Vulnerabilities > CVE-2008-1367 - Resource Management Errors vulnerability in GNU GCC 4.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0233.NASL description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an last seen 2020-06-01 modified 2020-06-02 plugin id 32161 published 2008-05-09 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32161 title RHEL 5 : kernel (RHSA-2008:0233) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0233. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(32161); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-5498", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1619", "CVE-2008-1669"); script_bugtraq_id(29003, 29076); script_xref(name:"RHSA", value:"2008:0233"); script_name(english:"RHEL 5 : kernel (RHSA-2008:0233)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an 'ata1: CPB flags CMD err flags 0x11' error. * repeatedly hot-plugging a PCI Express card may have caused 'Bad DLLP' errors. * a NULL pointer dereference in NFS, which may have caused applications to crash, has been resolved. * when attempting to kexec reboot, either manually or via a panic-triggered kdump, the Unisys ES7000/one hanged after rebooting in the new kernel, after printing the 'Memory: 32839688k/33685504k available' line. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5498" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0007" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-1367" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-1375" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-1619" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-1669" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0233" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(94, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-5498", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1619", "CVE-2008-1669"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2008:0233"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0233"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-53.1.19.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc"); } }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0211.NASL description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) * a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) * a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) * a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. * in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. * on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32139 published 2008-05-09 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32139 title CentOS 3 : kernel (CESA-2008:0211) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0211 and # CentOS Errata and Security Advisory 2008:0211 respectively. # include("compat.inc"); if (description) { script_id(32139); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2006-4814", "CVE-2007-5001", "CVE-2007-6151", "CVE-2007-6206", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1669"); script_bugtraq_id(21663, 26701, 27497, 29003, 29076); script_xref(name:"RHSA", value:"2008:0211"); script_name(english:"CentOS 3 : kernel (CESA-2008:0211)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) * a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) * a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) * a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. * in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. * on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-May/014880.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fa094a93" ); # https://lists.centos.org/pipermail/centos-announce/2008-May/014881.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9d3dc798" ); # https://lists.centos.org/pipermail/centos-announce/2008-May/014890.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8dd0eb67" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 94, 119, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-BOOT"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-unsupported"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-unsupported"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-unsupported"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"kernel-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-BOOT-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"kernel-doc-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-hugemem-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-hugemem-unsupported-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-smp-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-smp-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-smp-unsupported-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"kernel-source-2.4.21-57.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"kernel-unsupported-2.4.21-57.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0233.NASL description From Red Hat Security Advisory 2008:0233 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an last seen 2020-06-01 modified 2020-06-02 plugin id 67683 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67683 title Oracle Linux 5 : kernel (ELSA-2008-0233) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0233 and # Oracle Linux Security Advisory ELSA-2008-0233 respectively. # include("compat.inc"); if (description) { script_id(67683); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-5498", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1619", "CVE-2008-1669"); script_bugtraq_id(29003, 29076); script_xref(name:"RHSA", value:"2008:0233"); script_name(english:"Oracle Linux 5 : kernel (ELSA-2008-0233)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0233 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an 'ata1: CPB flags CMD err flags 0x11' error. * repeatedly hot-plugging a PCI Express card may have caused 'Bad DLLP' errors. * a NULL pointer dereference in NFS, which may have caused applications to crash, has been resolved. * when attempting to kexec reboot, either manually or via a panic-triggered kdump, the Unisys ES7000/one hanged after rebooting in the new kernel, after printing the 'Memory: 32839688k/33685504k available' line. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-May/000588.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(94, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-5498", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1619", "CVE-2008-1669"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2008-0233"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-53.1.19.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-53.1.19.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-53.1.19.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-53.1.19.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-53.1.19.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-53.1.19.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-53.1.19.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-53.1.19.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-53.1.19.