Vulnerabilities > CVE-2007-4997 - Numeric Errors vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0993.NASL description Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) A flaw was found in the handling of IEEE 802.11 frames affecting several wireless LAN modules. In certain circumstances, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network and cause a denial of service (kernel crash). (CVE-2007-4997, Important). A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate). In addition to the security issues described above, several bug fixes preventing possible memory corruption, system crashes, SCSI I/O fails, networking drivers performance regression and journaling block device layer issue were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues. Red Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle for reporting the security issues corrected by this update. last seen 2020-06-01 modified 2020-06-02 plugin id 28363 published 2007-11-30 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28363 title RHEL 5 : kernel (RHSA-2007:0993) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0993. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(28363); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2007-4571", "CVE-2007-4997", "CVE-2007-5494"); script_bugtraq_id(25807, 26337); script_xref(name:"RHSA", value:"2007:0993"); script_name(english:"RHEL 5 : kernel (RHSA-2007:0993)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) A flaw was found in the handling of IEEE 802.11 frames affecting several wireless LAN modules. In certain circumstances, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network and cause a denial of service (kernel crash). (CVE-2007-4997, Important). A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate). In addition to the security issues described above, several bug fixes preventing possible memory corruption, system crashes, SCSI I/O fails, networking drivers performance regression and journaling block device layer issue were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues. Red Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle for reporting the security issues corrected by this update." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4571" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4997" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5494" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0993" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/26"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-4571", "CVE-2007-4997", "CVE-2007-5494"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2007:0993"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0993"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-53.1.4.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-53.1.4.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-574-1.NASL description The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2006-6058) The signal handling on PowerPC systems using HTX allowed local users to cause a denial of service via floating point corruption. This was only vulnerable in Ubuntu 6.10 and 7.04. (CVE-2007-3107) The Linux kernel did not properly validate the hop-by-hop IPv6 extended header. Remote attackers could send a crafted IPv6 packet and cause a denial of service via kernel panic. This was only vulnerable in Ubuntu 7.04. (CVE-2007-4567) The JFFS2 filesystem with ACL support enabled did not properly store permissions during inode creation and ACL setting. Local users could possibly access restricted files after a remount. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4849) Chris Evans discovered an issue with certain drivers that use the ieee80211_rx function. Remote attackers could send a crafted 802.11 frame and cause a denial of service via crash. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4997) Alex Smith discovered an issue with the pwc driver for certain webcam devices. A local user with physical access to the system could remove the device while a userspace application had it open and cause the USB subsystem to block. This was only vulnerable in Ubuntu 7.04. (CVE-2007-5093) Scott James Remnant discovered a coding error in ptrace. Local users could exploit this and cause the kernel to enter an infinite loop. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-5500) It was discovered that the Linux kernel could dereference a NULL pointer when processing certain IPv4 TCP packets. A remote attacker could send a crafted TCP ACK response and cause a denial of service via crash. This was only vulnerable in Ubuntu 7.10. (CVE-2007-5501) Warren Togami discovered that the hrtimer subsystem did not properly check for large relative timeouts. A local user could exploit this and cause a denial of service via soft lockup. (CVE-2007-5966) Venustech AD-LAB discovered a buffer overflow in the isdn net subsystem. This issue is exploitable by local users via crafted input to the isdn_ioctl function. (CVE-2007-6063) It was discovered that the isdn subsystem did not properly check for NULL termination when performing ioctl handling. A local user could exploit this to cause a denial of service. (CVE-2007-6151) Blake Frantz discovered that when a root process overwrote an existing core file, the resulting core file retained the previous core file last seen 2020-06-01 modified 2020-06-02 plugin id 30183 published 2008-02-05 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30183 title Ubuntu 6.10 / 7.04 / 7.10 : linux-source-2.6.17/20/22 vulnerabilities (USN-574-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-574-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(30183); script_version("1.21"); script_cvs_date("Date: 2019/10/16 10:34:22"); script_cve_id("CVE-2006-6058", "CVE-2007-3107", "CVE-2007-4567", "CVE-2007-4849", "CVE-2007-4997", "CVE-2007-5093", "CVE-2007-5500", "CVE-2007-5501", "CVE-2007-5966", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6417", "CVE-2008-0001"); script_xref(name:"USN", value:"574-1"); script_name(english:"Ubuntu 6.10 / 7.04 / 7.10 : linux-source-2.6.17/20/22 vulnerabilities (USN-574-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2006-6058) The signal handling on PowerPC systems using HTX allowed local users to cause a denial of service via floating point corruption. This was only vulnerable in Ubuntu 6.10 and 7.04. (CVE-2007-3107) The Linux kernel did not properly validate the hop-by-hop IPv6 extended header. Remote attackers could send a crafted IPv6 packet and cause a denial of service via kernel panic. This was only vulnerable in Ubuntu 7.04. (CVE-2007-4567) The JFFS2 filesystem with ACL support enabled did not properly store permissions during inode creation and ACL setting. Local users could possibly access restricted files after a remount. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4849) Chris Evans discovered an issue with certain drivers that use the ieee80211_rx function. Remote attackers could send a crafted 802.11 frame and cause a denial of service via crash. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4997) Alex Smith discovered an issue with the pwc driver for certain webcam devices. A local user with physical access to the system could remove the device while a userspace application had it open and cause the USB subsystem to block. This was only vulnerable in Ubuntu 7.04. (CVE-2007-5093) Scott James Remnant discovered a coding error in ptrace. Local users could exploit this and cause the kernel to enter an infinite loop. