Vulnerabilities > CVE-2007-0958 - Local Information Disclosure vulnerability in Linux Kernel BINFMT_ELF PT_INTERP
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
Vulnerable Configurations
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0488.NASL description Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important) * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important) * a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important) * a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important) * a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate) * a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) In addition, the following bugs were addressed : * the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures. * the 32bit compatibility didn last seen 2020-06-01 modified 2020-06-02 plugin id 25605 published 2007-06-27 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25605 title RHEL 4 : kernel (RHSA-2007:0488) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0488. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(25605); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2006-5158", "CVE-2006-7203", "CVE-2007-0773", "CVE-2007-0958", "CVE-2007-1353", "CVE-2007-2172", "CVE-2007-2525", "CVE-2007-2876", "CVE-2007-3104"); script_bugtraq_id(23870, 24376, 24631); script_xref(name:"RHSA", value:"2007:0488"); script_name(english:"RHEL 4 : kernel (RHSA-2007:0488)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important) * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important) * a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important) * a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important) * a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate) * a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) In addition, the following bugs were addressed : * the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures. * the 32bit compatibility didn't return to userspace correct values for the rt_sigtimedwait system call. * the count for unused inodes could be incorrect at times, resulting in dirty data not being written to disk in a timely manner. * the cciss driver had an incorrect disk size calculation (off-by-one error) which prevented disk dumps. Red Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel team for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-5158" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7203" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0773" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0958" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1353" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2172" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2525" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2876" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3104" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0488" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/05"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2006-5158", "CVE-2006-7203", "CVE-2007-0773", "CVE-2007-0958", "CVE-2007-1353", "CVE-2007-2172", "CVE-2007-2525", "CVE-2007-2876", "CVE-2007-3104"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2007:0488"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0488"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"kernel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", reference:"kernel-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", reference:"kernel-doc-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-55.0.2.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-451-1.NASL description The kernel key management code did not correctly handle key reuse. A local attacker could create many key requests, leading to a denial of service. (CVE-2007-0006) The kernel NFS code did not correctly validate NFSACL2 ACCESS requests. If a system was serving NFS mounts, a remote attacker could send a specially crafted packet, leading to a denial of service. (CVE-2007-0772) When dumping core, the kernel did not correctly handle PT_INTERP processes. A local attacker could create situations where they could read the contents of otherwise unreadable executable programs. (CVE-2007-0958). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28048 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28048 title Ubuntu 6.06 LTS / 6.10 : linux-source-2.6.15/2.6.17 vulnerabilities (USN-451-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-451-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28048); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-0006", "CVE-2007-0772", "CVE-2007-0958"); script_xref(name:"USN", value:"451-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 : linux-source-2.6.15/2.6.17 vulnerabilities (USN-451-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The kernel key management code did not correctly handle key reuse. A local attacker could create many key requests, leading to a denial of service. (CVE-2007-0006) The kernel NFS code did not correctly validate NFSACL2 ACCESS requests. If a system was serving NFS mounts, a remote attacker could send a specially crafted packet, leading to a denial of service. (CVE-2007-0772) When dumping core, the kernel did not correctly handle PT_INTERP processes. A local attacker could create situations where they could read the contents of otherwise unreadable executable programs. (CVE-2007-0958). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/451-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.17"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.17"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-0006", "CVE-2007-0772", "CVE-2007-0958"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-451-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"linux-doc-2.6.15", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-28", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-28-386", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-28-686", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-28-amd64-generic", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-28-amd64-k8", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-28-amd64-server", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-28-amd64-xeon", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-28-server", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