Vulnerabilities > CVE-2007-2453 - Unspecified vulnerability in Linux Kernel

047910
CVSS 1.2 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
high complexity
linux
nessus

Summary

The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.

Vulnerable Configurations

Part Description Count
OS
Linux
252

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-600.NASL
    descriptionMerged stable kernel 2.6.20.12, 2.6.20.13, 2.6.20.14: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.12 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.14 Added the latest GFS2 updates from the maintainers. Utrace update. CVE-2007-2451: Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. CVE-2007-2875: Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. CVE-2007-2876: Linux Kernel is prone to multiple weaknesses and vulnerabilities that can allow remote attackers to carry out various attacks, including denial-of-service attacks. CVE-2007-2453: The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25588
    published2007-06-27
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25588
    titleFedora Core 6 : kernel-2.6.20-1.2962.fc6 (2007-600)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-600.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25588);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:26");
    
      script_xref(name:"FEDORA", value:"2007-600");
    
      script_name(english:"Fedora Core 6 : kernel-2.6.20-1.2962.fc6 (2007-600)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Merged stable kernel 2.6.20.12, 2.6.20.13, 2.6.20.14:
    http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.12
    http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13
    http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.14
    
    Added the latest GFS2 updates from the maintainers.
    
    Utrace update.
    
    CVE-2007-2451: Unspecified vulnerability in drivers/crypto/geode-aes.c
    in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to
    obtain sensitive information via unspecified vectors.
    
    CVE-2007-2875: Integer underflow in the cpuset_tasks_read function in
    the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when
    the cpuset filesystem is mounted, allows local users to obtain kernel
    memory contents by using a large offset when reading the
    /dev/cpuset/tasks file.
    
    CVE-2007-2876: Linux Kernel is prone to multiple weaknesses and
    vulnerabilities that can allow remote attackers to carry out various
    attacks, including denial-of-service attacks.
    
    CVE-2007-2453: The random number feature in Linux kernel 2.6 before
    2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed
    pools when there is no entropy, or (2) uses an incorrect cast when
    extracting entropy, which might cause the random number generator to
    provide the same values after reboots on systems without an entropy
    source.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.12
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ca166ff6"
      );
      # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0c8da03c"
      );
      # http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.14
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7a48edc5"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-June/002328.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6344a78a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-PAE-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-PAE-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-PAE-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-PAE-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC6", reference:"kernel-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", cpu:"i386", reference:"kernel-PAE-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", cpu:"i386", reference:"kernel-PAE-debug-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", cpu:"i386", reference:"kernel-PAE-debug-debuginfo-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", cpu:"i386", reference:"kernel-PAE-debug-devel-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", cpu:"i386", reference:"kernel-PAE-devel-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-debug-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-debug-debuginfo-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-debug-devel-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-debuginfo-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-debuginfo-common-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-devel-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-doc-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-headers-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-kdump-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-kdump-debuginfo-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-kdump-devel-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-xen-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-xen-debuginfo-2.6.20-1.2962.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"kernel-xen-devel-2.6.20-1.2962.fc6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debug / kernel-PAE-debug-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-4186.NASL
    descriptionThis kernel update fixes the following security problems : - The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. (CVE-2007-2242) The default is that RH0 is disabled now. To adjust this, write to the file /proc/net/accept_source_route6. - The random number feature in the Linux kernel 2.6 (1) did not properly seed pools when there is no entropy, or (2) used an incorrect cast when extracting entropy, which might have caused the random number generator to provide the same values after reboots on systems without an entropy source. (CVE-2007-2453) - A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable. (CVE-2007-2876) - Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving
    last seen2020-06-01
    modified2020-06-02
    plugin id59123
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59123
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59123);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2525", "CVE-2007-2876", "CVE-2007-3105", "CVE-2007-3107", "CVE-2007-3513", "CVE-2007-3848", "CVE-2007-3851");
    
      script_name(english:"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This kernel update fixes the following security problems :
    
      - The IPv6 protocol allows remote attackers to cause a
        denial of service via crafted IPv6 type 0 route headers
        (IPV6_RTHDR_TYPE_0) that create network amplification
        between two routers. (CVE-2007-2242)
    
        The default is that RH0 is disabled now. To adjust this,
        write to the file /proc/net/accept_source_route6.
    