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-5500) It was discovered that the Linux kernel could dereference a NULL pointer when processing certain IPv4 TCP packets. A remote attacker could send a crafted TCP ACK response and cause a denial of service via crash. This was only vulnerable in Ubuntu 7.10. (CVE-2007-5501) Warren Togami discovered that the hrtimer subsystem did not properly check for large relative timeouts. A local user could exploit this and cause a denial of service via soft lockup. (CVE-2007-5966) Venustech AD-LAB discovered a buffer overflow in the isdn net subsystem. This issue is exploitable by local users via crafted input to the isdn_ioctl function. (CVE-2007-6063) It was discovered that the isdn subsystem did not properly check for NULL termination when performing ioctl handling. A local user could exploit this to cause a denial of service. (CVE-2007-6151) Blake Frantz discovered that when a root process overwrote an existing core file, the resulting core file retained the previous core file's ownership. Local users could exploit this to gain access to sensitive information. (CVE-2007-6206) Hugh Dickins discovered the when using the tmpfs filesystem, under rare circumstances, a kernel page may be improperly cleared. A local user may be able to exploit this and read sensitive kernel data or cause a denial of service via crash. (CVE-2007-6417) Bill Roman discovered that the VFS subsystem did not properly check access modes. A local user may be able to gain removal privileges on directories. (CVE-2008-0001). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/574-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 119, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.17"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.20"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-lowlatency"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lowlatency"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-lowlatency"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.17"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.20"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2006-6058", "CVE-2007-3107", "CVE-2007-4567", "CVE-2007-4849", "CVE-2007-4997", "CVE-2007-5093", "CVE-2007-5500", "CVE-2007-5501", "CVE-2007-5966", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6417", "CVE-2008-0001"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-574-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"6.10", pkgname:"linux-doc-2.6.17", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-headers-2.6.17-12", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-headers-2.6.17-12-386", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-headers-2.6.17-12-generic", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-headers-2.6.17-12-server", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-2.6.17-12-386", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-2.6.17-12-generic", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-2.6.17-12-server", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-debug-2.6.17-12-386", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-debug-2.6.17-12-generic", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-debug-2.6.17-12-server", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-image-kdump", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-kernel-devel", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-libc-dev", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"linux-source-2.6.17", pkgver:"2.6.17.1-12.43")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-doc-2.6.20", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-headers-2.6.20-16", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-headers-2.6.20-16-386", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-headers-2.6.20-16-generic", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-headers-2.6.20-16-lowlatency", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-headers-2.6.20-16-server", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-image-2.6.20-16-386", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-image-2.6.20-16-generic", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-image-2.6.20-16-lowlatency", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-image-2.6.20-16-server", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-image-debug-2.6.20-16-386", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-image-debug-2.6.20-16-generic", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-image-debug-2.6.20-16-lowlatency", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-image-debug-2.6.20-16-server", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-kernel-devel", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-libc-dev", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"linux-source-2.6.20", pkgver:"2.6.20-16.34")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-doc-2.6.22", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-14", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-14-386", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-14-generic", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-14-rt", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-14-server", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-14-ume", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-14-virtual", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-14-xen", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-386", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-cell", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-generic", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-lpia", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-lpiacompat", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-rt", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-server", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-ume", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-virtual", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-14-xen", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-debug-2.6.22-14-386", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-debug-2.6.22-14-generic", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-debug-2.6.22-14-server", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-image-debug-2.6.22-14-virtual", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-kernel-devel", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-libc-dev", pkgver:"2.6.22-14.51")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"linux-source-2.6.22", pkgver:"2.6.22-14.51")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc-2.6.17 / linux-doc-2.6.20 / linux-doc-2.6.22 / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-232.NASL description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream (CVE-2006-6058). An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set (CVE-2007-4997). To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate last seen 2020-06-01 modified 2020-06-02 plugin id 36221 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36221 title Mandrake Linux Security Advisory : kernel (MDKSA-2007:232) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:232. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(36221); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2006-6058", "CVE-2007-4997"); script_xref(name:"MDKSA", value:"2007:232"); script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2007:232)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream (CVE-2006-6058). An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set (CVE-2007-4997). To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-latest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-latest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-laptop-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-laptop-devel-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-laptop-devel-latest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-laptop-latest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel-latest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-latest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.22.12-1mdv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-latest"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"kernel-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-desktop-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-desktop-devel-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-desktop-devel-latest-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-desktop-latest-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"kernel-desktop586-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"kernel-desktop586-devel-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"kernel-desktop586-devel-latest-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"kernel-desktop586-latest-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-doc-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-laptop-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-laptop-devel-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-laptop-devel-latest-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-laptop-latest-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-server-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-server-devel-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-server-devel-latest-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-server-latest-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-source-2.6.22.12-1mdv-1-1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kernel-source-latest-2.6.22.12-1mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1428.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : This is an update to DSA 1428-1 which omitted a reference to CVE-2007-5904. - CVE-2007-3104 Eric Sandeen provided a backport of Tejun Heo last seen 2020-06-01 modified 2020-06-02 plugin id 29263 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29263 title Debian DSA-1428-2 : linux-2.6 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1428. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(29263); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-3104", "CVE-2007-4997", "CVE-2007-5500", "CVE-2007-5904"); script_xref(name:"DSA", value:"1428"); script_name(english:"Debian DSA-1428-2 : linux-2.6 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : This is an update to DSA 1428-1 which omitted a reference to CVE-2007-5904. - CVE-2007-3104 Eric Sandeen provided a backport of Tejun Heo's fix for a local denial of service vulnerability in sysfs. Under memory pressure, a dentry structure maybe reclaimed resulting in a bad pointer dereference causing an oops during a readdir. - CVE-2007-4997 Chris Evans discovered an issue with certain drivers that make use of the Linux kernel's ieee80211 layer. A remote user could generate a malicious 802.11 frame that could result in a denial of service (crash). The ipw2100 driver is known to be affected by this issue, while the ipw2200 is believed not to be. - CVE-2007-5500 Scott James Remnant diagnosed a coding error in the implementation of ptrace which could be used by a local user to cause the kernel to enter an infinite loop. - CVE-2007-5904 Przemyslaw Wegrzyn discovered an issue in the CIFS filesystem that could allow a malicious server to cause a denial of service (crash) by overflowing a buffer. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch5. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update : Debian 4.0 (etch) fai-kernels 1.17+etch.13etch5 user-mode-linux 2.6.18-1um-2etch.13etch5" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3104" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4997" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-5500" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-5904" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1428" ); script_set_attribute( attribute:"solution", value: "Upgrade the kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"fai-kernels", reference:"1.17+etch.13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-doc-2.6.18", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-486", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-686-bigmem", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-alpha", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-arm", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-hppa", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-i386", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-ia64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-mips", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-mipsel", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-powerpc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-s390", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-all-sparc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-alpha-generic", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-alpha-legacy", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-alpha-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-footbridge", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-iop32x", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-itanium", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-ixp4xx", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-k7", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-mckinley", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-parisc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-parisc-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-parisc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-parisc64-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-powerpc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-powerpc-miboot", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-powerpc-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-powerpc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-prep", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-qemu", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-r3k-kn02", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-r4k-ip22", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-r4k-kn04", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-r5k-cobalt", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-r5k-ip32", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-rpc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-s390", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-s390x", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-s3c2410", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-sb1-bcm91250a", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-sb1a-bcm91480b", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-sparc32", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-sparc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-sparc64-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-vserver", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-vserver-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-vserver-alpha", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-vserver-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-vserver-k7", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-vserver-powerpc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-vserver-powerpc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-vserver-s390x", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-vserver-sparc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-xen", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-xen-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-xen-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-xen-vserver", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-xen-vserver-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-5-xen-vserver-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-486", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-686-bigmem", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-alpha-generic", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-alpha-legacy", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-alpha-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-footbridge", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-iop32x", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-itanium", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-ixp4xx", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-k7", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-mckinley", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-parisc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-parisc-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-parisc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-parisc64-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-powerpc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-powerpc-miboot", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-powerpc-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-powerpc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-prep", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-qemu", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-r3k-kn02", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-r4k-ip22", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-r4k-kn04", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-r5k-cobalt", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-r5k-ip32", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-rpc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-s390", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-s390-tape", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-s390x", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-s3c2410", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-sb1-bcm91250a", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-sb1a-bcm91480b", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-sparc32", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-sparc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-sparc64-smp", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-vserver-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-vserver-alpha", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-vserver-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-vserver-k7", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-vserver-powerpc", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-vserver-powerpc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-vserver-s390x", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-vserver-sparc64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-xen-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-xen-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-xen-vserver-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-5-xen-vserver-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-manual-2.6.18", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-5-xen-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-5-xen-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-5-xen-vserver-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-5-xen-vserver-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-patch-debian-2.6.18", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-source-2.6.18", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-support-2.6.18-5", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"linux-tree-2.6.18", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"user-mode-linux", reference:"2.6.18-1um-2etch.13etch5")) flag++; if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-5-xen-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-5-xen-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-5-xen-vserver-686", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-5-xen-vserver-amd64", reference:"2.6.18.dfsg.1-13etch5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1104.NASL description From Red Hat Security Advisory 2007:1104 : Updated kernel packages that fix various security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed : * when running the last seen 2020-06-01 modified 2020-06-02 plugin id 67619 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67619 title Oracle Linux 4 : kernel (ELSA-2007-1104) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1104 and # Oracle Linux Security Advisory ELSA-2007-1104 respectively. # include("compat.inc"); if (description) { script_id(67619); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-4997", "CVE-2007-5494"); script_bugtraq_id(26337); script_xref(name:"RHSA", value:"2007:1104"); script_name(english:"Oracle Linux 4 : kernel (ELSA-2007-1104)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:1104 : Updated kernel packages that fix various security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed : * when running the 'ls -la' command on an NFSv4 mount point, incorrect file attributes, and outdated file size and timestamp information were returned. As well, symbolic links may have been displayed as actual files. * a bug which caused the cmirror write path to appear deadlocked after a successful recovery, which may have caused syncing to hang, has been resolved. * a kernel panic which occurred when manually configuring LCS interfaces on the IBM S/390 has been resolved. * when running a 32-bit binary on a 64-bit system, it was possible to mmap page at address 0 without flag MAP_FIXED set. This has been resolved in these updated packages. * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI interrupt counter in '/proc/interrupts' on systems running an AMD Opteron CPU. This caused systems running NMI Watchdog to restart at regular intervals. * a bug which caused the diskdump utility to run very slowly on devices using Fusion MPT has been resolved. All users are advised to upgrade to these updated packages, which resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000460.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/06"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-4997", "CVE-2007-5494"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2007-1104"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL4", rpm:"kernel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-devel-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-devel-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-doc-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-doc-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-doc-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-doc-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-67.0.1.