-28-386", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-28-686", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-28-amd64-generic", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-28-amd64-k8", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-28-amd64-server", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-28-amd64-xeon", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-28-server", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-kernel-devel", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-source-2.6.15", pkgver:"2.6.15-28.53")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-doc-2.6.17", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-headers-2.6.17-11", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-headers-2.6.17-11-386", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-headers-2.6.17-11-generic", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-headers-2.6.17-11-server", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-2.6.17-11-386", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-2.6.17-11-generic", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-2.6.17-11-server", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-debug-2.6.17-11-386", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-debug-2.6.17-11-generic", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-debug-2.6.17-11-server", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-kdump", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-kernel-devel", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-libc-dev", pkgver:"2.6.17.1-11.37")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-source-2.6.17", pkgver:"2.6.17.1-11.37")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc-2.6.15 / linux-doc-2.6.17 / linux-headers-2.6 / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-078.NASL description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : When SELinux hooks are enabled, the kernel could allow a local user to cause a DoS (crash) via a malformed file stream that triggers a NULL pointer derefernece (CVE-2006-6056). Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges. (CVE-2007-0005) The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that triggered a free of an incorrect pointer (CVE-2007-0772). A local user could read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump; a variant of CVE-2004-1073 (CVE-2007-0958). The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference. (CVE-2007-1000) Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet. (CVE-2007-1217) The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel 2.6.17, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference. (CVE-2007-1388) net/ipv6/tcp_ipv6.c in Linux kernel 2.4 and 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double-free by opening a listeing IPv6 socket, attaching a flow label, and connecting to that socket. (CVE-2007-1592) The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as : - Suspend to disk speed improvements - Add nmi watchdog support for core2 - Add atl1 driver - Update KVM - Add acer_acpi - Update asus_acpi - Fix suspend on r8169, i8259A - Fix suspend when using ondemand governor - Add ide acpi support - Add suspend/resume support for sata_nv chipsets. - USB: Let USB-Serial option driver handle anydata devices (#29066) - USB: Add PlayStation 2 Trance Vibrator driver - Fix bogus delay loop in video/aty/mach64_ct.c - Add MCP61 support (#29398) - USB: fix floppy drive SAMSUNG SFD-321U/EP detected 8 times bug - Improve keyboard handling on Apple MacBooks - Add -latest patch - Workaround a possible binutils bug in smp alternatives - Add forcedeth support - Fix potential deadlock in driver core (USB hangs at boot time #24683) To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate last seen 2020-06-01 modified 2020-06-02 plugin id 24944 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24944 title Mandrake Linux Security Advisory : kernel (MDKSA-2007:078) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:078. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(24944); script_version ("1.22"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2006-6056", "CVE-2007-0005", "CVE-2007-0772", "CVE-2007-0958", "CVE-2007-1000", "CVE-2007-1217", "CVE-2007-1388", "CVE-2007-1592"); script_bugtraq_id(22625); script_xref(name:"MDKSA", value:"2007:078"); script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2007:078)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : When SELinux hooks are enabled, the kernel could allow a local user to cause a DoS (crash) via a malformed file stream that triggers a NULL pointer derefernece (CVE-2006-6056). Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges. (CVE-2007-0005) The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that triggered a free of an incorrect pointer (CVE-2007-0772). A local user could read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump; a variant of CVE-2004-1073 (CVE-2007-0958). The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference. (CVE-2007-1000) Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet. (CVE-2007-1217) The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel 2.6.17, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference. (CVE-2007-1388) net/ipv6/tcp_ipv6.c in Linux kernel 2.4 and 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double-free by opening a listeing IPv6 socket, attaching a flow label, and connecting to that socket. (CVE-2007-1592) The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as : - Suspend to disk speed improvements - Add nmi watchdog support for core2 - Add atl1 driver - Update KVM - Add acer_acpi - Update asus_acpi - Fix suspend on r8169, i8259A - Fix suspend when using ondemand governor - Add ide acpi support - Add suspend/resume support for sata_nv chipsets. - USB: Let USB-Serial option driver handle anydata devices (#29066) - USB: Add PlayStation 2 Trance Vibrator driver - Fix bogus delay loop in video/aty/mach64_ct.c - Add MCP61 support (#29398) - USB: fix floppy drive SAMSUNG SFD-321U/EP detected 8 times bug - Improve keyboard handling on Apple MacBooks - Add -latest patch - Workaround a possible binutils bug in smp alternatives - Add forcedeth support - Fix potential deadlock in driver core (USB hangs at boot time #24683) To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.17.13mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc-2.6.17.13mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.13mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.13mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.17.13mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.17.13mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.17.13mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.17.13mdv"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"kernel-2.6.17.13mdv-1-1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kernel-doc-2.6.17.13mdv-1-1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"kernel-enterprise-2.6.17.13mdv-1-1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"kernel-legacy-2.6.17.13mdv-1-1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kernel-source-2.6.17.13mdv-1-1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kernel-source-stripped-2.6.17.13mdv-1-1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kernel-xen0-2.6.17.13mdv-1-1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kernel-xenU-2.6.17.13mdv-1-1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0099.NASL description Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important) * a flaw in the Omnikey CardMan 4040 driver that allowed a local user to execute arbitrary code with kernel privileges. In order to exploit this issue, the Omnikey CardMan 4040 PCMCIA card must be present and the local user must have access rights to the character device created by the driver. (CVE-2007-0005, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) In addition to the security issues described above, a fix for a kernel panic in the powernow-k8 module, and a fix for a kernel panic when booting the Xen domain-0 on system with large memory installations have been included. Red Hat would like to thank Daniel Roethlisberger for reporting an issue fixed in this erratum. Red Hat Enterprise Linux 5 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. last seen 2020-06-01 modified 2020-06-02 plugin id 25319 published 2007-05-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25319 title RHEL 5 : kernel (RHSA-2007:0099) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0099. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(25319); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2007-0005", "CVE-2007-0006", "CVE-2007-0958"); script_xref(name:"RHSA", value:"2007:0099"); script_name(english:"RHEL 5 : kernel (RHSA-2007:0099)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important) * a flaw in the Omnikey CardMan 4040 driver that allowed a local user to execute arbitrary code with kernel privileges. In order to exploit this issue, the Omnikey CardMan 4040 PCMCIA card must be present and the local user must have access rights to the character device created by the driver. (CVE-2007-0005, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) In addition to the security issues described above, a fix for a kernel panic in the powernow-k8 module, and a fix for a kernel panic when booting the Xen domain-0 on system with large memory installations have been included. Red Hat would like to thank Daniel Roethlisberger for reporting an issue fixed in this erratum. Red Hat Enterprise Linux 5 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0005" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0006" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0958" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0099" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-0005", "CVE-2007-0006", "CVE-2007-0958"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2007:0099"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0099"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-8.1.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-8.1.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / kernel-doc / etc"); } }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0488.NASL description Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important) * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important) * a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important) * a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important) * a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate) * a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) In addition, the following bugs were addressed : * the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures. * the 32bit compatibility didn last seen 2020-06-01 modified 2020-06-02 plugin id 25575 published 2007-06-27 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25575 title CentOS 4 : kernel (CESA-2007:0488) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0488 and # CentOS Errata and Security Advisory 2007:0488 respectively. # include("compat.inc"); if (description) { script_id(25575); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-5158", "CVE-2006-7203", "CVE-2007-0773", "CVE-2007-0958", "CVE-2007-1353", "CVE-2007-2172", "CVE-2007-2525", "CVE-2007-2876", "CVE-2007-3104"); script_bugtraq_id(23870, 24376, 24631); script_xref(name:"RHSA", value:"2007:0488"); script_name(english:"CentOS 4 : kernel (CESA-2007:0488)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important) * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important) * a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important) * a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important) * a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate) * a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) In addition, the following bugs were addressed : * the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures. * the 32bit compatibility didn't return to userspace correct values for the rt_sigtimedwait system call. * the count for unused inodes could be incorrect at times, resulting in dirty data not being written to disk in a timely manner. * the cciss driver had an incorrect disk size calculation (off-by-one error) which prevented disk dumps. Red Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel team for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum." ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013980.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4473df7d" ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013981.