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-53.1.19.0.1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-5375.NASL description This kernel update fixes quite a number of security problems : - A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. This requires the host to be able to receive such packets (default filtered by the firewall). (CVE-2007-6282) - A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine. (CVE-2008-2136) - On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. (CVE-2008-1615) - An information leakage during coredumping of root processes was fixed. (CVE-2007-6206) - Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. (CVE-2008-1669) - Fixed a dnotify race condition, which could be used by local attackers to potentially execute code. (CVE-2008-1375) - A ptrace bug could be used by local attackers to hang their own processes indefinitely. (CVE-2007-5500) - Clear the last seen 2020-06-01 modified 2020-06-02 plugin id 33432 published 2008-07-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33432 title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5375) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(33432); script_version ("1.18"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2007-5500", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6282", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1615", "CVE-2008-1669", "CVE-2008-2136"); script_name(english:"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5375)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This kernel update fixes quite a number of security problems : - A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. This requires the host to be able to receive such packets (default filtered by the firewall). (CVE-2007-6282) - A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine. (CVE-2008-2136) - On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. (CVE-2008-1615) - An information leakage during coredumping of root processes was fixed. (CVE-2007-6206) - Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. (CVE-2008-1669) - Fixed a dnotify race condition, which could be used by local attackers to potentially execute code. (CVE-2008-1375) - A ptrace bug could be used by local attackers to hang their own processes indefinitely. (CVE-2007-5500) - Clear the 'direction' flag before calling signal handlers. For specific not yet identified programs under specific timing conditions this could potentially have caused memory corruption or code execution. (CVE-2008-1367) - The isdn_ioctl function in isdn_common.c allowed local users to cause a denial of service via a crafted ioctl struct in which ioctls is not null terminated, which triggers a buffer overflow. (CVE-2007-6151) Non security related changes : OCFS2 was updated to version v1.2.9-1-r3100. Also a huge number of bugs were fixed. Please refer to the RPM changelog for a detailed list." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5500.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6151.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6206.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6282.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1367.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1375.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1615.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1669.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2136.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5375."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(16, 94, 119, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"kernel-bigsmp-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"kernel-default-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"kernel-smp-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"kernel-source-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"kernel-syms-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"kernel-xen-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"kernel-xenpae-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"kernel-bigsmp-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"kernel-debug-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"kernel-default-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"kernel-kdump-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"kernel-smp-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"kernel-source-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"kernel-syms-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"kernel-xen-2.6.16.54-0.2.8")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"kernel-xenpae-2.6.16.54-0.2.8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0508.NASL description From Red Hat Security Advisory 2008:0508 : Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) * Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang). (CVE-2008-2365, Important) * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bug : * On systems with a large number of CPUs (more than 16), multiple applications calling the last seen 2020-06-01 modified 2020-06-02 plugin id 67703 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67703 title Oracle Linux 4 : kernel (ELSA-2008-0508) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0508 and # Oracle Linux Security Advisory ELSA-2008-0508 respectively. # include("compat.inc"); if (description) { script_id(67703); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2008-0598", "CVE-2008-1367", "CVE-2008-2365", "CVE-2008-2729"); script_bugtraq_id(29942); script_xref(name:"RHSA", value:"2008:0508"); script_name(english:"Oracle Linux 4 : kernel (ELSA-2008-0508)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0508 : Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) * Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang). (CVE-2008-2365, Important) * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bug : * On systems with a large number of CPUs (more than 16), multiple applications calling the 'times()' system call may have caused a system hang. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-June/000657.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(200, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/17"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2008-0598", "CVE-2008-1367", "CVE-2008-2365", "CVE-2008-2729"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2008-0508"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL4", rpm:"kernel-2.6.9") && rpm_check(release:"EL4", reference:"kernel-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-devel-2.6.9") && rpm_check(release:"EL4", reference:"kernel-devel-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-doc-2.6.9") && rpm_check(release:"EL4", reference:"kernel-doc-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"ia64", reference:"kernel-largesmp-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"ia64", reference:"kernel-largesmp-devel-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-67.0.20.0.1.EL")) flag++; if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-67.0.20.0.1.EL")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0508.NASL description Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) * Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang). (CVE-2008-2365, Important) * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bug : * On systems with a large number of CPUs (more than 16), multiple applications calling the last seen 2020-06-01 modified 2020-06-02 plugin id 33376 published 2008-07-02 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33376 title RHEL 4 : kernel (RHSA-2008:0508) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0508. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(33376); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-0598", "CVE-2008-1367", "CVE-2008-2365", "CVE-2008-2729"); script_bugtraq_id(29942); script_xref(name:"RHSA", value:"2008:0508"); script_name(english:"RHEL 4 : kernel (RHSA-2008:0508)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) * Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang). (CVE-2008-2365, Important) * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bug : * On systems with a large number of CPUs (more than 16), multiple applications calling the 'times()' system call may have caused a system hang. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0598" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-1367" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-2365" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-2729" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0508" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(200, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/17"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2008-0598", "CVE-2008-1367", "CVE-2008-2365", "CVE-2008-2729"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2008:0508"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0508"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"kernel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", reference:"kernel-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", reference:"kernel-doc-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-67.0.20.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc"); } }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0508.NASL description Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) * Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang). (CVE-2008-2365, Important) * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bug : * On systems with a large number of CPUs (more than 16), multiple applications calling the last seen 2020-06-01 modified 2020-06-02 plugin id 33365 published 2008-07-02 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33365 title CentOS 4 : kernel (CESA-2008:0508) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0508 and # CentOS Errata and Security Advisory 2008:0508 respectively. # include("compat.inc"); if (description) { script_id(33365); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-0598", "CVE-2008-1367", "CVE-2008-2365", "CVE-2008-2729"); script_bugtraq_id(29942); script_xref(name:"RHSA", value:"2008:0508"); script_name(english:"CentOS 4 : kernel (CESA-2008:0508)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) * Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang). (CVE-2008-2365, Important) * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bug : * On systems with a large number of CPUs (more than 16), multiple applications calling the 'times()' system call may have caused a system hang. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-June/015050.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?df2b82ae" ); # https://lists.centos.org/pipermail/centos-announce/2008-June/015051.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3d2bd96d" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(200, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/17"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-doc-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-doc-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-67.0.20.EL")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-67.0.20.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20080507_KERNEL_ON_SL5_X.NASL description These updated packages fix the following security issues : - the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) - a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) - the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) - when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) - the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) - it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : - on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. - multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. - when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. - on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an last seen 2020-06-01 modified 2020-06-02 plugin id 60395 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60395 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60395); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-5498", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1619", "CVE-2008-1669"); script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "These updated packages fix the following security issues : - the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) - a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) - the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) - when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) - the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) - it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : - on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. - multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. - when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. - on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an 'ata1: CPB flags CMD err flags 0x11' error. - repeatedly hot-plugging a PCI Express card may have caused 'Bad DLLP' errors. - a NULL pointer dereference in NFS, which may have caused applications to crash, has been resolved. - when attempting to kexec reboot, either manually or via a panic-triggered kdump, the Unisys ES7000/one hanged after rebooting in the new kernel, after printing the 'Memory: 32839688k/33685504k available' line." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0805&L=scientific-linux-errata&T=0&P=188 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cf093229" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(94, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"kernel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-53.1.19.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-53.1.19.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0211.NASL description From Red Hat Security Advisory 2008:0211 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) * a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) * a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) * a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. * in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. * on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67678 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67678 title Oracle Linux 3 : kernel (ELSA-2008-0211) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0211 and # Oracle Linux Security Advisory ELSA-2008-0211 respectively. # include("compat.inc"); if (description) { script_id(67678); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2006-4814", "CVE-2007-5001", "CVE-2007-6151", "CVE-2007-6206", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1669"); script_bugtraq_id(21663, 26701, 27497, 29003, 29076); script_xref(name:"RHSA", value:"2008:0211"); script_name(english:"Oracle Linux 3 : kernel (ELSA-2008-0211)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0211 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) * a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) * a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) * a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. * in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. * on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-May/000587.