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-67.0.1.0.1.EL")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-4641.NASL description This kernel update fixes the following security problems : ++ CVE-2006-6058: A local denial of service when mounting MINIX filesystems was fixed. ++ CVE-2007-4997: A 2 byte buffer underflow in the ieee80211 stack was fixed, which might be used by attackers in WLAN reach to crash the machine. and the following non security bugs : ++ Kernel update to 2.6.22.12 including fixes for: genirq, x86_64, Infiband, networking, hwmon, device removal bug [#332612] ++ patches.drivers/alsa-hdsp-zero-division: hdsp - Fix zero division (mainline: 2.6.24-rc1) ++ patches.drivers/libata-ata_piix-properly_terminate_DMI_syste m_list: Fix improperly terminated array ++ patches.rt/patch-2.6.22.1-rt4.openSUSE: updated existing patch (RT only) ++ patches.drivers/alsa-hda-robust-probe: hda-intel - Improve HD-audio codec probing robustness [#172330] ++ patches.drivers/alsa-hda-probe-blacklist: hda-intel - Add probe_mask blacklist [#172330] ++ patches.fixes/megaraid_mbox-dell-cerc-support: Dell CERC support for megaraid_mbox [#267134] ++ patches.suse/reiserfs-use-reiserfs_error.diff: updated existing patch [#299604] ++ patches.arch/acpi_gpe_suspend_cleanup-fix.patch: ACPI: Call acpi_enable_wakeup_device at power_off (updated) [#299882] ++ patches.suse/ocfs2-15-fix-heartbeat-write.diff: Fix heartbeat block writing [#300730] ++ patches.suse/ocfs2-14-fix-notifier-hang.diff: Fix kernel hang during cluster initialization [#300730] ++ patches.arch/acpi_autoload_bay.patch: updated existing patch [#302482] ++ patches.suse/zc0301_not_claim_logitech_quickcamera.diff: stop the zc0301 driver from claiming the Logitech QuickCam [#307055] ++ patches.fixes/aux-at_vector_size.patch: Fixed kernel auxv vector overflow in some binfmt_misc cases [#310037] ++ patches.fixes/nfs-name-len-limit: NFS: Fix an Oops in encode_lookup() [#325913] ++ patches.arch/acpi_lid-resume.patch: ACPI: button: send initial lid state after add and resume [#326814] ++ patches.fixes/remove-transparent-bridge-sizing: PCI: remove transparent bridge sizing [#331027] ++ patches.fixes/fat_optimize-count-freeclus.patch: Make scan of FAT table faster [#331600] ++ patches.suse/reiserfs-remove-first-zero-hint.diff: reiserfs: remove first_zero_hint (updated) [#331814] ++ patches.drivers/aic7xxx-add-suspend-resume-support: aic7xxx: Add suspend/resume support [#332048] ++ patches.drivers/alsa-emu10k1-spdif-mem-fix: emu10k1 - Fix memory corruption [#333314] ++ patches.drivers/alsa-hda-stac-avoid-zero-nid: Fix error probing with STAC codecs [#333320] ++ patches.arch/acpi_ec_fix_battery.patch: Fix battery/EC issues on Acer and Asus laptops [#334806] ++ patches.suse/reiserfs-make-per-inode-xattr-locking-more-fine -grained.diff: fixed a bad unlock in reiserfs_xattr_get() [#336669] ++ patches.fixes/ramdisk-2.6.23-corruption_fix.diff: rd: fix data corruption on memory pressure [#338643] ++ patches.drivers/add-wacom-pnp_devices.patch: wacom tablet pnp IDs to 8250_pnp.c [#339288] last seen 2020-06-01 modified 2020-06-02 plugin id 28172 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28172 title openSUSE 10 Security Update : kernel (kernel-4641) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0993.NASL description From Red Hat Security Advisory 2007:0993 : Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues : A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) A flaw was found in the handling of IEEE 802.11 frames affecting several wireless LAN modules. In certain circumstances, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network and cause a denial of service (kernel crash). (CVE-2007-4997, Important). A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate). In addition to the security issues described above, several bug fixes preventing possible memory corruption, system crashes, SCSI I/O fails, networking drivers performance regression and journaling block device layer issue were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues. Red Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle for reporting the security issues corrected by this update. last seen 2020-06-01 modified 2020-06-02 plugin id 67595 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67595 title Oracle Linux 5 : kernel (ELSA-2007-0993) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1104.NASL description Updated kernel packages that fix various security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed : * when running the last seen 2020-06-01 modified 2020-06-02 plugin id 29751 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29751 title CentOS 4 : kernel (CESA-2007:1104) NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-4745.NASL description This kernel update fixes the following security problems : - The sysfs_readdir function in the Linux kernel 2.6 allows local users to cause a denial of service (kernel OOPS) by dereferencing a NULL pointer to an inode in a dentry. (CVE-2007-3104) - A 2 byte buffer underflow in the ieee80211 stack was fixed, which might be used by attackers in the local WLAN reach to crash the machine. (CVE-2007-4997) - The CIFS filesystem, when Unix extension support is enabled, did not honor the umask of a process, which allowed local users to gain privileges. (CVE-2007-3740) - It was possible for local user to become root by exploiting a bug in the IA32 system call emulation. This problem affects the x86_64 platform only, on all distributions. (CVE-2007-4573) This problem was fixed for regular kernels, but had not been fixed for the XEN kernels. This update fixes the problem also for the XEN kernels. - The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid did not check permissions for ioctls, which might have allowed local users to cause a denial of service or gain privileges. (CVE-2007-4308) - The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843) - Multiple buffer overflows in CIFS VFS in the Linux kernel allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function. (CVE-2007-5904) This requires the attacker to mis-present / replace a CIFS server the client machine is connected to. - Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux kernel allowed local users to have an unknown impact via a crafted argument to the isdn_ioctl function. (CVE-2007-6063) and the following non security bugs : - patches.drivers/pci-delete-ACPI-hook-from-pci_set_power_stat e.patch: Delete ACPI hook from pci_set_power_state() [#162320] Still execute the code on Lenovo ThinkPads (or USB ports do not work anymore after suspend [#329232] - patches.drivers/alsa-post-sp1-hda-probe-blacklist: [ALSA] hda-intel - Add probe_mask blacklist [#172330] - patches.drivers/alsa-post-sp1-hda-robust-probe: [ALSA] hda-intel - Improve HD-audio codec probing robustness [#172330] - patches.arch/i386-hpet-lost-interrupts-fix.patch: Backport i386 hpet lost interrupts code [#257035] - patches.fixes/megaraid_mbox-dell-cerc-support: Dell CERC support for megaraid_mbox [#267134] - patches.fixes/nfsv4-MAXNAME-fix.diff: knfsd: query filesystem for NFSv4 getattr of FATTR4_MAXNAME [#271803] - patches.drivers/ide-amd74xx-add-ignore_enablebits-parameter: amd74xx: add ignore_enable_bits module parameter [#272786] - patches.fixes/legacy-pty-count-kernel-parm.patch: Add a kernel boot parameter to overwrite the legacy PTY count. The default value of 64 is insufficient occasionally [#277846] - patches.fixes/lockd-grant-shutdown: Stop GRANT callback from crashing if NFS server has been stopped. [#292478] - Kernel update to 2.6.16.54 [#298719] including (among others) : - lots of md fixes - fix of sparc bugs - fix of TCP handling of SACK in bidirectional flows - fix of MCA bus matching - fix of PPC issues : - Fix osize too small errors when decoding mppe. - Fix output buffer size in ppp_decompress_frame(). - patches.fixes/assign-task_struct.exit_code-before-taskstats_ exit.patch: Assign task_struct.exit_code before taskstats_exit() [#307504] - patches.fixes/bonding_no_addrconf_for_bond_slaves: bonding / ipv6: no addrconf for slaves separately from master. [#310254] - patches.fixes/bonding_support_carrier_state_for_master: bonding: support carrier state for master [#310254] - patches.fixes/fix-sys-devices-system-node-node0-meminfo-from -having-anonpages-wrapped.patch: fix /sys/devices/system/node/node0/meminfo from having anonpages wrapped [#310744] - patches.fixes/nfs-remove-bogus-cache-change-attribute-check. diff fix bogus cache change to make data available immediately, on direct write [#325877] - patches.fixes/tcp-send-ACKs-each-2nd-received-segment.patch: Send