Vulnerabilities > CVE-2007-6694 - Unspecified vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linux
nessus
Summary
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
Vulnerable Configurations
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0055.NASL description Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages fix the following security issues : A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug : * when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the last seen 2020-06-01 modified 2020-06-02 plugin id 30154 published 2008-02-05 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30154 title CentOS 4 : kernel (CESA-2008:0055) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0055 and # CentOS Errata and Security Advisory 2008:0055 respectively. # include("compat.inc"); if (description) { script_id(30154); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2007-4130", "CVE-2007-5500", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6694", "CVE-2008-0001"); script_bugtraq_id(26477, 26605, 26701, 27280, 27497); script_xref(name:"RHSA", value:"2008:0055"); script_name(english:"CentOS 4 : kernel (CESA-2008:0055)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages fix the following security issues : A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug : * when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the 'pvmove /dev/[device] /dev/[device]' command caused a kernel panic. A 'kernel: Unable to handle kernel paging request at virtual address [address]' error was logged by syslog. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014657.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dcbd22d2" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014658.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2a34ca2f" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014659.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b5def49d" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 20, 119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/19"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"kernel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", reference:"kernel-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-doc-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-doc-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"kernel-largesmp-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"kernel-largesmp-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-67.0.4.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-614-1.NASL description It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. (CVE-2007-6694) A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. (CVE-2008-1375) On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. (CVE-2008-1669) The tehuti network driver did not correctly handle certain IO functions. A local attacker could perform malicious requests to the driver, potentially accessing kernel memory, leading to privilege escalation or access to private system information. (CVE-2008-1675). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33093 published 2008-06-04 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33093 title Ubuntu 8.04 LTS : linux vulnerabilities (USN-614-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-614-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(33093); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2007-6694", "CVE-2008-1375", "CVE-2008-1669", "CVE-2008-1675"); script_xref(name:"USN", value:"614-1"); script_name(english:"Ubuntu 8.04 LTS : linux vulnerabilities (USN-614-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. (CVE-2007-6694) A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. (CVE-2008-1375) On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. (CVE-2008-1669) The tehuti network driver did not correctly handle certain IO functions. A local attacker could perform malicious requests to the driver, potentially accessing kernel memory, leading to privilege escalation or access to private system information. (CVE-2008-1675). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/614-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(94, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.24-18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-amdcccle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-control"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lbm-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lbm-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lbm-2.6-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lbm-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lbm-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lbm-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lbm-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lum-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lum-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lum-2.6-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lum-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lum-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lum-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lum-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nvidia-new-kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-6694", "CVE-2008-1375", "CVE-2008-1669", "CVE-2008-1675"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-614-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"avm-fritz-firmware-2.6.24-18", pkgver:"3.11+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"avm-fritz-kernel-source", pkgver:"3.11+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"fglrx-amdcccle", pkgver:"2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"fglrx-control", pkgver:"8-3+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"fglrx-kernel-source", pkgver:"8-3+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-backports-modules-2.6.24-18-386", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-backports-modules-2.6.24-18-generic", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-backports-modules-2.6.24-18-openvz", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-backports-modules-2.6.24-18-rt", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-backports-modules-2.6.24-18-server", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-backports-modules-2.6.24-18-virtual", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-backports-modules-2.6.24-18-xen", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-doc-2.6.24", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-18", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-18-386", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-18-generic", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-18-openvz", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-18-rt", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-18-server", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-18-virtual", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-18-xen", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lbm-2.6.24-18-386", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lbm-2.6.24-18-generic", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lbm-2.6.24-18-openvz", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lbm-2.6.24-18-rt", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lbm-2.6.24-18-server", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lbm-2.6.24-18-virtual", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lbm-2.6.24-18-xen", pkgver:"2.6.24-18.16")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lum-2.6.24-18-386", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lum-2.6.24-