Vulnerabilities > CVE-2007-2242 - Unspecified vulnerability in Ietf Ipv6

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ietf
nessus

Summary

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.

Vulnerable Configurations

Part Description Count
OS
Openbsd
2
OS
Netbsd
2
OS
Freebsd
2
Application
Ietf
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-4186.NASL
    descriptionThis kernel update fixes the following security problems : - The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. (CVE-2007-2242) The default is that RH0 is disabled now. To adjust this, write to the file /proc/net/accept_source_route6. - The random number feature in the Linux kernel 2.6 (1) did not properly seed pools when there is no entropy, or (2) used an incorrect cast when extracting entropy, which might have caused the random number generator to provide the same values after reboots on systems without an entropy source. (CVE-2007-2453) - A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable. (CVE-2007-2876) - Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving
    last seen2020-06-01
    modified2020-06-02
    plugin id59123
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59123
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59123);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2525", "CVE-2007-2876", "CVE-2007-3105", "CVE-2007-3107", "CVE-2007-3513", "CVE-2007-3848", "CVE-2007-3851");
    
      script_name(english:"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This kernel update fixes the following security problems :
    
      - The IPv6 protocol allows remote attackers to cause a
        denial of service via crafted IPv6 type 0 route headers
        (IPV6_RTHDR_TYPE_0) that create network amplification
        between two routers. (CVE-2007-2242)
    
        The default is that RH0 is disabled now. To adjust this,
        write to the file /proc/net/accept_source_route6.
    
      - The random number feature in the Linux kernel 2.6 (1)
        did not properly seed pools when there is no entropy, or
        (2) used an incorrect cast when extracting entropy,
        which might have caused the random number generator to
        provide the same values after reboots on systems without
        an entropy source. (CVE-2007-2453)
    
      - A NULL pointer dereference in SCTP connection tracking
        could be caused by a remote attacker by sending
        specially crafted packets. Note that this requires SCTP
        set-up and active to be exploitable. (CVE-2007-2876)
    
      - Stack-based buffer overflow in the random number
        generator (RNG) implementation in the Linux kernel
        before 2.6.22 might allow local root users to cause a
        denial of service or gain privileges by setting the
        default wakeup threshold to a value greater than the
        output pool size, which triggers writing random numbers
        to the stack by the pool transfer function involving
        'bound check ordering'. (CVE-2007-3105)
    
        Since this value can only be changed by a root user,
        exploitability is low.
    
      - The signal handling in the Linux kernel, when run on
        PowerPC systems using HTX, allows local users to cause a
        denial of service via unspecified vectors involving
        floating point corruption and concurrency.
        (CVE-2007-3107)
    
      - Memory leak in the PPP over Ethernet (PPPoE) socket
        implementation in the Linux kernel allowed local users
        to cause a denial of service (memory consumption) by
        creating a socket using connect, and releasing it before
        the PPPIOCGCHAN ioctl is initialized. (CVE-2007-2525)
    
      - The lcd_write function in drivers/usb/misc/usblcd.c in
        the Linux kernel did not limit the amount of memory used
        by a caller, which allowed local users to cause a denial
        of service (memory consumption). (CVE-2007-3513)
    
      - A local attacker could send a death signal to a setuid
        root program under certain conditions, potentially
        causing unwanted behaviour in this program.
        (CVE-2007-3848)
    
      - On machines with a Intel i965 based graphics card local
        users with access to the direct rendering devicenode
        could overwrite memory on the machine and so gain root
        privileges. (CVE-2007-3851)
    
      - Fixed a denial of service possibility where a local
        attacker with access to a pwc camera device could hang
        the USB subsystem. [#302194]
    
    and the following non security bugs :
    
      - patches.arch/ppc-oprofile-970mp.patch: enable ppc64/970
        MP, requires oprofile 0.9.3 [#252696]
    
      - patches.arch/x86_64-no-tsc-with-C3: don't use TSC on
        x86_64 Intel systems when CPU has C3 [#254061]
    