      - The random number feature in the Linux kernel 2.6 (1)
        did not properly seed pools when there is no entropy, or
        (2) used an incorrect cast when extracting entropy,
        which might have caused the random number generator to
        provide the same values after reboots on systems without
        an entropy source. (CVE-2007-2453)
    
      - A NULL pointer dereference in SCTP connection tracking
        could be caused by a remote attacker by sending
        specially crafted packets. Note that this requires SCTP
        set-up and active to be exploitable. (CVE-2007-2876)
    
      - Stack-based buffer overflow in the random number
        generator (RNG) implementation in the Linux kernel
        before 2.6.22 might allow local root users to cause a
        denial of service or gain privileges by setting the
        default wakeup threshold to a value greater than the
        output pool size, which triggers writing random numbers
        to the stack by the pool transfer function involving
        'bound check ordering'. (CVE-2007-3105)
    
        Since this value can only be changed by a root user,
        exploitability is low.
    
      - The signal handling in the Linux kernel, when run on
        PowerPC systems using HTX, allows local users to cause a
        denial of service via unspecified vectors involving
        floating point corruption and concurrency.
        (CVE-2007-3107)
    
      - Memory leak in the PPP over Ethernet (PPPoE) socket
        implementation in the Linux kernel allowed local users
        to cause a denial of service (memory consumption) by
        creating a socket using connect, and releasing it before
        the PPPIOCGCHAN ioctl is initialized. (CVE-2007-2525)
    
      - The lcd_write function in drivers/usb/misc/usblcd.c in
        the Linux kernel did not limit the amount of memory used
        by a caller, which allowed local users to cause a denial
        of service (memory consumption). (CVE-2007-3513)
    
      - A local attacker could send a death signal to a setuid
        root program under certain conditions, potentially
        causing unwanted behaviour in this program.
        (CVE-2007-3848)
    
      - On machines with a Intel i965 based graphics card local
        users with access to the direct rendering devicenode
        could overwrite memory on the machine and so gain root
        privileges. (CVE-2007-3851)
    
      - Fixed a denial of service possibility where a local
        attacker with access to a pwc camera device could hang
        the USB subsystem. [#302194]
    
    and the following non security bugs :
    
      - patches.arch/ppc-oprofile-970mp.patch: enable ppc64/970
        MP, requires oprofile 0.9.3 [#252696]
    
      - patches.arch/x86_64-no-tsc-with-C3: don't use TSC on
        x86_64 Intel systems when CPU has C3 [#254061]
    
      - patches.arch/x86_64-hpet-lost-interrupts-fix.patch:
        backport x86_64 hpet lost interrupts code [#257035]
    
      - patches.fixes/fusion-nat-consumption-fix: handle a
        potential race in mptbase. This fixes a NaT consumption
        crash [#257412]
    
      - patches.arch/ia64-skip-clock-calibration: enabled
        [#259501]
    
      - patches.fixes/md-raid1-handle-read-error: Correctly
        handle read errors from a failed drive in raid1
        [#261459]
    
      - patches.arch/ia64-fix-kdump-on-init: kdump on INIT needs
        multi-nodes sync-up (v.2) [#265764]
    
      - patches.arch/ia64-perfmon-fix-2: race condition between
        pfm_context_create and pfm_read [#268131]
    
      - patches.fixes/cpufreq_ppc_boot_option.patch: workaround
        for _PPC (BIOS cpufreq limitations) [#269579]
    
      - patches.arch/acpi_package_object_support.patch: ACPI
        package object as method parameter support (in AML)
        [#270956]
    
      - patches.fixes/ia64_cpufreq_PDC.patch: correctly assign
        as cpufreq capable driver (_PDC) to BIOS [#270973]
    
      - patches.arch/ia64-kdump-hpzx1-ioc-workaround: update to
        latest upstream version of the patch [#271158]
    
      - patches.suse/delayacct_memleak.patch: Fix delayacct
        memory leak [#271187]
    
      - patches.fixes/fc_transport-check-portstate-before-scan:
        check FC portstates before invoking target scan
        [#271338]
    
      - patches.fixes/unusual14cd.patch: quirk for 14cd:6600
        [#274087]
    