ACKs each 2nd received segment. This fixes a problem where the tcp cubic congestion algorithm was too slow in converging [#327848] - patches.drivers/libata-fix-spindown: libata: fix disk spindown on shutdown [#330722] - patches.fixes/scsi-reset-resid: busy status on tape write results in incorrect residual [#330926] - patches.fixes/condense-output-of-show_free_areas.patch: Condense output of show_free_areas() [#331251] - patches.arch/powernowk8_family_freq_from_fiddid.patch: To find the frequency given the fid and did is family dependent. [#332722] - patches.fixes/tcp-saner-thash_entries-default.patch: Limit the size of the TCP established hash to 512k entries by default [#333273] - patches.drivers/alsa-emu10k1-spdif-mem-fix: [ALSA] emu10k1 - Fix memory corruption [#333314] - patches.drivers/alsa-post-sp1-hda-stac-error-fix: [ALSA] Fix error probing with STAC codecs [#333320] - patches.fixes/qla2xxx-avoid-duplicate-pci_disable_device : Fixup patch to not refer to stale pointer [#333542] - large backport of dm-crypt fixes: [#333905] - patches.fixes/dm-disable_barriers.diff: dm: disable barriers. - patches.fixes/dm-crypt-restructure_for_workqueue_change.diff - patches.fixes/dm-crypt-restructure_write_processing.diff - patches.fixes/dm-crypt-move_io_to_workqueue.diff - patches.fixes/dm-crypt-use_private_biosets.diff - patches.fixes/dm-crypt-fix_call_to_clone_init.diff - patches.fixes/dm-crypt-fix_avoid_cloned_bio_ref_after_free.d iff - patches.fixes/dm-crypt-fix_remove_first_clone.diff - patches.fixes/dm-crypt-use_smaller_bvecs_in_clones.diff - patches.fixes/dm-crypt-fix_panic_on_large_request.diff - patches.fixes/initramfs-fix-cpio-hardlink-check.patch: initramfs: fix CPIO hardlink check [#334612] - patches.drivers/lpfc-8.1.10.12-update: driver update to fix severe issues in lpfc 8.1.10.9 driver [#334630] [#342044] - patches.fixes/nfs-direct-io-fix-1: NFS: Fix error handling in nfs_direct_write_result() [#336200] - patches.fixes/nfs-direct-io-fix-2: NFS: Fix a refcount leakage in O_DIRECT [#336200] - add patches.drivers/ibmvscsi-migration-login.patch prohibit IO during adapter login process [#337980] - patches.arch/acpi_thinkpad_brightness_fix.patch: Take care of latest Lenovo ThinkPad brightness control [#338274] [#343660] - patches.fixes/ramdisk-2.6.23-corruption_fix.diff: rd: fix data corruption on memory pressure [#338643] - patches.fixes/fc_transport-remove-targets-on-host-remove : memory use after free error in mptfc [#338730] - patches.fixes/ipmi-ipmi_msghandler.c-fix-a-memory-leak.patch : IPMI: ipmi_msghandler.c: fix a memory leak [#339413] - add patches.arch/ppc-pseries-rtas_ibm_suspend_me.patch fix multiple bugs in rtas_ibm_suspend_me code [#339927] - patches.fixes/nfsacl-retval.diff: knfsd: fix spurious EINVAL errors on first access of new filesystem [#340873] - patches.fixes/avm-fix-capilib-locking: [ISDN] Fix random hard freeze with AVM cards. [#341894] - patches.fixes/ipv6_rh_processing_fix: [IPV6]: Restore semantics of Routing Header processing [#343100] - The following set of XEN fixes has been applied: [#343612] - patches.xen/14280-net-fake-carrier-flag.patch: netfront: Better fix for netfront_tx_slot_available(). - patches.xen/14893-copy-more-skbs.patch: netback: Copy skbuffs that are presented to the start_xmit() function. - patches.xen/157-netfront-skb-deref.patch: net front: Avoid deref last seen 2020-06-01 modified 2020-06-02 plugin id 59125 published 2012-05-17 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59125 title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4745) NASL family Scientific Linux Local Security Checks NASL id SL_20071129_KERNEL_ON_SL5_X.NASL description These new kernel packages contain fixes for the following security issues : A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) A flaw was found in the handling of IEEE 802.11 frames affecting several wireless LAN modules. In certain circumstances, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network and cause a denial of service (kernel crash). (CVE-2007-4997, Important). A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate). In addition to the security issues described above, several bug fixes preventing possible memory corruption, system crashes, SCSI I/O fails, networking drivers performance regression and journaling block device layer issue were also included. last seen 2020-06-01 modified 2020-06-02 plugin id 60318 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60318 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-4929.NASL description This kernel update fixes the following security problems : CVE-2008-0007: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. CVE-2008-0001: Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code. CVE-2007-5966: Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information. CVE-2007-3843: The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. CVE-2007-6417: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). CVE-2007-4308: The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel did not check permissions for ioctls, which might have allowed local users to cause a denial of service or gain privileges. CVE-2007-3740: The CIFS filesystem, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. CVE-2007-3848: The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). CVE-2007-4997: Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel allowed remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an last seen 2020-06-01 modified 2020-06-02 plugin id 30142 published 2008-02-01 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30142 title openSUSE 10 Security Update : kernel (kernel-4929) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-578-1.NASL description The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. (CVE-2006-6058) Alexander Schulze discovered that the skge driver does not properly use the spin_lock and spin_unlock functions. Remote attackers could exploit this by sending a flood of network traffic and cause a denial of service (crash). (CVE-2006-7229) Hugh Dickins discovered that hugetlbfs performed certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE. A local user could exploit this and cause a denial of service via kernel panic. (CVE-2007-4133) Chris Evans discovered an issue with certain drivers that use the ieee80211_rx function. Remote attackers could send a crafted 802.11 frame and cause a denial of service via crash. (CVE-2007-4997) Alex Smith discovered an issue with the pwc driver for certain webcam devices. A local user with physical access to the system could remove the device while a userspace application had it open and cause the USB subsystem to block. (CVE-2007-5093) Scott James Remnant discovered a coding error in ptrace. Local users could exploit this and cause the kernel to enter an infinite loop. (CVE-2007-5500) Venustech AD-LAB discovered a buffer overflow in the isdn net subsystem. This issue is exploitable by local users via crafted input to the isdn_ioctl function. (CVE-2007-6063) It was discovered that the isdn subsystem did not properly check for NULL termination when performing ioctl handling. A local user could exploit this to cause a denial of service. (CVE-2007-6151) Blake Frantz discovered that when a root process overwrote an existing core file, the resulting core file retained the previous core file last seen 2020-06-01 modified 2020-06-02 plugin id 31093 published 2008-02-14 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31093 title Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-578-1) NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-4752.NASL description This kernel update fixes the following security problems : ++ CVE-2007-3104: The sysfs_readdir function in the Linux kernel 2.6 allows local users to cause a denial