      - patches.arch/x86_64-hpet-lost-interrupts-fix.patch:
        backport x86_64 hpet lost interrupts code [#257035]
    
      - patches.fixes/fusion-nat-consumption-fix: handle a
        potential race in mptbase. This fixes a NaT consumption
        crash [#257412]
    
      - patches.arch/ia64-skip-clock-calibration: enabled
        [#259501]
    
      - patches.fixes/md-raid1-handle-read-error: Correctly
        handle read errors from a failed drive in raid1
        [#261459]
    
      - patches.arch/ia64-fix-kdump-on-init: kdump on INIT needs
        multi-nodes sync-up (v.2) [#265764]
    
      - patches.arch/ia64-perfmon-fix-2: race condition between
        pfm_context_create and pfm_read [#268131]
    
      - patches.fixes/cpufreq_ppc_boot_option.patch: workaround
        for _PPC (BIOS cpufreq limitations) [#269579]
    
      - patches.arch/acpi_package_object_support.patch: ACPI
        package object as method parameter support (in AML)
        [#270956]
    
      - patches.fixes/ia64_cpufreq_PDC.patch: correctly assign
        as cpufreq capable driver (_PDC) to BIOS [#270973]
    
      - patches.arch/ia64-kdump-hpzx1-ioc-workaround: update to
        latest upstream version of the patch [#271158]
    
      - patches.suse/delayacct_memleak.patch: Fix delayacct
        memory leak [#271187]
    
      - patches.fixes/fc_transport-check-portstate-before-scan:
        check FC portstates before invoking target scan
        [#271338]
    
      - patches.fixes/unusual14cd.patch: quirk for 14cd:6600
        [#274087]
    
      -
        patches.fixes/reiserfs-change_generation_on_update_sd.di
        ff: fix assertion failure in reiserfs [#274288]
    
      -
        patches.drivers/d-link-dge-530t-should-use-the-skge-driv
        er.patch: D-Link DGE-530T should use the skge driver
        [#275376]
    
      - patches.arch/ia64-dont-unwind-running-tasks.patch: Only
        unwind non-running tasks [#275854]
    
      - patches.fixes/dm-mpath-rdac-avt-support: short circuit
        RDAC hardware handler in AVT mode [#277834]
    
      - patches.fixes/lkcd-re-enable-valid_phys_addr_range:
        re-enable the valid_phys_addr_range() check [#279433]
    
      - patches.drivers/cciss-panic-on-reboot: when root
        filesystem is xfs the server cannot do a second reboot
        [#279436] Also resolves same issue in [#291759].
    
      - patches.drivers/ide-hpt366-fix-302n-oops: fix hpt302n
        oops [#279705]
    
      - patches.fixes/serial-8250-backup-timer-2-deadlock-fix:
        fix possible deadlock [#280771]
    
      - patches.fixes/nfs-osync-error-return: ensure proper
        error return from O_SYNC writes [#280833]
    
      - patches.fixes/acpi_pci_hotplug_poweroff.patch: ACPI PCI
        hotplug driver acpiphp unable to power off PCI slot
        [#281234]
    
      -
        patches.drivers/pci-hotplug-acpiphp-remove-hot-plug-para
        meter-write-to-pci-host-bridge.patch: remove hot plug
        parameter write to PCI host bridge [#281239]
    
      - patches.fixes/scsi-set-correct-resid: Incorrect 'resid'
        field values when using a tape device [#281640]
    
      - patches.drivers/usb-edgeport-epic-support.patch: USB:
        add EPIC support to the io_edgeport driver [#281921]
    
      - patches.fixes/usb-hid-ncr-no-init-reports.patch: HID:
        Don't initialize reports for NCR devices [#281921]
    
      - patches.drivers/ppc-power6-ehea.patch: use decimal
        values in sysfs propery logical_port_id, fix panic when
        adding / removing logical eHEA ports [#283070]
    
      - patches.arch/ppc-power6-ebus.patch: DLPAR Adapter
        add/remove functionality for eHEA [#283239]
    