18-generic", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lum-2.6.24-18-openvz", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lum-2.6.24-18-rt", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lum-2.6.24-18-server", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lum-2.6.24-18-virtual", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-lum-2.6.24-18-xen", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-18-386", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-18-generic", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-18-lpia", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-18-lpiacompat", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-18-openvz", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-18-rt", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-18-server", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-18-virtual", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-18-xen", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-18-386", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-18-generic", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-18-server", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-18-virtual", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-kernel-devel", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-libc-dev", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-restricted-modules-2.6.24-18-386", pkgver:"2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-restricted-modules-2.6.24-18-generic", pkgver:"2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-restricted-modules-2.6.24-18-openvz", pkgver:"2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-restricted-modules-2.6.24-18-rt", pkgver:"2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-restricted-modules-2.6.24-18-server", pkgver:"2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-restricted-modules-2.6.24-18-xen", pkgver:"2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-restricted-modules-common", pkgver:"2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-source-2.6.24", pkgver:"2.6.24-18.32")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-ubuntu-modules-2.6.24-18-386", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-ubuntu-modules-2.6.24-18-generic", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-ubuntu-modules-2.6.24-18-openvz", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-ubuntu-modules-2.6.24-18-rt", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-ubuntu-modules-2.6.24-18-server", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-ubuntu-modules-2.6.24-18-virtual", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-ubuntu-modules-2.6.24-18-xen", pkgver:"2.6.24-18.26")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"nvidia-glx", pkgver:"96.43.05+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"nvidia-glx-dev", pkgver:"96.43.05+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"nvidia-glx-legacy", pkgver:"71.86.04+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"nvidia-glx-legacy-dev", pkgver:"71.86.04+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"nvidia-glx-new", pkgver:"169.12+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"nvidia-glx-new-dev", pkgver:"169.12+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"nvidia-kernel-source", pkgver:"96.43.05+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"nvidia-legacy-kernel-source", pkgver:"71.86.04+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"nvidia-new-kernel-source", pkgver:"169.12+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xorg-driver-fglrx", pkgver:"7.1.0-8-3+2.6.24.13-18.41")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xorg-driver-fglrx-dev", pkgver:"7.1.0-8-3+2.6.24.13-18.41")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "avm-fritz-firmware-2.6.24-18 / avm-fritz-kernel-source / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0055.NASL description Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages fix the following security issues : A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug : * when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the last seen 2020-06-01 modified 2020-06-02 plugin id 30140 published 2008-02-01 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30140 title RHEL 4 : kernel (RHSA-2008:0055) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0055. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(30140); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-4130", "CVE-2007-5500", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6694", "CVE-2008-0001"); script_bugtraq_id(26477, 26605, 26701, 27280, 27497); script_xref(name:"RHSA", value:"2008:0055"); script_name(english:"RHEL 4 : kernel (RHSA-2008:0055)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages fix the following security issues : A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug : * when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the 'pvmove /dev/[device] /dev/[device]' command caused a kernel panic. A 'kernel: Unable to handle kernel paging request at virtual address [address]' error was logged by syslog. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4130" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5500" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6063" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6151" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6206" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6694" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0001" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0055" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 20, 119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/19"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-4130", "CVE-2007-5500", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6694", "CVE-2008-0001"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2008:0055"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0055"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"kernel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", reference:"kernel-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", reference:"kernel-doc-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-devel-2.6.9-67.0.4.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-67.0.4.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc"); } }NASL family Scientific Linux Local Security Checks NASL id SL_20080305_KERNEL_ON_SL5_X.NASL description These updated packages fix the following security issues : - a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. (CVE-2007-6207, Important) - two buffer overflow flaws were found in ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-5938: Important, CVE-2007-6063: Moderate) - a possible NULL pointer dereference was found in the subsystem used for showing CPU information, as used by CHRP systems on PowerPC architectures. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) - a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service. (CVE-2006-6921, Moderate) As well, these updated packages fix the following bugs : - a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out of memory, causing a kernel panic. - on IBM System z architectures, using the IBM Hardware Management Console to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, possibly causing data corruption. - when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium architectures, a bug in the address translation in the hypervisor caused the wrong address to be registered, causing Dom0 to hang. - on Itanium architectures, frequent Corrected Platform Error errors may have caused the hypervisor to hang. - when enabling a CPU without hot plug support, routines for checking the presence of the CPU were missing. The CPU tried to access its own resources, causing a kernel panic. - after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused the HP Array Configuration Utility CLI to become unstable, possibly causing a system hang, or a kernel panic. - a bug in NFS directory caching could have caused different hosts to have different views of NFS directories. - on Itanium architectures, the Corrected Machine Check Interrupt masked hot-added CPUs as disabled. - when running Oracle database software on the Intel 64 and AMD64 architectures, if an SGA larger than 4GB was created, and had hugepages allocated to it, the hugepages were not freed after database shutdown. - in a clustered environment, when two or more NFS clients had the same logical volume mounted, and one of them modified a file on the volume, NULL characters may have been inserted, possibly causing data corruption. These updated packages resolve several severe issues in the lpfc driver : - a system hang after LUN discovery. - a general fault protection, a NULL pointer dereference, or slab corruption could occur while running a debug on the kernel. - the inability to handle kernel paging requests in last seen 2020-06-01 modified 2020-06-02 plugin id 60370 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60370 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60370); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2006-6921", "CVE-2007-5938", "CVE-2007-6063", "CVE-2007-6207", "CVE-2007-6694"); script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "These updated packages fix the following security issues : - a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. (CVE-2007-6207, Important) - two buffer overflow flaws were found in ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-5938: Important, CVE-2007-6063: Moderate) - a possible NULL pointer dereference was found in the subsystem used for showing CPU information, as used by CHRP systems on PowerPC architectures. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) - a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service. (CVE-2006-6921, Moderate) As well, these updated packages fix the following bugs : - a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out of memory, causing a kernel panic. - on IBM System z architectures, using the IBM Hardware Management Console to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, possibly causing data corruption. - when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium architectures, a bug in the address translation in the hypervisor caused the wrong address to be registered, causing Dom0 to hang. - on Itanium architectures, frequent Corrected Platform Error errors may have caused the hypervisor to hang. - when enabling a CPU without hot plug support, routines for checking the presence of the CPU were missing. The CPU tried to access its own resources, causing a kernel panic. - after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused the HP Array Configuration Utility CLI to become unstable, possibly causing a system hang, or a kernel panic. - a bug in NFS directory caching could have caused different hosts to have different views of NFS directories. - on Itanium architectures, the Corrected Machine Check Interrupt masked hot-added CPUs as disabled. - when running Oracle database software on the Intel 64 and AMD64 architectures, if an SGA larger than 4GB was created, and had hugepages allocated to it, the hugepages were not freed after database shutdown. - in a clustered environment, when two or more NFS clients had the same logical volume mounted, and one of them modified a file on the volume, NULL characters may have been inserted, possibly causing data corruption. These updated packages resolve several severe issues in the lpfc driver : - a system hang after LUN discovery. - a general fault protection, a NULL pointer dereference, or slab corruption could occur while running a debug on the kernel. - the inability to handle kernel paging requests in 'lpfc_get_scsi_buf'. - erroneous structure references caused certain FC discovery routines to reference and change 'lpfc_nodelist' structures, even after they were freed. - the lpfc driver failed to interpret certain fields correctly, causing tape backup software to fail. Tape drives reported 'Illegal Request'. - the lpfc driver did not clear structures correctly, resulting in SCSI I/Os being rejected by targets, and causing errors." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0803&L=scientific-linux-errata&T=0&P=213 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6926e238" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(20, 119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/12"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"kernel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-53.1.14.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0055.NASL description From Red Hat Security Advisory 2008:0055 : Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages fix the following security issues : A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug : * when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the last seen 2020-06-01 modified 2020-06-02 plugin id 67641 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67641 title Oracle Linux 4 : kernel (ELSA-2008-0055) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0055 and # Oracle Linux Security Advisory ELSA-2008-0055 respectively. # include("compat.inc"); if (description) { script_id(67641); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-4130", "CVE-2007-5500", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6694", "CVE-2008-0001"); script_bugtraq_id(26477, 26605, 26701, 27280, 27497); script_xref(name:"RHSA", value:"2008:0055"); script_name(english:"Oracle Linux 4 : kernel (ELSA-2008-0055)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0055 : Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages fix the following security issues : A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug : * when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the 'pvmove /dev/[device] /dev/[device]' command caused a kernel panic. A 'kernel: Unable to handle kernel paging request at virtual address [address]' error was logged by syslog. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000502.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 20, 119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/19"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-4130", "CVE-2007-5500", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6694", "CVE-2008-0001"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2008-0055"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL4", rpm:"kernel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-devel-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-devel-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-doc-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-doc-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-doc-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-doc-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-67.0.4.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-67.0.4.0.1.EL")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1504.