of service (kernel OOPS) by dereferencing a NULL pointer to an inode in a dentry. ++ CVE-2007-4997: A 2 byte buffer underflow in the ieee80211 stack was fixed, which might be used by attackers in the local WLAN reach to crash the machine. ++ CVE-2007-3740: The CIFS filesystem, when Unix extension support is enabled, did not honor the umask of a process, which allowed local users to gain privileges. ++ CVE-2007-4573: It was possible for local user to become root by exploiting a bug in the IA32 system call emulation. This problem affects the x86_64 platform only, on all distributions. This problem was fixed for regular kernels, but had not been fixed for the XEN kernels. This update fixes the problem also for the XEN kernels. ++ CVE-2007-4308: The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid did not check permissions for ioctls, which might have allowed local users to cause a denial of service or gain privileges. ++ CVE-2007-3843: The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. ++ CVE-2007-5904: Multiple buffer overflows in CIFS VFS in the Linux kernel allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function. This requires the attacker to mis-present / replace a CIFS server the client machine is connected to. ++ CVE-2007-6063: Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux kernel allowed local users to have an unknown impact via a crafted argument to the isdn_ioctl function. Furthermore, this kernel catches up to the SLE 10 state of the kernel, with numerous additional fixes. last seen 2020-06-01 modified 2020-06-02 plugin id 29880 published 2008-01-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29880 title openSUSE 10 Security Update : kernel (kernel-4752) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-558-1.NASL description The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. (CVE-2006-6058) Certain calculations in the hugetlb code were not correct. A local attacker could exploit this to cause a kernel panic, leading to a denial of service. (CVE-2007-4133) Eric Sesterhenn and Victor Julien discovered that the hop-by-hop IPv6 extended header was not correctly validated. If a system was configured for IPv6, a remote attacker could send a specially crafted IPv6 packet and cause the kernel to panic, leading to a denial of service. This was only vulnerable in Ubuntu 7.04. (CVE-2007-4567) Permissions were not correctly stored on JFFS2 ACLs. For systems using ACLs on JFFS2, a local attacker may gain access to private files. (CVE-2007-4849) Chris Evans discovered that the 802.11 network stack did not correctly handle certain QOS frames. A remote attacker on the local wireless network could send specially crafted packets that would panic the kernel, resulting in a denial of service. (CVE-2007-4997) The Philips USB Webcam driver did not correctly handle disconnects. If a local attacker tricked another user into disconnecting a webcam unsafely, the kernel could hang or consume CPU resources, leading to a denial of service. (CVE-2007-5093) Scott James Remnant discovered that the waitid function could be made to hang the system. A local attacker could execute a specially crafted program which would leave the system unresponsive, resulting in a denial of service. (CVE-2007-5500) Ilpo Jarvinen discovered that it might be possible for the TCP stack to panic the kernel when receiving a crafted ACK response. Only Ubuntu 7.10 contained the vulnerable code, and it is believed not to have been exploitable. (CVE-2007-5501) When mounting the same remote NFS share to separate local locations, the first location last seen 2020-06-01 modified 2020-06-02 plugin id 29740 published 2007-12-19 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29740 title Ubuntu 6.10 / 7.04 / 7.10 : linux-source-2.6.17/20/22 vulnerabilities (USN-558-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1104.NASL description Updated kernel packages that fix various security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed : * when running the last seen 2020-06-01 modified 2020-06-02 plugin id 29774 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29774 title RHEL 4 : kernel (RHSA-2007:1104) NASL family Scientific Linux Local Security Checks NASL id SL_20071219_KERNEL_ON_SL4_X.NASL description A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed : - when running the last seen 2020-06-01 modified 2020-06-02 plugin id 60335 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60335 title Scientific Linux Security Update : kernel on SL4.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-4741.NASL description This kernel update fixes the following security problems : - The sysfs_readdir function in the Linux kernel 2.6 allows local users to cause a denial of service (kernel OOPS) by dereferencing a NULL pointer to an inode in a dentry. (CVE-2007-3104) - A 2 byte buffer underflow in the ieee80211 stack was fixed, which might be used by attackers in the local WLAN reach to crash the machine. (CVE-2007-4997) - The CIFS filesystem, when Unix extension support is enabled, did not honor the umask of a process, which allowed local users to gain privileges. (CVE-2007-3740) - It was possible for local user to become root by exploiting a bug in the IA32 system call emulation. This problem affects the x86_64 platform only, on all distributions. (CVE-2007-4573) This problem was fixed for regular kernels, but had not been fixed for the XEN kernels. This update fixes the problem also for the XEN kernels. - The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid did not check permissions for ioctls, which might have allowed local users to cause a denial of service or gain privileges. (CVE-2007-4308) - The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843) - Multiple buffer overflows in CIFS VFS in the Linux kernel allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function. (CVE-2007-5904) This requires the attacker to mis-present / replace a CIFS server the client machine is connected to. - Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux kernel allowed local users to have an unknown impact via a crafted argument to the isdn_ioctl function. (CVE-2007-6063) and the following non security bugs : - patches.drivers/pci-delete-ACPI-hook-from-pci_set_power_stat e.patch: Delete ACPI hook from pci_set_power_state() [#162320] Still execute the code on Lenovo ThinkPads (or USB ports do not work anymore after suspend [#329232] - patches.drivers/alsa-post-sp1-hda-probe-blacklist: [ALSA] hda-intel - Add probe_mask blacklist [#172330] - patches.drivers/alsa-post-sp1-hda-robust-probe: [ALSA] hda-intel - Improve HD-audio codec probing robustness [#172330] - patches.arch/i386-hpet-lost-interrupts-fix.patch: Backport i386 hpet lost interrupts code [#257035] - patches.fixes/megaraid_mbox-dell-cerc-support: Dell CERC support for megaraid_mbox [#267134] - patches.fixes/nfsv4-MAXNAME-fix.diff: knfsd: query filesystem for NFSv4 getattr of FATTR4_MAXNAME [#271803] - patches.drivers/ide-amd74xx-add-ignore_enablebits-parameter: amd74xx: add ignore_enable_bits module parameter [#272786] - patches.fixes/legacy-pty-count-kernel-parm.patch: Add a kernel boot parameter to overwrite the legacy PTY count. The default value of 64 is insufficient occasionally [#277846] - patches.fixes/lockd-grant-shutdown: Stop GRANT callback from crashing if NFS server has been stopped. [#292478] - Kernel update to 2.6.16.54 [#298719] including (among others) : - lots of md fixes - fix of sparc bugs - fix of TCP handling of SACK in bidirectional flows - fix of MCA bus matching - fix of PPC issues : - Fix osize too small errors when decoding mppe. - Fix output buffer size in ppp_decompress_frame(). - patches.fixes/assign-task_struct.exit_code-before-taskstats_ exit.patch: Assign task_struct.exit_code