      - patches.fixes/nfs-enospc: Return ENOSPC and EDQUOT to
        NFS write requests more promptly [#284042]
    
      -
        patches.drivers/pci-hotplug-acpiphp-avoid-acpiphp-cannot
        -get-bridge-info-pci-hotplug-failure.patch: PCI:
        hotplug: acpiphp: avoid acpiphp 'cannot get bridge info'
        PCI hotplug failure [#286193]
    
      - patches.drivers/lpfc-8.1.10.9-update: lpfc update to
        8.1.10.9 [#286223]
    
      - patches.fixes/make-swappiness-safer-to-use.patch: Handle
        low swappiness gracefully [#288799]
    
      - patches.arch/ppc-oprofile-power5plusplus.patch: oprofile
        support for Power 5++ [#289223]
    
      - patches.drivers/ppc-power6-ehea.patch: Fixed possible
        kernel panic on VLAN packet recv [#289301]
    
      - patches.fixes/igrab_should_check_for_i_clear.patch:
        igrab() should check for I_CLEAR [#289576]
    
      - patches.fixes/wait_for_sysfs_population.diff: Driver
        core: bus device event delay [#289964]
    
      -
        patches.drivers/scsi-throttle-SG_DXFER_TO_FROM_DEV-warni
        ng-better: better throttling of SG_DXFER_TO_FROM_DEV
        warning messages [#290117]
    
      -
        patches.arch/mark-unwind-info-for-signal-trampolines-in-
        vdsos.patch: Mark unwind info for signal trampolines in
        vDSOs [#291421]
    
      - patches.fixes/hugetlbfs-stack-grows-fix.patch: don't
        allow the stack to grow into hugetlb reserved regions
        [#294021]
    
      - patches.drivers/alsa-post-sp1-hda-analog-update: add
        support of of missing AD codecs [#294471]
    
      - patches.drivers/alsa-post-sp1-hda-conexant-fixes: fix
        unterminated arrays [#294480]
    
      - patches.fixes/fix_hpet_init_race.patch: fix a race in
        HPET initialization on x86_64 resulting in a lockup on
        boot [#295115]
    
      - patches.drivers/alsa-post-sp1-hda-sigmatel-pin-fix: Fix
        number of pin widgets with STAC codecs [#295653]
    
      -
        patches.fixes/pci-pcieport-driver-remove-invalid-warning
        -message.patch: PCI: pcieport-driver: remove invalid
        warning message [#297135] [#298561]
    
      - patches.kernel.org/patch-2.6.16.NN-$((NN+1)), NN =
        18,...,52: update to Kernel 2.6.16.53; lots of bugfixes
        [#298719] [#186582] [#186583] [#186584]
    
      - patches.fixes/ocfs2-1.2-svn-r3027.diff: proactive patch
        [#298845]
    
      - patches.drivers/b44-phy-fix: Fix frequent PHY resets
        under load on b44 [#301653]
    
      - dd patches.arch/ppc-eeh-node-status-okay.patch firmware
        returns 'okay' instead of 'ok' for node status [#301788]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2242.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2453.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2525.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2876.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3105.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3107.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3513.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3848.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3851.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4186.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-default-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-smp-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-source-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-syms-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-xen-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-debug-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-default-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-kdump-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-smp-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-source-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-syms-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-xen-2.6.16.53-0.8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0347.NASL
    descriptionUpdated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). * a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). * a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). * a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). * a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included : * a regression in ipv6 routing. * an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. * the nmi watchdog timeout was updated from 5 to 30 seconds. * a flaw in distributed lock management that could result in errors during virtual machine migration. * an omitted include in kernel-headers that led to compile failures for some packages. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25333
    published2007-05-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25333
    titleRHEL 5 : kernel (RHSA-2007:0347)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0347. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25333);
      script_version ("1.29");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2007-1496", "CVE-2007-1497", "CVE-2007-1592", "CVE-2007-1861", "CVE-2007-2172", "CVE-2007-2242");
      script_bugtraq_id(23104, 23615);
      script_xref(name:"RHSA", value:"2007:0347");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2007:0347)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix security issues and bugs in the Red
    Hat Enterprise Linux 5 kernel are now available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Linux kernel handles the basic functions of the operating system.
    