      -
        patches.fixes/reiserfs-change_generation_on_update_sd.di
        ff: fix assertion failure in reiserfs [#274288]
    
      -
        patches.drivers/d-link-dge-530t-should-use-the-skge-driv
        er.patch: D-Link DGE-530T should use the skge driver
        [#275376]
    
      - patches.arch/ia64-dont-unwind-running-tasks.patch: Only
        unwind non-running tasks [#275854]
    
      - patches.fixes/dm-mpath-rdac-avt-support: short circuit
        RDAC hardware handler in AVT mode [#277834]
    
      - patches.fixes/lkcd-re-enable-valid_phys_addr_range:
        re-enable the valid_phys_addr_range() check [#279433]
    
      - patches.drivers/cciss-panic-on-reboot: when root
        filesystem is xfs the server cannot do a second reboot
        [#279436] Also resolves same issue in [#291759].
    
      - patches.drivers/ide-hpt366-fix-302n-oops: fix hpt302n
        oops [#279705]
    
      - patches.fixes/serial-8250-backup-timer-2-deadlock-fix:
        fix possible deadlock [#280771]
    
      - patches.fixes/nfs-osync-error-return: ensure proper
        error return from O_SYNC writes [#280833]
    
      - patches.fixes/acpi_pci_hotplug_poweroff.patch: ACPI PCI
        hotplug driver acpiphp unable to power off PCI slot
        [#281234]
    
      -
        patches.drivers/pci-hotplug-acpiphp-remove-hot-plug-para
        meter-write-to-pci-host-bridge.patch: remove hot plug
        parameter write to PCI host bridge [#281239]
    
      - patches.fixes/scsi-set-correct-resid: Incorrect 'resid'
        field values when using a tape device [#281640]
    
      - patches.drivers/usb-edgeport-epic-support.patch: USB:
        add EPIC support to the io_edgeport driver [#281921]
    
      - patches.fixes/usb-hid-ncr-no-init-reports.patch: HID:
        Don't initialize reports for NCR devices [#281921]
    
      - patches.drivers/ppc-power6-ehea.patch: use decimal
        values in sysfs propery logical_port_id, fix panic when
        adding / removing logical eHEA ports [#283070]
    
      - patches.arch/ppc-power6-ebus.patch: DLPAR Adapter
        add/remove functionality for eHEA [#283239]
    
      - patches.fixes/nfs-enospc: Return ENOSPC and EDQUOT to
        NFS write requests more promptly [#284042]
    
      -
        patches.drivers/pci-hotplug-acpiphp-avoid-acpiphp-cannot
        -get-bridge-info-pci-hotplug-failure.patch: PCI:
        hotplug: acpiphp: avoid acpiphp 'cannot get bridge info'
        PCI hotplug failure [#286193]
    
      - patches.drivers/lpfc-8.1.10.9-update: lpfc update to
        8.1.10.9 [#286223]
    
      - patches.fixes/make-swappiness-safer-to-use.patch: Handle
        low swappiness gracefully [#288799]
    
      - patches.arch/ppc-oprofile-power5plusplus.patch: oprofile
        support for Power 5++ [#289223]
    
      - patches.drivers/ppc-power6-ehea.patch: Fixed possible
        kernel panic on VLAN packet recv [#289301]
    
      - patches.fixes/igrab_should_check_for_i_clear.patch:
        igrab() should check for I_CLEAR [#289576]
    
      - patches.fixes/wait_for_sysfs_population.diff: Driver
        core: bus device event delay [#289964]
    
      -
        patches.drivers/scsi-throttle-SG_DXFER_TO_FROM_DEV-warni
        ng-better: better throttling of SG_DXFER_TO_FROM_DEV
        warning messages [#290117]
    
      -
        patches.arch/mark-unwind-info-for-signal-trampolines-in-
        vdsos.patch: Mark unwind info for signal trampolines in
        vDSOs [#291421]
    
      - patches.fixes/hugetlbfs-stack-grows-fix.patch: don't
        allow the stack to grow into hugetlb reserved regions
        [#294021]
    
      - patches.drivers/alsa-post-sp1-hda-analog-update: add
        support of of missing AD codecs [#294471]
    