before taskstats_exit() [#307504] - patches.fixes/bonding_no_addrconf_for_bond_slaves: bonding / ipv6: no addrconf for slaves separately from master. [#310254] - patches.fixes/bonding_support_carrier_state_for_master: bonding: support carrier state for master [#310254] - patches.fixes/fix-sys-devices-system-node-node0-meminfo-from -having-anonpages-wrapped.patch: fix /sys/devices/system/node/node0/meminfo from having anonpages wrapped [#310744] - patches.fixes/nfs-remove-bogus-cache-change-attribute-check. diff fix bogus cache change to make data available immediately, on direct write [#325877] - patches.fixes/tcp-send-ACKs-each-2nd-received-segment.patch: Send ACKs each 2nd received segment. This fixes a problem where the tcp cubic congestion algorithm was too slow in converging [#327848] - patches.drivers/libata-fix-spindown: libata: fix disk spindown on shutdown [#330722] - patches.fixes/scsi-reset-resid: busy status on tape write results in incorrect residual [#330926] - patches.fixes/condense-output-of-show_free_areas.patch: Condense output of show_free_areas() [#331251] - patches.arch/powernowk8_family_freq_from_fiddid.patch: To find the frequency given the fid and did is family dependent. [#332722] - patches.fixes/tcp-saner-thash_entries-default.patch: Limit the size of the TCP established hash to 512k entries by default [#333273] - patches.drivers/alsa-emu10k1-spdif-mem-fix: [ALSA] emu10k1 - Fix memory corruption [#333314] - patches.drivers/alsa-post-sp1-hda-stac-error-fix: [ALSA] Fix error probing with STAC codecs [#333320] - patches.fixes/qla2xxx-avoid-duplicate-pci_disable_device : Fixup patch to not refer to stale pointer [#333542] - large backport of dm-crypt fixes: [#333905] - patches.fixes/dm-disable_barriers.diff: dm: disable barriers. - patches.fixes/dm-crypt-restructure_for_workqueue_change.diff - patches.fixes/dm-crypt-restructure_write_processing.diff - patches.fixes/dm-crypt-move_io_to_workqueue.diff - patches.fixes/dm-crypt-use_private_biosets.diff - patches.fixes/dm-crypt-fix_call_to_clone_init.diff - patches.fixes/dm-crypt-fix_avoid_cloned_bio_ref_after_free.d iff - patches.fixes/dm-crypt-fix_remove_first_clone.diff - patches.fixes/dm-crypt-use_smaller_bvecs_in_clones.diff - patches.fixes/dm-crypt-fix_panic_on_large_request.diff - patches.fixes/initramfs-fix-cpio-hardlink-check.patch: initramfs: fix CPIO hardlink check [#334612] - patches.drivers/lpfc-8.1.10.12-update: driver update to fix severe issues in lpfc 8.1.10.9 driver [#334630] [#342044] - patches.fixes/nfs-direct-io-fix-1: NFS: Fix error handling in nfs_direct_write_result() [#336200] - patches.fixes/nfs-direct-io-fix-2: NFS: Fix a refcount leakage in O_DIRECT [#336200] - add patches.drivers/ibmvscsi-migration-login.patch prohibit IO during adapter login process [#337980] - patches.arch/acpi_thinkpad_brightness_fix.patch: Take care of latest Lenovo ThinkPad brightness control [#338274] [#343660] - patches.fixes/ramdisk-2.6.23-corruption_fix.diff: rd: fix data corruption on memory pressure [#338643] - patches.fixes/fc_transport-remove-targets-on-host-remove : memory use after free error in mptfc [#338730] - patches.fixes/ipmi-ipmi_msghandler.c-fix-a-memory-leak.patch : IPMI: ipmi_msghandler.c: fix a memory leak [#339413] - add patches.arch/ppc-pseries-rtas_ibm_suspend_me.patch fix multiple bugs in rtas_ibm_suspend_me code [#339927] - patches.fixes/nfsacl-retval.diff: knfsd: fix spurious EINVAL errors on first access of new filesystem [#340873] - patches.fixes/avm-fix-capilib-locking: [ISDN] Fix random hard freeze with AVM cards. [#341894] - patches.fixes/ipv6_rh_processing_fix: [IPV6]: Restore semantics of Routing Header processing [#343100] - The following set of XEN fixes has been applied: [#343612] - patches.xen/14280-net-fake-carrier-flag.patch: netfront: Better fix for netfront_tx_slot_available(). - patches.xen/14893-copy-more-skbs.patch: netback: Copy skbuffs that are presented to the start_xmit() function. - patches.xen/157-netfront-skb-deref.patch: net front: Avoid deref last seen 2020-06-01 modified 2020-06-02 plugin id 29489 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29489 title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4741) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-105.NASL description The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. (CVE-2007-3740) The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. (CVE-2007-3851) The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors. (CVE-2007-4133) The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register. This vulnerability is now being fixed in the Xen kernel too. (CVE-2007-4573) Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an off-by-two error. (CVE-2007-4997) The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 relies on user space to close the device, which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device. (CVE-2007-5093) A race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. (CVE-2008-1375) The Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain re-ordered access to the descriptor table. (CVE-2008-1669) To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate last seen 2020-06-01 modified 2020-06-02 plugin id 37772 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37772 title Mandriva Linux Security Advisory : kernel (MDVSA-2008:105)
Oval
| accepted | 2013-04-29T04:06:57.770-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error." | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10596 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error." | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 26337 CVE(CAN) ID: CVE-2007-4997 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在IEEE80211协议的实现上存在漏洞,远程攻击者可能利用此漏洞导致服务器崩溃。 Linux Kernel的net/ieee80211/ieee80211_rx.c文件中的ieee80211_rx()函数没有检查skb->len >= hdrlen,如果远程攻击者发送的帧中设置了IEEE80211_STYPE_QOS_DATA标签的话,就会在以下代码中触发双字节整数溢出: if (frag != 0) flen -= hdrlen; 内核可能会变得忙碌或崩溃。 Linux kernel < 2.6.22.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.11.tar.gz" target="_blank">http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.11.tar.gz</a> |
| id | SSV:2402 |
| last seen | 2017-11-19 |
| modified | 2007-11-09 |
| published | 2007-11-09 |
| reporter | Root |
| title | Linux Kernel IEEE80211 HDRLen处理远程拒绝服务漏洞 |
References
- ftp://ftp.kernel.org/pub/linux/kernel/people/bunk/linux-2.6.16.y/testing/ChangeLog-2.6.16.57-rc1
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:226
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:232
- http://www.redhat.com/support/errata/RHSA-2007-0993.html
- http://www.novell.com/linux/security/advisories/2007_59_kernel.html
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
- http://secunia.com/advisories/27555
- http://secunia.com/advisories/27614
- http://secunia.com/advisories/27824
- http://secunia.com/advisories/27912
- http://www.debian.org/security/2007/dsa-1428
- http://www.redhat.com/support/errata/RHSA-2007-1104.html
- http://secunia.com/advisories/28033
- http://secunia.com/advisories/28162
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
- http://www.ubuntu.com/usn/usn-574-1
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
- http://secunia.com/advisories/28706
- http://secunia.com/advisories/28806
- http://www.ubuntu.com/usn/usn-558-1
- http://www.securityfocus.com/bid/26337
- http://secunia.com/advisories/28170
- http://www.ubuntu.com/usn/usn-578-1
- http://secunia.com/advisories/28971
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
- http://www.vupen.com/english/advisories/2007/3718
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38247
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10596
- http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git%3Ba=commitdiff%3Bh=04045f98e0457aba7d4e6736f37eed189c48a5f7