    These new kernel packages contain fixes for the following security
    issues :
    
    * a flaw in the handling of IPv6 type 0 routing headers that allowed
    remote users to cause a denial of service that led to a network
    amplification between two routers (CVE-2007-2242, Important).
    
    * a flaw in the nfnetlink_log netfilter module that allowed a local
    user to cause a denial of service (CVE-2007-1496, Important).
    
    * a flaw in the flow list of listening IPv6 sockets that allowed a
    local user to cause a denial of service (CVE-2007-1592, Important).
    
    * a flaw in the handling of netlink messages that allowed a local user
    to cause a denial of service (infinite recursion) (CVE-2007-1861,
    Important).
    
    * a flaw in the IPv4 forwarding base that allowed a local user to
    cause an out-of-bounds access (CVE-2007-2172, Important).
    
    * a flaw in the nf_conntrack netfilter module for IPv6 that allowed
    remote users to bypass certain netfilter rules using IPv6 fragments
    (CVE-2007-1497, Moderate).
    
    In addition to the security issues described above, fixes for the
    following have been included :
    
    * a regression in ipv6 routing.
    
    * an error in memory initialization that caused gdb to output
    inaccurate backtraces on ia64.
    
    * the nmi watchdog timeout was updated from 5 to 30 seconds.
    
    * a flaw in distributed lock management that could result in errors
    during virtual machine migration.
    
    * an omitted include in kernel-headers that led to compile failures
    for some packages.
    
    Red Hat Enterprise Linux 5 users are advised to upgrade to these
    packages, which contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1496"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1592"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1861"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2242"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:0347"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/05/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2007-1496", "CVE-2007-1497", "CVE-2007-1592", "CVE-2007-1861", "CVE-2007-2172", "CVE-2007-2242");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2007:0347");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:0347";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-8.1.4.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-8.1.4.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / kernel-doc / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-4193.NASL
    descriptionThis kernel update brings the kernel to the one shipped with SLES 10 Service Pack 1 and also fixes the following security problems: - CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. The default is that RH0 is disabled now. To adjust this, write to the file /proc/net/accept_source_route6. - CVE-2007-2453: The random number feature in the Linux kernel 2.6 (1) did not properly seed pools when there is no entropy, or (2) used an incorrect cast when extracting entropy, which might have caused the random number generator to provide the same values after reboots on systems without an entropy source. - CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable. - CVE-2007-3105: Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving
    last seen2020-06-01
    modified2020-06-02
    plugin id27296
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27296
    titleSuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4193)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(27296);
     script_cve_id("CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2876", "CVE-2007-3105", "CVE-2007-3107", "CVE-2007-2525", "CVE-2007-3513", "CVE-2007-3851");
    
     script_version ("1.13");
    
     name["english"] = "SuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4193)";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote SuSE system is missing the security patch kernel-4193." );
     script_set_attribute(attribute:"description", value:
    "This kernel update brings the kernel to the one shipped
    with SLES 10 Service Pack 1 and also fixes the following
    security problems:
    
    - CVE-2007-2242: The IPv6 protocol allows remote attackers
      to cause a denial of service via crafted IPv6 type 0
      route headers (IPV6_RTHDR_TYPE_0) that create network
      amplification between two routers. 
    
      The default is that RH0 is disabled now. To adjust this,
    write to the file /proc/net/accept_source_route6.
    
    - CVE-2007-2453: The random number feature in the Linux
      kernel 2.6 (1) did not properly seed pools when there is
      no entropy, or (2) used an incorrect cast when extracting
      entropy, which might have caused the random number
      generator to provide the same values after reboots on
      systems without an entropy source.
    