      - patches.drivers/alsa-post-sp1-hda-conexant-fixes: fix
        unterminated arrays [#294480]
    
      - patches.fixes/fix_hpet_init_race.patch: fix a race in
        HPET initialization on x86_64 resulting in a lockup on
        boot [#295115]
    
      - patches.drivers/alsa-post-sp1-hda-sigmatel-pin-fix: Fix
        number of pin widgets with STAC codecs [#295653]
    
      -
        patches.fixes/pci-pcieport-driver-remove-invalid-warning
        -message.patch: PCI: pcieport-driver: remove invalid
        warning message [#297135] [#298561]
    
      - patches.kernel.org/patch-2.6.16.NN-$((NN+1)), NN =
        18,...,52: update to Kernel 2.6.16.53; lots of bugfixes
        [#298719] [#186582] [#186583] [#186584]
    
      - patches.fixes/ocfs2-1.2-svn-r3027.diff: proactive patch
        [#298845]
    
      - patches.drivers/b44-phy-fix: Fix frequent PHY resets
        under load on b44 [#301653]
    
      - dd patches.arch/ppc-eeh-node-status-okay.patch firmware
        returns 'okay' instead of 'ok' for node status [#301788]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2242.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2453.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2525.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2876.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3105.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3107.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3513.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3848.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3851.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4186.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-default-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-smp-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-source-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-syms-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"kernel-xen-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-debug-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-default-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-kdump-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-smp-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-source-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-syms-2.6.16.53-0.8")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"kernel-xen-2.6.16.53-0.8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0376.NASL
    descriptionUpdated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (CVE-2006-7203, Important). * a flaw in the PPP over Ethernet implementation that allowed a remote user to cause a denial of service (CVE-2007-2525, Important). * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak (CVE-2007-1353, Low). * a bug in the random number generator that prevented the manual seeding of the entropy pool (CVE-2007-2453, Low). In addition to the security issues described above, fixes for the following have been included : * a race condition between ext3_link/unlink that could create an orphan inode list corruption. * a bug in the e1000 driver that could lead to a watchdog timeout panic. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43642
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43642
    titleCentOS 5 : kernel (CESA-2007:0376)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-4193.NASL
    descriptionThis kernel update brings the kernel to the one shipped with SLES 10 Service Pack 1 and also fixes the following security problems: - CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. The default is that RH0 is disabled now. To adjust this, write to the file /proc/net/accept_source_route6. - CVE-2007-2453: The random number feature in the Linux kernel 2.6 (1) did not properly seed pools when there is no entropy, or (2) used an incorrect cast when extracting entropy, which might have caused the random number generator to provide the same values after reboots on systems without an entropy source. - CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable. - CVE-2007-3105: Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving
    last seen2020-06-01
    modified2020-06-02
    plugin id27296
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27296
    titleSuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4193)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-599.NASL
    descriptionMerged stable kernel 2.6.20.12, 2.6.20.13, 2.6.20.14: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.12 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.14 Added the latest GFS2 updates from the maintainers. CVE-2007-2451: Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. CVE-2007-2875: Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. CVE-2007-2876: Linux Kernel is prone to multiple weaknesses and vulnerabilities that can allow remote attackers to carry out various attacks, including denial-of-service attacks. CVE-2007-2453: The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25587
    published2007-06-27
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25587
    titleFedora Core 5 : kernel-2.6.20-1.2320.fc5 (2007-599)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0376.NASL
    descriptionFrom Red Hat Security Advisory 2007:0376 : Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (CVE-2006-7203, Important). * a flaw in the PPP over Ethernet implementation that allowed a remote user to cause a denial of service (CVE-2007-2525, Important). * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak (CVE-2007-1353, Low). * a bug in the random number generator that prevented the manual seeding of the entropy pool (CVE-2007-2453, Low). In addition to the security issues described above, fixes for the following have been included : * a race condition between ext3_link/unlink that could create an orphan inode list corruption. * a bug in the e1000 driver that could lead to a watchdog timeout panic. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67502
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67502
    titleOracle Linux 5 : kernel (ELSA-2007-0376)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-489-1.NASL
    descriptionA flaw was discovered in dvb ULE decapsulation. A remote attacker could send a specially crafted message and cause a denial of service. (CVE-2006-4623) The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203) The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005) Due to an variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000) Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353) A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-1861) The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453) A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. (CVE-2007-2525) An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. (CVE-2007-2875) Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. (CVE-2007-2876) Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878) A flaw was discovered in the cluster manager. A remote attacker could connect to the DLM port and block further DLM operations. (CVE-2007-3380) A flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. (CVE-2007-3513). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28090
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28090
    titleUbuntu 6.06 LTS : linux-source-2.6.15 vulnerability (USN-489-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1356.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. - CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. - CVE-2007-2453 A couple of issues with random number generation were discovered. Slightly less random numbers resulted from hashing a subset of the available entropy. Zero-entropy systems were seeded with the same inputs at boot time, resulting in repeatable series of random numbers. - CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. - CVE-2007-2876 Vilmos Nebehaj discovered a NULL pointer dereference condition in the netfilter subsystem. This allows remote systems which communicate using the SCTP protocol to crash a system by creating a connection with an unknown chunk type. - CVE-2007-3513 Oliver Neukum reported an issue in the usblcd driver which, by not limiting the size of write buffers, permits local users with write access to trigger a DoS by consuming all available memory. - CVE-2007-3642 Zhongling Wen reported an issue in nf_conntrack_h323 where the lack of range checking may lead to NULL pointer dereferences. Remote attackers could exploit this to create a DoS condition (system crash). - CVE-2007-3848 Wojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries. - CVE-2007-3851 Dave Airlie reported that Intel 965 and above chipsets have relocated their batch buffer security bits. Local X server users may exploit this to write user data to arbitrary physical memory addresses. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch1. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update : Debian 4.0 (etch) fai-kernels 1.17+etch4 user-mode-linux 2.6.18-1um-2etch3