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-5823 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem. - CVE-2006-6054 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem. - CVE-2006-6058 LMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem. - CVE-2006-7203 OpenVZ Linux kernel team reported an issue in the smbfs filesystem which can be exploited by local users to cause a DoS (oops) during mount. - CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. - CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. - CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. - CVE-2007-3105 The PaX Team discovered a potential buffer overflow in the random number generator which may permit local users to cause a denial of service or gain additional privileges. This issue is not believed to effect default Debian installations where only root has sufficient privileges to exploit it. - CVE-2007-3739 Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. - CVE-2007-3740 Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process last seen 2020-06-01 modified 2020-06-02 plugin id 31148 published 2008-02-25 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31148 title Debian DSA-1504-1 : kernel-source-2.6.8 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1504. The text # itself is copyright (C) Software in the Public Interest, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(31148); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2006-5823", "CVE-2006-6054", "CVE-2006-6058", "CVE-2006-7203", "CVE-2007-1353", "CVE-2007-2172", "CVE-2007-2525", "CVE-2007-3105", "CVE-2007-3739", "CVE-2007-3740", "CVE-2007-3848", "CVE-2007-4133", "CVE-2007-4308", "CVE-2007-4573", "CVE-2007-5093", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6694", "CVE-2008-0007"); script_xref(name:"DSA", value:"1504"); script_name(english:"Debian DSA-1504-1 : kernel-source-2.6.8 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-5823 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem. - CVE-2006-6054 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem. - CVE-2006-6058 LMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem. - CVE-2006-7203 OpenVZ Linux kernel team reported an issue in the smbfs filesystem which can be exploited by local users to cause a DoS (oops) during mount. - CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. - CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. - CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. - CVE-2007-3105 The PaX Team discovered a potential buffer overflow in the random number generator which may permit local users to cause a denial of service or gain additional privileges. This issue is not believed to effect default Debian installations where only root has sufficient privileges to exploit it. - CVE-2007-3739 Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. - CVE-2007-3740 Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions. - CVE-2007-3848 Wojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries. - CVE-2007-4133 Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs. A misconversion of hugetlb_vmtruncate_list to prio_tree may allow local users to trigger a BUG_ON() call in exit_mmap. - CVE-2007-4308 Alan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges. - CVE-2007-4573 Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavour. - CVE-2007-5093 Alex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf. - CVE-2007-6063 Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user. - CVE-2007-6151 ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data. - CVE-2007-6206 Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. - CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). - CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update : Debian 3.1 (sarge) kernel-image-2.6.8-alpha 2.6.8-17sarge1 kernel-image-2.6.8-amd64 2.6.8-17sarge1 kernel-image-2.6.8-hppa 2.6.8-7sarge1 kernel-image-2.6.8-i386 2.6.8-17sarge1 kernel-image-2.6.8-ia64 2.6.8-15sarge1 kernel-image-2.6.8-m68k 2.6.8-5sarge1 kernel-image-2.6.8-s390 2.6.8-6sarge1 kernel-image-2.6.8-sparc 2.6.8-16sarge1 kernel-patch-powerpc-2.6.8 2.6.8-13sarge1 fai-kernels 1.9.1sarge8" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-5823" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-6054" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-6058" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-7203" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-1353" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-2172" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-2525" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3105" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3739" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3740" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3848" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4133" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4308" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4573" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-5093" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6063" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6151" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6206" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6694" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0007" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2008/dsa-1504" ); script_set_attribute( attribute:"solution", value: "Upgrade the kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(16, 20, 119, 189, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.6.8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"fai-kernels", reference:"1.9.1sarge8")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-4", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-4-power3", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-4-power3-smp", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-4-power4", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-4-power4-smp", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-4-powerpc", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-build-2.6.8-4-powerpc-smp", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-doc-2.6.8", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-itanium-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6-mckinley-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-13", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-13-amd64-generic", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-13-amd64-k8", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-13-amd64-k8-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-13-em64t-p4", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-13-em64t-p4-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-32", reference:"2.6.8-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-32-smp", reference:"2.6.8-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-386", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-64", reference:"2.6.8-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-64-smp", reference:"2.6.8-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-686", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-686-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-generic", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-itanium", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-itanium-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-k7", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-k7-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-mckinley", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-mckinley-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-sparc32", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-sparc64", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-headers-2.6.8-4-sparc64-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-itanium-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