8-15sarge6               
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update :

                      Debian 3.1 (sarge)  
  fai-kernels         1.9.1sarge5"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.6.8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"fai-kernels", reference:"1.9.1sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3", reference:"2.6.8-15sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power3-smp", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-power4-smp", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-doc-2.6.8", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium-smp", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley-smp", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3", reference:"2.6.8-15sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32", reference:"2.6.8-6sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-32-smp", reference:"2.6.8-6sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-386", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64", reference:"2.6.8-6sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-64-smp", reference:"2.6.8-6sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-686-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-generic", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-k7-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc32", reference:"2.6.8-15sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64", reference:"2.6.8-15sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium-smp", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley-smp", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-generic", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-amd64-k8-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-12-em64t-p4-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32", reference:"2.6.8-6sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-32-smp", reference:"2.6.8-6sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-386", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64", reference:"2.6.8-6sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-64-smp", reference:"2.6.8-6sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-686-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-generic", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-itanium-smp", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-k7-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-mckinley-smp", reference:"2.6.8-14sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power3-smp", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-power4-smp", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-powerpc-smp", reference:"2.6.8-12sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390", reference:"2.6.8-5sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390-tape", reference:"2.6.8-5sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-s390x", reference:"2.6.8-5sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-smp", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc32", reference:"2.6.8-15sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64", reference:"2.6.8-15sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-3-sparc64-smp", reference:"2.6.8-15sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-amiga", reference:"2.6.8-4sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-atari", reference:"2.6.8-4sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-bvme6000", reference:"2.6.8-4sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-hp", reference:"2.6.8-4sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mac", reference:"2.6.8-4sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme147", reference:"2.6.8-4sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme16x", reference:"2.6.8-4sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-q40", reference:"2.6.8-4sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-sun3", reference:"2.6.8-4sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-patch-2.6.8-s390", reference:"2.6.8-5sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.6.8", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-source-2.6.8", reference:"2.6.8-16sarge6")) flag++;
if (deb_check(release:"3.1", prefix:"kernel-tree-2.6.8", reference:"2.6.8-16sarge6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-514.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the second regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the second regular kernel update to Red Hat Enterprise Linux 4. New features introduced in this update include: - Audit support - systemtap - kprobes, relayfs - Keyring support - iSCSI Initiator - iscsi_sfnet 4:0.1.11-1 - Device mapper multipath support - Intel dual core support - esb2 chipset support - Increased exec-shield coverage - Dirty page tracking for HA systems - Diskdump -- allow partial diskdumps and directing to swap There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following security bugs were fixed in this update, detailed below with corresponding CAN names available from the Common Vulnerabilities and Exposures project (cve.mitre.org) : - flaws in ptrace() syscall handling on 64-bit systems that allowed a local user to cause a denial of service (crash) (CVE-2005-0756, CVE-2005-1761, CVE-2005-1762, CVE-2005-1763) - flaws in IPSEC network handling that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2456, CVE-2005-2555) - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490) - a flaw in sendmsg() syscall handling that allowed a local user to cause a denial of service by altering hardware state (CVE-2005-2492) - a flaw that prevented the topdown allocator from allocating mmap areas all the way down to address zero (CVE-2005-1265) - flaws dealing with keyrings that could cause a local denial of service (CVE-2005-2098, CVE-2005-2099) - a flaw in the 4GB split patch that could allow a local denial of service (CVE-2005-2100) - a xattr sharing bug in the ext2 and ext3 file systems that could cause default ACLs to disappear (CVE-2005-2801) - a flaw in the ipt_recent module on 64-bit architectures which could allow a remote denial