    last seen2020-06-01
    modified2020-06-02
    plugin id25909
    published2007-08-21
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25909
    titleDebian DSA-1356-1 : linux-2.6 - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-4185.NASL
    descriptionThis kernel update fixes the following security problems : - The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. (CVE-2007-2242) The default is that RH0 is disabled now. To adjust this, write to the file /proc/net/accept_source_route6. - The random number feature in the Linux kernel 2.6 (1) did not properly seed pools when there is no entropy, or (2) used an incorrect cast when extracting entropy, which might have caused the random number generator to provide the same values after reboots on systems without an entropy source. (CVE-2007-2453) - A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable. (CVE-2007-2876) - Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving
    last seen2020-06-01
    modified2020-06-02
    plugin id29487
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29487
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4185)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-470-1.NASL
    descriptionUSN-464-1 fixed several vulnerabilities in the Linux kernel. Some additional code changes were accidentally included in the Feisty update which caused trouble for some people who were not using UUID-based filesystem mounts. These changes have been reverted. We apologize for the inconvenience. For more information see: https://launchpad.net/bugs/117314 https://wiki.ubuntu.com/UsingUUID Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353) The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451) The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28071
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28071
    titleUbuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-470-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-171.NASL
    descriptionSome vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The Linux kernel did not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allowed local users to cause a denial of service (process crash) (CVE-2006-5755). The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode (CVE-2006-7203). The nfnetlink_log function in netfilter allowed an attacker to cause a denial of service (crash) via unspecified vectors which would trigger a NULL pointer dereference (CVE-2007-1496). The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments (CVE-2007-1497). The netlink functionality did not properly handle NETLINK_FIB_LOOKUP replies, which allowed a remote attacker to cause a denial of service (resource consumption) via unspecified vectors, probably related to infinite recursion (CVE-2007-1861). A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions (CVE-2007-2172). The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers (CVE-2007-2242). The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source (CVE-2007-2453). A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized (CVE-2007-2525). An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file (CVE-2007-2875). The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference (CVE-2007-2876). In addition to these security fixes, other fixes have been included such as : - Fix crash on netfilter when nfnetlink_log is used on certain hooks on packets forwarded to or from a bridge - Fixed busy sleep on IPVS which caused high load averages - Fixed possible race condition on ext[34]_link - Fixed missing braces in condition block that led to wrong behaviour in NFS - Fixed XFS lock deallocation that resulted in oops when unmounting To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen2020-06-01
    modified2020-06-02
    plugin id25968
    published2007-09-03
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25968
    titleMandrake Linux Security Advisory : kernel (MDKSA-2007:171)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-486-1.NASL
    descriptionThe compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. (CVE-2006-7203) The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. (CVE-2007-0005) Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. (CVE-2007-1000) Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353) A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. (CVE-2007-1861) A flaw was discovered in the IPv6 stack
    last seen2020-06-01
    modified2020-06-02
    plugin id28087
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28087
    titleUbuntu 6.10 : linux-source-2.6.17 vulnerabilities (USN-486-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0376.NASL
    descriptionUpdated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (CVE-2006-7203, Important). * a flaw in the PPP over Ethernet implementation that allowed a remote user to cause a denial of service (CVE-2007-2525, Important). * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak (CVE-2007-1353, Low). * a bug in the random number generator that prevented the manual seeding of the entropy pool (CVE-2007-2453, Low). In addition to the security issues described above, fixes for the following have been included : * a race condition between ext3_link/unlink that could create an orphan inode list corruption. * a bug in the e1000 driver that could lead to a watchdog timeout panic. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25538
    published2007-06-18
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25538
    titleRHEL 5 : kernel (RHSA-2007:0376)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-0409.NASL
    descriptionRebase to upstream 2.6.21.5, including several security fixes (See CVEs for details). Upstream changelog: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.5 Fedora specific changes detailed below : Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27664
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27664
    titleFedora 7 : kernel-2.6.21-1.3228.fc7 (2007-0409)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-3760.NASL
    descriptionThis kernel update fixes the following security problems : - CVE-2007-1861: The nl_fib_lookup function in net/ipv4/fib_frontend.c allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. - CVE-2007-1496: nfnetlink_log in netfilter allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using
    last seen2020-06-01
    modified2020-06-02
    plugin id27295
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27295
    titleopenSUSE 10 Security Update : kernel (kernel-3760)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070614_KERNEL_ON_SL5_X.NASL
    descriptiona flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (CVE-2006-7203, Important). a flaw in the PPP over Ethernet implementation that allowed a remote user to cause a denial of service (CVE-2007-2525, Important). a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak (CVE-2007-1353, Low). a bug in the random number generator that prevented the manual seeding of the entropy pool (CVE-2007-2453, Low). In addition to the security issues described above, fixes for the following have been included : - a race condition between ext3_link/unlink that could create an orphan inode list corruption. - a bug in the e1000 driver that could lead to a watchdog timeout panic.
    last seen2020-06-01
    modified2020-06-02
    plugin id60209
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60209
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64