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?060b053f" ); # https://lists.centos.org/pipermail/centos-announce/2007-June/014010.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5408e7ae" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/05"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"kernel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", reference:"kernel-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-doc-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-doc-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"kernel-largesmp-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"kernel-largesmp-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-55.0.2.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-55.0.2.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1286.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-0005 Daniel Roethlisberger discovered two buffer overflows in the cm4040 driver for the Omnikey CardMan 4040 device. A local user or malicious device could exploit this to execute arbitrary code in kernel space. - CVE-2007-0958 Santosh Eraniose reported a vulnerability that allows local users to read otherwise unreadable files by triggering a core dump while using PT_INTERP. This is related to CVE-2004-1073. - CVE-2007-1357 Jean Delvare reported a vulnerability in the appletalk subsystem. Systems with the appletalk module loaded can be triggered to crash by other systems on the local network via a malformed frame. - CVE-2007-1592 Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). last seen 2020-06-01 modified 2020-06-02 plugin id 25153 published 2007-05-03 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25153 title Debian DSA-1286-1 : linux-2.6 - several vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20070625_KERNEL_ON_SL4_X.NASL description These new kernel packages contain fixes for the security issues described below : - a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) - a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important) - a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important) - a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important) - a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important) - a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate) - a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate) - a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) - a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) In addition, the following bugs were addressed : - the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures. - the 32bit compatibility didn last seen 2020-06-01 modified 2020-06-02 plugin id 60215 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60215 title Scientific Linux Security Update : kernel on SL4.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1304.NASL description CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. This update also fixes a regression in the smbfs subsystem which was introduced in DSA-1233which caused symlinks to be interpreted as regular files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4811 David Gibson reported an issue in the hugepage code which could permit a local DoS (system crash) on appropriately configured systems. - CVE-2006-4814 Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling. - CVE-2006-4623 Ang Way Chuang reported a remote DoS (crash) in the dvb driver which can be triggered by a ULE package with an SNDU length of 0. - CVE-2006-5753 Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad. - CVE-2006-5754 Darrick Wong discovered a local DoS (crash) vulnerability resulting from the incorrect initialization of last seen 2020-06-01 modified 2020-06-02 plugin id 25529 published 2007-06-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25529 title Debian DSA-1304-1 : kernel-source-2.6.8 - several vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-060.NASL description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The 2.6.17 kernel and earlier, when running on IA64 and SPARC platforms would allow a local user to cause a DoS (crash) via a malformed ELF file (CVE-2006-4538). The mincore function in the Linux kernel did not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock (CVE-2006-4814). An unspecified vulnerability in the listxattr system call, when a last seen 2020-06-01 modified 2020-06-02 plugin id 24810 published 2007-03-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24810 title Mandrake Linux Security Advisory : kernel (MDKSA-2007:060) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0488.NASL description From Red Hat Security Advisory 2007:0488 : Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : * a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important) * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important) * a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important) * a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important) * a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate) * a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) In addition, the following bugs were addressed : * the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures. * the 32bit compatibility didn last seen 2020-06-01 modified 2020-06-02 plugin id 67520 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67520 title Oracle Linux 4 : kernel (ELSA-2007-0488)
Oval
| accepted | 2013-04-29T04:04:49.671-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10343 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://osvdb.org/35930
- http://rhn.redhat.com/errata/RHSA-2007-0488.html
- http://secunia.com/advisories/24482
- http://secunia.com/advisories/24752
- http://secunia.com/advisories/24777
- http://secunia.com/advisories/25078
- http://secunia.com/advisories/25714
- http://secunia.com/advisories/25838
- http://secunia.com/advisories/26289
- http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm
- http://www.debian.org/security/2007/dsa-1286
- http://www.debian.org/security/2007/dsa-1304
- http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:060
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
- http://www.redhat.com/support/errata/RHSA-2007-0099.html
- http://www.securityfocus.com/bid/22903
- http://www.ubuntu.com/usn/usn-451-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10343