of service (CVE-2005-2872) The following device drivers have been upgraded to new versions : qla2100 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2200 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2300 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2322 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2xxx --------- 8.00.00b21-k to 8.01.00b5-rh2 qla6312 --------- 8.00.00b21-k to 8.01.00b5-rh2 megaraid_mbox --- 2.20.4.5 to 2.20.4.6 megaraid_mm ----- 2.20.2.5 to 2.20.2.6 lpfc ------------ 0:8.0.16.6_x2 to 0:8.0.16.17 cciss ----------- 2.6.4 to 2.6.6 ipw2100 --------- 1.0.3 to 1.1.0 tg3 ------------- 3.22-rh to 3.27-rh e100 ------------ 3.3.6-k2-NAPI to 3.4.8-k2-NAPI e1000 ----------- 5.6.10.1-k2-NAPI to 6.0.54-k2-NAPI 3c59x ----------- LK1.1.19 mptbase --------- 3.01.16 to 3.02.18 ixgb ------------ 1.0.66 to 1.0.95-k2-NAPI libata ---------- 1.10 to 1.11 sata_via -------- 1.0 to 1.1 sata_ahci ------- 1.00 to 1.01 sata_qstor ------ 0.04 sata_sil -------- 0.8 to 0.9 sata_svw -------- 1.05 to 1.06 s390: crypto ---- 1.31 to 1.57 s390: zfcp ------ s390: CTC-MPC --- s390: dasd ------- s390: cio ------- s390: qeth ------ All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id21943
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21943
    titleCentOS 4 : kernel (CESA-2005:514)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-395-1.NASL
    descriptionMark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will follow soon. (CVE-2006-4572) Dmitriy Monakhov discovered an information leak in the __block_prepare_write() function. During error recovery, this function did not properly clear memory buffers which could allow local users to read portions of unlinked files. This only affects Ubuntu 5.10. (CVE-2006-4813) ADLab Venustech Info Ltd discovered that the ATM network driver referenced an already released pointer in some circumstances. By sending specially crafted packets to a host over ATM, a remote attacker could exploit this to crash that host. This does not affect Ubuntu 6.10. (CVE-2006-4997) Matthias Andree discovered that the NFS locking management daemon (lockd) did not correctly handle mixing of
    last seen2020-06-01
    modified2020-06-02
    plugin id27981
    published2007-11-10
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27981
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/-2.6.15/-2.6.17 vulnerabilities (USN-395-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-514.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the second regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the second regular kernel update to Red Hat Enterprise Linux 4. New features introduced in this update include: - Audit support - systemtap - kprobes, relayfs - Keyring support - iSCSI Initiator - iscsi_sfnet 4:0.1.11-1 - Device mapper multipath support - Intel dual core support - esb2 chipset support - Increased exec-shield coverage - Dirty page tracking for HA systems - Diskdump -- allow partial diskdumps and directing to swap There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following security bugs were fixed in this update, detailed below with corresponding CAN names available from the Common Vulnerabilities and Exposures project (cve.mitre.org) : - flaws in ptrace() syscall handling on 64-bit systems that allowed a local user to cause a denial of service (crash) (CVE-2005-0756, CVE-2005-1761, CVE-2005-1762, CVE-2005-1763) - flaws in IPSEC network handling that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2456, CVE-2005-2555) - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2490) - a flaw in sendmsg() syscall handling that allowed a local user to cause a denial of service by altering hardware state (CVE-2005-2492) - a flaw that prevented the topdown allocator from allocating mmap areas all the way down to address zero (CVE-2005-1265) - flaws dealing with keyrings that could cause a local denial of service (CVE-2005-2098, CVE-2005-2099) - a flaw in the 4GB split patch that could allow a local denial of service (CVE-2005-2100) - a xattr sharing bug in the ext2 and ext3 file systems that could cause default ACLs to disappear (CVE-2005-2801) - a flaw in the ipt_recent module on 64-bit architectures which could allow a remote denial of service (CVE-2005-2872) The following device drivers have been upgraded to new versions : qla2100 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2200 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2300 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2322 --------- 8.00.00b21-k to 8.01.00b5-rh2 qla2xxx --------- 8.00.00b21-k to 8.01.00b5-rh2 qla6312 --------- 8.00.00b21-k to 8.01.00b5-rh2 megaraid_mbox --- 2.20.4.5 to 2.20.4.6 megaraid_mm ----- 2.20.2.5 to 2.20.2.6 lpfc ------------ 0:8.0.16.6_x2 to 0:8.0.16.17 cciss ----------- 2.6.4 to 2.6.6 ipw2100 --------- 1.0.3 to 1.1.0 tg3 ------------- 3.22-rh to 3.27-rh e100 ------------ 3.3.6-k2-NAPI to 3.4.8-k2-NAPI e1000 ----------- 5.6.10.1-k2-NAPI to 6.0.54-k2-NAPI 3c59x ----------- LK1.1.19 mptbase --------- 3.01.16 to 3.02.18 ixgb ------------ 1.0.66 to 1.0.95-k2-NAPI libata ---------- 1.10 to 1.11 sata_via -------- 1.0 to 1.1 sata_ahci ------- 1.00 to 1.01 sata_qstor ------ 0.04 sata_sil -------- 0.8 to 0.9 sata_svw -------- 1.05 to 1.06 s390: crypto ---- 1.31 to 1.57 s390: zfcp ------ s390: CTC-MPC --- s390: dasd ------- s390: cio ------- s390: qeth ------ All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id19989
    published2005-10-11
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19989
    titleRHEL 4 : kernel (RHSA-2005:514)

Oval

accepted2013-04-29T04:02:37.653-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionsmbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.
familyunix
idoval:org.mitre.oval:def:10171
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlesmbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.
version26

Redhat

rpms
  • kernel-0:2.6.9-22.EL
  • kernel-debuginfo-0:2.6.9-22.EL
  • kernel-devel-0:2.6.9-22.EL
  • kernel-doc-0:2.6.9-22.EL
  • kernel-hugemem-0:2.6.9-22.EL
  • kernel-hugemem-devel-0:2.6.9-22.EL
  • kernel-smp-0:2.6.9-22.EL
  • kernel-smp-devel-0:2.6.9-22.EL

References