Oval

accepted2013-04-29T04:23:39.725-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.
familyunix
idoval:org.mitre.oval:def:9960
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.
version18

Redhat

advisories
rhsa
idRHSA-2007:0376
rpms
  • kernel-0:2.6.18-8.1.6.el5
  • kernel-PAE-0:2.6.18-8.1.6.el5
  • kernel-PAE-debuginfo-0:2.6.18-8.1.6.el5
  • kernel-PAE-devel-0:2.6.18-8.1.6.el5
  • kernel-debuginfo-0:2.6.18-8.1.6.el5
  • kernel-debuginfo-common-0:2.6.18-8.1.6.el5
  • kernel-devel-0:2.6.18-8.1.6.el5
  • kernel-doc-0:2.6.18-8.1.6.el5
  • kernel-headers-0:2.6.18-8.1.6.el5
  • kernel-kdump-0:2.6.18-8.1.6.el5
  • kernel-kdump-debuginfo-0:2.6.18-8.1.6.el5
  • kernel-kdump-devel-0:2.6.18-8.1.6.el5
  • kernel-xen-0:2.6.18-8.1.6.el5
  • kernel-xen-debuginfo-0:2.6.18-8.1.6.el5
  • kernel-xen-devel-0:2.6.18-8.1.6.el5

Statements

contributorMark J Cox
lastmodified2007-06-12
organizationRed Hat
statementThis issue did not affect the versions of the the Linux kernel supplied with Red Hat Enterprise Linux 2.1, 3, or 4. For systems based on Red Hat Enterprise Linux 5, this is only an issue for systems without a real time clock, harddrive activity, or user input during boot time. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241718 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/