    - CVE-2007-2876: A NULL pointer dereference in SCTP
      connection tracking could be caused by a remote attacker
      by sending specially crafted packets. Note that this
      requires SCTP set-up and active to be exploitable.
    
    - CVE-2007-3105: Stack-based buffer overflow in the random
      number generator (RNG) implementation in the Linux kernel
      before 2.6.22 might allow local root users to cause a
      denial of service or gain privileges by setting the
      default wakeup threshold to a value greater than the
      output pool size, which triggers writing random numbers
      to the stack by the pool transfer function involving
      'bound check ordering'.
    
      Since this value can only be changed by a root user,
    exploitability is low.
    
    - CVE-2007-3107: The signal handling in the Linux kernel,
      when run on PowerPC systems using HTX, allows local users
      to cause a denial of service via unspecified vectors
      involving floating point corruption and concurrency.
    
    - CVE-2007-2525: Memory leak in the PPP over Ethernet
      (PPPoE) socket implementation in the Linux kernel allowed
      local users to cause a denial of service (memory
      consumption) by creating a socket using connect, and
      releasing it before the PPPIOCGCHAN ioctl is initialized.
    
    - CVE-2007-3513: The lcd_write function in
      drivers/usb/misc/usblcd.c in the Linux kernel did not
      limit the amount of memory used by a caller, which
      allowed local users to cause a denial of service (memory
      consumption).
    
    - CVE-2007-3851: On machines with a Intel i965 based
      graphics card local users with access to the direct
      rendering devicenode could overwrite memory on the
      machine and so gain root privileges.
    
    This kernel is not compatible to the previous SUSE Linux
    10.1 kernel, so the Kernel Module Packages will need to be
    updated." );
     script_set_attribute(attribute:"solution", value:
    "Install the security patch kernel-4193." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
     script_cwe_id(119, 399);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/10/17");
     script_cvs_date("Date: 2019/10/25 13:36:30");
     script_end_attributes();
    