6-mckinley-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-13-amd64-generic", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-13-amd64-k8", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-13-amd64-k8-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-13-em64t-p4", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-13-em64t-p4-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-32", reference:"2.6.8-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-32-smp", reference:"2.6.8-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-386", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-64", reference:"2.6.8-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-64-smp", reference:"2.6.8-7sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-686", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-686-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-generic", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-itanium", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-itanium-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-k7", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-k7-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-mckinley", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-mckinley-smp", reference:"2.6.8-15sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-power3", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-power3-smp", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-power4", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-power4-smp", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-powerpc", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-powerpc-smp", reference:"2.6.8-13sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-s390", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-s390-tape", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-s390x", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-smp", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-sparc32", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-sparc64", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-4-sparc64-smp", reference:"2.6.8-16sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-amiga", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-atari", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-bvme6000", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-hp", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mac", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme147", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-mvme16x", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-q40", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-image-2.6.8-sun3", reference:"2.6.8-5sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-2.6.8-s390", reference:"2.6.8-6sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-patch-debian-2.6.8", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-source-2.6.8", reference:"2.6.8-17sarge1")) flag++; if (deb_check(release:"3.1", prefix:"kernel-tree-2.6.8", reference:"2.6.8-17sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0154.NASL description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. (CVE-2007-6207, Important) * two buffer overflow flaws were found in ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-5938: Important, CVE-2007-6063: Moderate) * a possible NULL pointer dereference was found in the subsystem used for showing CPU information, as used by CHRP systems on PowerPC architectures. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) * a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service. (CVE-2006-6921, Moderate) As well, these updated packages fix the following bugs : * a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out of memory, causing a kernel panic. * on IBM System z architectures, using the IBM Hardware Management Console to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, possibly causing data corruption. * when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium architectures, a bug in the address translation in the hypervisor caused the wrong address to be registered, causing Dom0 to hang. * on Itanium architectures, frequent Corrected Platform Error errors may have caused the hypervisor to hang. * when enabling a CPU without hot plug support, routines for checking the presence of the CPU were missing. The CPU tried to access its own resources, causing a kernel panic. * after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused the HP Array Configuration Utility CLI to become unstable, possibly causing a system hang, or a kernel panic. * a bug in NFS directory caching could have caused different hosts to have different views of NFS directories. * on Itanium architectures, the Corrected Machine Check Interrupt masked hot-added CPUs as disabled. * when running Oracle database software on the Intel 64 and AMD64 architectures, if an SGA larger than 4GB was created, and had hugepages allocated to it, the hugepages were not freed after database shutdown. * in a clustered environment, when two or more NFS clients had the same logical volume mounted, and one of them modified a file on the volume, NULL characters may have been inserted, possibly causing data corruption. These updated packages resolve several severe issues in the lpfc driver : * a system hang after LUN discovery. * a general fault protection, a NULL pointer dereference, or slab corruption could occur while running a debug on the kernel. * the inability to handle kernel paging requests in last seen 2020-06-01 modified 2020-06-02 plugin id 31388 published 2008-03-07 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31388 title RHEL 5 : kernel (RHSA-2008:0154) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0154. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(31388); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2006-6921", "CVE-2007-5938", "CVE-2007-6063", "CVE-2007-6207", "CVE-2007-6694"); script_bugtraq_id(26605); script_xref(name:"RHSA", value:"2008:0154"); script_name(english:"RHEL 5 : kernel (RHSA-2008:0154)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. (CVE-2007-6207, Important) * two buffer overflow flaws were found in ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-5938: Important, CVE-2007-6063: Moderate) * a possible NULL pointer dereference was found in the subsystem used for showing CPU information, as used by CHRP systems on PowerPC architectures. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) * a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service. (CVE-2006-6921, Moderate) As well, these updated packages fix the following bugs : * a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out of memory, causing a kernel panic. * on IBM System z architectures, using the IBM Hardware Management Console to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, possibly causing data corruption. * when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium architectures, a bug in the address translation in the hypervisor caused the wrong address to be registered, causing Dom0 to hang. * on Itanium architectures, frequent Corrected Platform Error errors may have caused the hypervisor to hang. * when enabling a CPU without hot plug support, routines for checking the presence of the CPU were missing. The CPU tried to access its own resources, causing a kernel panic. * after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused the HP Array Configuration Utility CLI to become unstable, possibly causing a system hang, or a kernel panic. * a bug in NFS directory caching could have caused different hosts to have different views of NFS