     
     summary["english"] = "Checks for the kernel-4193 package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    
    if ( rpm_check( reference:"kernel-bigsmp-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-debug-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-default-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-iseries64-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-kdump-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-ppc64-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-smp-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-source-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-syms-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-um-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-xen-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kernel-xenpae-2.6.16.53-0.8", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"kexec-tools-1.101-32.42", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"mkinitrd-1.2-106.58", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"multipath-tools-0.4.6-25.21", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"open-iscsi-2.0.707-0.25", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    if ( rpm_check( reference:"udev-085-30.40", release:"SUSE10.1") )
    {
    	security_hole(port:0, extra:rpm_report_get());
    	exit(0);
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070516_KERNEL_ON_SL5_X.NASL
    descriptionThese new kernel packages contain fixes for the following security issues : - a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). - a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). - a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). - a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). - a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). - a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included : - a regression in ipv6 routing. - an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. - the nmi watchdog timeout was updated from 5 to 30 seconds. - a flaw in distributed lock management that could result in errors during virtual machine migration. - an omitted include in kernel-headers that led to compile failures for some packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id60181
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60181
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-483.NASL
    descriptionLinux kernel 2.6.20.7 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.7 Previous kernel had most of this update already applied. Linux kernel 2.6.20.8 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.8 Fixes CVE-2007-1861 Linux kernel 2.6.20.9 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.9 Fixes CVE-2007-2242 Linux kernel 2.6.20.10 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.10 Fixes two bugs introduced by the two previous updates. CVE-2007-1861: The netlink protocol has an infinite recursion bug that allows users to cause a kernel crash. CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25128
    published2007-05-02
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25128
    titleFedora Core 5 : kernel-2.6.20-1.2316.fc5 (2007-483)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-4185.NASL
    descriptionThis kernel update fixes the following security problems : - The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. (CVE-2007-2242) The default is that RH0 is disabled now. To adjust this, write to the file /proc/net/accept_source_route6. - The random number feature in the Linux kernel 2.6 (1) did not properly seed pools when there is no entropy, or (2) used an incorrect cast when extracting entropy, which might have caused the random number generator to provide the same values after reboots on systems without an entropy source. (CVE-2007-2453) - A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable. (CVE-2007-2876) - Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving
    last seen2020-06-01
    modified2020-06-02
    plugin id29487
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29487
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4185)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-482.NASL
    descriptionLinux kernel 2.6.20.7 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.7 Previous kernel had most of this update already applied. Linux kernel 2.6.20.8 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.8 Fixes CVE-2007-1861 Linux kernel 2.6.20.9 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.9 Fixes CVE-2007-2242 Linux kernel 2.6.20.10 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.10 Fixes two bugs introduced by the two previous updates. CVE-2007-1861: The netlink protocol has an infinite recursion bug that allows users to cause a kernel crash. CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25127
    published2007-05-02
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25127
    titleFedora Core 6 : kernel-2.6.20-1.2948.fc6 (2007-482)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-171.NASL
    descriptionSome vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The Linux kernel did not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allowed local users to cause a denial of service (process crash) (CVE-2006-5755). The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode (CVE-2006-7203). The nfnetlink_log function in netfilter allowed an attacker to cause a denial of service (crash) via unspecified vectors which would trigger a NULL pointer dereference (CVE-2007-1496). The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments (CVE-2007-1497). The netlink functionality did not properly handle NETLINK_FIB_LOOKUP replies, which allowed a remote attacker to cause a denial of service (resource consumption) via unspecified vectors, probably related to infinite recursion (CVE-2007-1861). A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions (CVE-2007-2172). The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers (CVE-2007-2242). The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source (CVE-2007-2453). A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized (CVE-2007-2525). An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file (CVE-2007-2875). The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference (CVE-2007-2876). In addition to these security fixes, other fixes have been included such as : - Fix crash on netfilter when nfnetlink_log is used on certain hooks on packets forwarded to or from a bridge - Fixed busy sleep on IPVS which caused high load averages - Fixed possible race condition on ext[34]_link - Fixed missing braces in condition block that led to wrong behaviour in NFS - Fixed XFS lock deallocation that resulted in oops when unmounting To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen2020-06-01
    modified2020-06-02
    plugin id25968
    published2007-09-03
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25968
    titleMandrake Linux Security Advisory : kernel (MDKSA-2007:171)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-4929.NASL
    descriptionThis kernel update fixes the following security problems : CVE-2008-0007: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. CVE-2008-0001: Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code. CVE-2007-5966: Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. CVE-2007-3843: The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. CVE-2007-6417: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). CVE-2007-4308: The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel did not check permissions for ioctls, which might have allowed local users to cause a denial of service or gain privileges. CVE-2007-3740: The CIFS filesystem, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. CVE-2007-3848: The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). CVE-2007-4997: Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel allowed remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an
    last seen2020-06-01
    modified2020-06-02
    plugin id30142
    published2008-02-01
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30142
    titleopenSUSE 10 Security Update : kernel (kernel-4929)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-486-1.NASL
    descriptionThe compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203) The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005) Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000) Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353) A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-1861) A flaw was discovered in the IPv6 stack
    last seen2020-06-01
    modified2020-06-02
    plugin id28087
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28087
    titleUbuntu 6.10 : linux-source-2.6.17 vulnerabilities (USN-486-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0347.NASL
    descriptionFrom Red Hat Security Advisory 2007:0347 : Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). * a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). * a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). * a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). * a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included : * a regression in ipv6 routing. * an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. * the nmi watchdog timeout was updated from 5 to 30 seconds. * a flaw in distributed lock management that could result in errors during virtual machine migration. * an omitted include in kernel-headers that led to compile failures for some packages. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67495
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67495
    titleOracle Linux 5 : kernel (ELSA-2007-0347)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-508-1.NASL
    descriptionA buffer overflow was discovered in the Moxa serial driver. Local attackers could execute arbitrary code and gain root privileges. (CVE-2005-0504) A flaw was discovered in the IPv6 stack
    last seen2020-06-01
    modified2020-06-02
    plugin id28112
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28112
    titleUbuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-508-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-3760.NASL
    descriptionThis kernel update fixes the following security problems : - CVE-2007-1861: The nl_fib_lookup function in net/ipv4/fib_frontend.c allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. - CVE-2007-1496: nfnetlink_log in netfilter allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using
    last seen2020-06-01
    modified2020-06-02
    plugin id27295
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27295
    titleopenSUSE 10 Security Update : kernel (kernel-3760)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0347.NASL
    descriptionUpdated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). * a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). * a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). * a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). * a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included : * a regression in ipv6 routing. * an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. * the nmi watchdog timeout was updated from 5 to 30 seconds. * a flaw in distributed lock management that could result in errors during virtual machine migration. * an omitted include in kernel-headers that led to compile failures for some packages. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43641
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43641
    titleCentOS 5 : kernel (CESA-2007:0347)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_4_10.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.10. This update a security fix for IPv6 type 0 routing headers, which might be abused by an attacker to consume excessive bandwidth.
    last seen2020-06-01
    modified2020-06-02
    plugin id25554
    published2007-06-21
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25554
    titleMac OS X 10.4.x < 10.4.10 IPv6 Type 0 Route Headers DoS

Oval

accepted2013-04-29T04:20:22.851-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
familyunix
idoval:org.mitre.oval:def:9574
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
version18

Redhat

advisories
bugzilla
id238960
titleCVE-2007-1861 infinite recursion in netlink
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • commentkernel earlier than 0:2.6.18-8.1.4.el5 is currently running
        ovaloval:com.redhat.rhsa:tst:20070347021
      • commentkernel earlier than 0:2.6.18-8.1.4.el5 is set to boot up on next boot
        ovaloval:com.redhat.rhsa:tst:20070347022
    • OR
      • AND
        • commentkernel-doc is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347001
        • commentkernel-doc is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314002
      • AND
        • commentkernel-devel is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347003
        • commentkernel-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314016
      • AND
        • commentkernel-headers is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347005
        • commentkernel-headers is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314006
      • AND
        • commentkernel is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347007
        • commentkernel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314008
      • AND
        • commentkernel-kdump is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347009
        • commentkernel-kdump is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314010
      • AND
        • commentkernel-kdump-devel is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347011
        • commentkernel-kdump-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314012
      • AND
        • commentkernel-xen-devel is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347013
        • commentkernel-xen-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314020
      • AND
        • commentkernel-xen is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347015
        • commentkernel-xen is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314018
      • AND
        • commentkernel-PAE-devel is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347017
        • commentkernel-PAE-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314022
      • AND
        • commentkernel-PAE is earlier than 0:2.6.18-8.1.4.el5
          ovaloval:com.redhat.rhsa:tst:20070347019
        • commentkernel-PAE is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314024
rhsa
idRHSA-2007:0347
released2007-05-16
severityImportant
titleRHSA-2007:0347: kernel security and bug fix update (Important)
rpms
  • kernel-0:2.6.18-8.1.4.el5
  • kernel-PAE-0:2.6.18-8.1.4.el5
  • kernel-PAE-debuginfo-0:2.6.18-8.1.4.el5
  • kernel-PAE-devel-0:2.6.18-8.1.4.el5
  • kernel-debuginfo-0:2.6.18-8.1.4.el5
  • kernel-debuginfo-common-0:2.6.18-8.1.4.el5
  • kernel-devel-0:2.6.18-8.1.4.el5
  • kernel-doc-0:2.6.18-8.1.4.el5
  • kernel-headers-0:2.6.18-8.1.4.el5
  • kernel-kdump-0:2.6.18-8.1.4.el5
  • kernel-kdump-debuginfo-0:2.6.18-8.1.4.el5
  • kernel-kdump-devel-0:2.6.18-8.1.4.el5
  • kernel-xen-0:2.6.18-8.1.4.el5
  • kernel-xen-debuginfo-0:2.6.18-8.1.4.el5
  • kernel-xen-devel-0:2.6.18-8.1.4.el5

References