directories. * on Itanium architectures, the Corrected Machine Check Interrupt masked hot-added CPUs as disabled. * when running Oracle database software on the Intel 64 and AMD64 architectures, if an SGA larger than 4GB was created, and had hugepages allocated to it, the hugepages were not freed after database shutdown. * in a clustered environment, when two or more NFS clients had the same logical volume mounted, and one of them modified a file on the volume, NULL characters may have been inserted, possibly causing data corruption. These updated packages resolve several severe issues in the lpfc driver : * a system hang after LUN discovery. * a general fault protection, a NULL pointer dereference, or slab corruption could occur while running a debug on the kernel. * the inability to handle kernel paging requests in 'lpfc_get_scsi_buf'. * erroneous structure references caused certain FC discovery routines to reference and change 'lpfc_nodelist' structures, even after they were freed. * the lpfc driver failed to interpret certain fields correctly, causing tape backup software to fail. Tape drives reported 'Illegal Request'. * the lpfc driver did not clear structures correctly, resulting in SCSI I/Os being rejected by targets, and causing errors. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-6921" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5938" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6063" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6207" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6694" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0154" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/12"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2006-6921", "CVE-2007-5938", "CVE-2007-6063", "CVE-2007-6207", "CVE-2007-6694"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2008:0154"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0154"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-53.1.14.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-53.1.14.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1565.NASL description Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). - CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. - CVE-2008-1294 David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. - CVE-2008-1375 Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 32127 published 2008-05-02 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32127 title Debian DSA-1565-1 : linux-2.6 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1565. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(32127); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-6694", "CVE-2008-0007", "CVE-2008-1294", "CVE-2008-1375"); script_xref(name:"DSA", value:"1565"); script_name(english:"Debian DSA-1565-1 : linux-2.6 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). - CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. - CVE-2008-1294 David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. - CVE-2008-1375 Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of privileges." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-6694" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0007" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1294" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1375" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1565" ); script_set_attribute( attribute:"solution", value: "Upgrade the linux-2.6, fai-kernels, and user-mode-linux packages. For the stable distribution (etch), these problems have been fixed in version 2.6.18.dfsg.1-18etch3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(20, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"fai-kernels", reference:"1.17+etch.18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-doc-2.6.18", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-486", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-686-bigmem", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-alpha", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-arm", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-hppa", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-i386", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-ia64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-mips", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-mipsel", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-powerpc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-s390", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-sparc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-alpha-generic", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-alpha-legacy", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-alpha-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-footbridge", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-iop32x", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-itanium", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-ixp4xx", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-k7", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-mckinley", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc64-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc-miboot", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-prep", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-qemu", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r3k-kn02", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r4k-ip22", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r4k-kn04", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r5k-cobalt", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r5k-ip32", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-rpc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-s390", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-s390x", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-s3c2410", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sb1-bcm91250a", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sb1a-bcm91480b", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sparc32", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sparc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sparc64-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-alpha", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-k7", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-powerpc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-powerpc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-s390x", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-sparc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-vserver", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-486", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-686-bigmem", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-alpha-generic", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-alpha-legacy", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-alpha-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-footbridge", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-iop32x", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-itanium", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-ixp4xx", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-k7", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-mckinley", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc64-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc-miboot", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-prep", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-qemu", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r3k-kn02", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r4k-ip22", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r4k-kn04", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r5k-cobalt", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r5k-ip32", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-rpc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s390", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s390-tape", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s390x", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s3c2410", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sb1-bcm91250a", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sb1a-bcm91480b", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sparc32", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sparc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sparc64-smp", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-alpha", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-k7", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-powerpc", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-powerpc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-s390x", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-sparc64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-manual-2.6.18", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-patch-debian-2.6.18", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-source-2.6.18", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-support-2.6.18-6", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"linux-tree-2.6.18", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"user-mode-linux", reference:"2.6.18-1um-2etch.18etch3")) flag++; if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-18etch3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0154.NASL description From Red Hat Security Advisory 2008:0154 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. (CVE-2007-6207, Important) * two buffer overflow flaws were found in ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-5938: Important, CVE-2007-6063: Moderate) * a possible NULL pointer dereference was found in the subsystem used for showing CPU information, as used by CHRP systems on PowerPC architectures. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) * a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service. (CVE-2006-6921, Moderate) As well, these updated packages fix the following bugs : * a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out of memory, causing a kernel panic. * on IBM System z architectures, using the IBM Hardware Management Console to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, possibly causing data corruption. * when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium architectures, a bug in the address translation in the hypervisor caused the wrong address to be registered, causing Dom0 to hang. * on Itanium architectures, frequent Corrected Platform Error errors may have caused the hypervisor to hang. * when enabling a CPU without hot plug support, routines for checking the presence of the CPU were missing. The CPU tried to access its own resources, causing a kernel panic. * after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused the HP Array Configuration Utility CLI to become unstable, possibly causing a system hang, or a kernel panic. * a bug in NFS directory caching could have caused different hosts to have different views of NFS directories. * on Itanium architectures, the Corrected Machine Check Interrupt masked hot-added CPUs as disabled. * when running Oracle database software on the Intel 64 and AMD64 architectures, if an SGA larger than 4GB was created, and had hugepages allocated to it, the hugepages were not freed after database shutdown. * in a clustered environment, when two or more NFS clients had the same logical volume mounted, and one of them modified a file on the volume, NULL characters may have been inserted, possibly causing data corruption. These updated packages resolve several severe issues in the lpfc driver : * a system hang after LUN discovery. * a general fault protection, a NULL pointer dereference, or slab corruption could occur while running a debug on the kernel. * the inability to handle kernel paging requests in last seen 2020-06-01 modified 2020-06-02 plugin id 67659 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67659 title Oracle Linux 5 : kernel (ELSA-2008-0154) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0154.NASL description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. (CVE-2007-6207, Important) * two buffer overflow flaws were found in ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-5938: Important, CVE-2007-6063: Moderate) * a possible NULL pointer dereference was found in the subsystem used for showing CPU information, as used by CHRP systems on PowerPC architectures. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) * a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service. (CVE-2006-6921, Moderate) As well, these updated packages fix the following bugs : * a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out of memory, causing a kernel panic. * on IBM System z architectures, using the IBM Hardware Management Console to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, possibly causing data corruption. * when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium architectures, a bug in the address translation in the hypervisor caused the wrong address to be registered, causing Dom0 to hang. * on Itanium architectures, frequent Corrected Platform Error errors may have caused the hypervisor to hang. * when enabling a CPU without hot plug support, routines for checking the presence of the CPU were missing. The CPU tried to access its own resources, causing a kernel panic. * after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused the HP Array Configuration Utility CLI to become unstable, possibly causing a system hang, or a kernel panic. * a bug in NFS directory caching could have caused different hosts to have different views of NFS directories. * on Itanium architectures, the Corrected Machine Check Interrupt masked hot-added CPUs as disabled. * when running Oracle database software on the Intel 64 and AMD64 architectures, if an SGA larger than 4GB was created, and had hugepages allocated to it, the hugepages were not freed after database shutdown. * in a clustered environment, when two or more NFS clients had the same logical volume mounted, and one of them modified a file on the volume, NULL characters may have been inserted, possibly causing data corruption. These updated packages resolve several severe issues in the lpfc driver : * a system hang after LUN discovery. * a general fault protection, a NULL pointer dereference, or slab corruption could occur while running a debug on the kernel. * the inability to handle kernel paging requests in last seen 2020-06-01 modified 2020-06-02 plugin id 43674 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43674 title CentOS 4 / 5 : kernel (CESA-2008:0154) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-618-1.NASL description It was discovered that the ALSA /proc interface did not write the correct number of bytes when reporting memory allocations. A local attacker might be able to access sensitive kernel memory, leading to a loss of privacy. (CVE-2007-4571) Multiple buffer overflows were discovered in the handling of CIFS filesystems. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges. (CVE-2007-5904) It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. (CVE-2007-6694) It was discovered that some device driver fault handlers did not correctly verify memory ranges. A local attacker could exploit this to access sensitive kernel memory, possibly leading to a loss of privacy. (CVE-2008-0007) It was discovered that CPU resource limits could be bypassed. A malicious local user could exploit this to avoid administratively imposed resource limits. (CVE-2008-1294) A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. (CVE-2008-1375) On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. (CVE-2008-1669). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33255 published 2008-06-24 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33255 title Ubuntu 6.06 LTS / 7.04 / 7.10 : linux-source-2.6.15/20/22 vulnerabilities (USN-618-1) NASL family Scientific Linux Local Security Checks NASL id SL_20080131_KERNEL_ON_SL4_X.NASL description These updated kernel packages fix the following security issues : A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug : - when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the last seen 2020-06-01 modified 2020-06-02 plugin id 60354 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60354 title Scientific Linux Security Update : kernel on SL4.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1503.NASL description Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-2731 infamous41md reported multiple integer overflows in the Sbus PROM driver that would allow for a DoS (Denial of Service) attack by a local user, and possibly the execution of arbitrary code. - CVE-2006-4814 Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling. - CVE-2006-5753 Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad. - CVE-2006-5823 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted cramfs filesystem. - CVE-2006-6053 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem. - CVE-2006-6054 LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext2 filesystem. - CVE-2006-6106 Marcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitrary code. - CVE-2007-1353 Ilja van Sprundel discovered that kernel memory could be leaked via the Bluetooth setsockopt call due to an uninitialized stack buffer. This could be used by local attackers to read the contents of sensitive kernel memory. - CVE-2007-1592 Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by local users to cause a DoS (Oops). - CVE-2007-2172 Thomas Graf reported a typo in the DECnet protocol handler that could be used by a local attacker to overrun an array via crafted packets, potentially resulting in a Denial of Service (system crash). A similar issue exists in the IPV4 protocol handler and will be fixed in a subsequent update. - CVE-2007-2525 Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused by releasing a socket before PPPIOCGCHAN is called upon it. This could be used by a local user to DoS a system by consuming all available memory. - CVE-2007-3848 Wojciech Purczynski discovered that pdeath_signal was not being reset properly under certain conditions which may allow local users to gain privileges by sending arbitrary signals to suid binaries. - CVE-2007-4308 Alan Cox reported an issue in the aacraid driver that allows unprivileged local users to make ioctl calls which should be restricted to admin privileges. - CVE-2007-4311 PaX team discovered an issue in the random driver where a defect in the reseeding code leads to a reduction in entropy. - CVE-2007-5093 Alex Smith discovered an issue with the pwc driver for certain webcam devices. If the device is removed while a userspace application has it open, the driver will wait for userspace to close the device, resulting in a blocked USB subsystem. This issue is of low security impact as it requires the attacker to either have physical access to the system or to convince a user with local access to remove the device on their behalf. - CVE-2007-6063 Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl handling, exploitable by a local user. - CVE-2007-6151 ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data. - CVE-2007-6206 Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. - CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). - CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update : Debian 3.1 (sarge) alsa-modules-i386 1.0.8+2sarge2 kernel-image-2.4.27-arm 2.4.27-2sarge6 kernel-image-2.4.27-m68k 2.4.27-3sarge6 kernel-image-speakup-i386 2.4.27-1.1sarge5 kernel-image-2.4.27-alpha 2.4.27-10sarge6 kernel-image-2.4.27-s390 2.4.27-2sarge6 kernel-image-2.4.27-sparc 2.4.27-9sarge6 kernel-image-2.4.27-i386 2.4.27-10sarge6 kernel-image-2.4.27-ia64 2.4.27-10sarge6 kernel-patch-2.4.27-mips 2.4.27-10.sarge4.040815-3 kernel-patch-powerpc-2.4.27 2.4.27-10sarge6 kernel-latest-2.4-alpha 101sarge3 kernel-latest-2.4-i386 101sarge2 kernel-latest-2.4-s390 2.4.27-1sarge2 kernel-latest-2.4-sparc 42sarge3 i2c 1:2.9.1-1sarge2 lm-sensors 1:2.9.1-1sarge4 mindi-kernel 2.4.27-2sarge5 pcmcia-modules-2.4.27-i386 3.2.5+2sarge2 hostap-modules-i386 1:0.3.7-1sarge3 systemimager 3.2.3-6sarge5 last seen 2020-06-01 modified 2020-06-02 plugin id 31147 published 2008-02-25 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31147 title Debian DSA-1503-1 : kernel-source-2.4.27 - several vulnerabilities
Oval
| accepted | 2013-04-29T04:12:25.071-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11215 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 27555 CVE(CAN) ID: CVE-2007-6694 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在PowerPC平台上执行里存在漏洞,本地攻击者可能利用此漏洞导致拒绝服务。 当运行在PowerPC时,Linux Kernel的chrp/setup.c文件中的chrp_show_cpuinfo函数可能会出现崩溃。如果本地攻击者导致of_get_property函数失败的话,就会触发空指针引用,导致拒绝服务的情况。 Linux kernel 2.4.21 - 2.6.18-53 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0055-01)以及相应补丁: RHSA-2008:0055-01:Important: kernel security and bug fix update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0055.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0055.html</a> |
| id | SSV:2885 |
| last seen | 2017-11-19 |
| modified | 2008-02-03 |
| published | 2008-02-03 |
| reporter | Root |
| title | Linux Kernel PowerPC chrp/setup.c文件空指针引用漏洞 |
References
- http://marc.info/?l=linux-kernel&m=119576191029571&w=2
- http://marc.info/?l=linux-kernel&m=119576191029571&w=2
- http://rhn.redhat.com/errata/RHSA-2008-0055.html
- http://rhn.redhat.com/errata/RHSA-2008-0055.html
- http://secunia.com/advisories/28696
- http://secunia.com/advisories/28696
- http://secunia.com/advisories/28748
- http://secunia.com/advisories/28748
- http://secunia.com/advisories/29058
- http://secunia.com/advisories/29058
- http://secunia.com/advisories/29236
- http://secunia.com/advisories/29236
- http://secunia.com/advisories/30018
- http://secunia.com/advisories/30018
- http://secunia.com/advisories/30515
- http://secunia.com/advisories/30515
- http://secunia.com/advisories/30769
- http://secunia.com/advisories/30769
- http://www.debian.org/security/2008/dsa-1503
- http://www.debian.org/security/2008/dsa-1503
- http://www.debian.org/security/2008/dsa-1504
- http://www.debian.org/security/2008/dsa-1504
- http://www.debian.org/security/2008/dsa-1565
- http://www.debian.org/security/2008/dsa-1565
- http://www.redhat.com/support/errata/RHSA-2008-0154.html
- http://www.redhat.com/support/errata/RHSA-2008-0154.html
- http://www.securityfocus.com/bid/27555
- http://www.securityfocus.com/bid/27555
- http://www.ubuntu.com/usn/usn-618-1
- http://www.ubuntu.com/usn/usn-618-1
- http://www.vupen.com/english/advisories/2008/0380
- http://www.vupen.com/english/advisories/2008/0380
- https://bugzilla.redhat.com/show_bug.cgi?id=396751
- https://bugzilla.redhat.com/show_bug.cgi?id=396751
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11215
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11215
- https://usn.ubuntu.com/614-1/
- https://usn.ubuntu.com/614-1/