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 94, 119, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-BOOT"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-unsupported"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-unsupported"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-unsupported"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2006-4814", "CVE-2007-5001", "CVE-2007-6151", "CVE-2007-6206", "CVE-2008-0007", "CVE-2008-1367", "CVE-2008-1375", "CVE-2008-1669"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2008-0211"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.4"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL3", rpm:"kernel-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-BOOT-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-doc-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-doc-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-doc-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-doc-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-hugemem-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-hugemem-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-hugemem-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-hugemem-unsupported-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-smp-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-smp-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-smp-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-smp-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-smp-unsupported-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-smp-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-source-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-source-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-source-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-source-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-unsupported-2.4.21-57.0.0.0.1.EL")) flag++; if (rpm_exists(release:"EL3", rpm:"kernel-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-unsupported-2.4.21-57.0.0.0.1.EL")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family Scientific Linux Local Security Checks NASL id SL_20080625_KERNEL_ON_SL4_X.NASL description These updated packages fix the following security issues : - A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) - Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang). (CVE-2008-2365, Important) - Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) - It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bug : - On systems with a large number of CPUs (more than 16), multiple applications calling the last seen 2020-06-01 modified 2020-06-02 plugin id 60429 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60429 title Scientific Linux Security Update : kernel on SL4.x i386/x86_64 NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0011.NASL description I Service Console rpm updates a. Security Update to Service Console Kernel This fix upgrades service console kernel version to 2.4.21-57.EL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206, CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL. b. Samba Security Update This fix upgrades the service console rpm samba to version 3.0.9-1.3E.15vmw The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1105 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40380 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40380 title VMSA-2008-0011 : Updated ESX service console packages for Samba and vmnix NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0211.NASL description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) * a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) * a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) * a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. * in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. * on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32160 published 2008-05-09 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32160 title RHEL 3 : kernel (RHSA-2008:0211) NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-5336.NASL description This kernel update fixes the following security problems : CVE-2008-1615: On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. CVE-2008-2358: A security problem in DCCP was fixed, which could be used by remote attackers to crash the machine. CVE-2007-6206: An information leakage during coredumping of root processes was fixed. CVE-2007-6712: A integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired. CVE-2008-2136: A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine. CVE-2008-1669: Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. CVE-2008-1367: Clear the last seen 2020-06-01 modified 2020-06-02 plugin id 33252 published 2008-06-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33252 title openSUSE 10 Security Update : kernel (kernel-5336) NASL family Scientific Linux Local Security Checks NASL id SL_20080507_KERNEL_ON_SL3_X.NASL description These updated packages fix the following security issues : - the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) - the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) - when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) - a flaw was found when performing asynchronous input or output operations on a FIFO special file. A local unprivileged user could use this flaw to cause a kernel panic. (CVE-2007-5001, Important) - a flaw was found in the way core dump files were created. If a local user could get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) - a buffer overflow was found in the Linux kernel ISDN subsystem. A local unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6151, Moderate) - a race condition found in the mincore system core could allow a local user to cause a denial of service (system hang). (CVE-2006-4814, Moderate) - it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : - a bug, which caused long delays when unmounting mounts containing a large number of unused dentries, has been resolved. - in the previous kernel packages, the kernel was unable to handle certain floating point instructions on Itanium(R) architectures. - on certain Intel CPUs, the Translation Lookaside Buffer (TLB) was not flushed correctly, which caused machine check errors. last seen 2020-06-01 modified 2020-06-02 plugin id 60393 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60393 title Scientific Linux Security Update : kernel on SL3.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-5370.NASL description This kernel update fixes quite a number of security problems : - A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. This requires the host to be able to receive such packets (default filtered by the firewall). (CVE-2007-6282) - A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine. (CVE-2008-2136) - On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. (CVE-2008-1615) - An information leakage during coredumping of root processes was fixed. (CVE-2007-6206) - Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. (CVE-2008-1669) - Fixed a dnotify race condition, which could be used by local attackers to potentially execute code. (CVE-2008-1375) - A ptrace bug could be used by local attackers to hang their own processes indefinitely. (CVE-2007-5500) - Clear the last seen 2020-06-01 modified 2020-06-02 plugin id 59128 published 2012-05-17 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59128 title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5370) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0233.NASL description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue : * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs : * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an last seen 2020-06-01 modified 2020-06-02 plugin id 43681 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43681 title CentOS 5 : kernel (CESA-2008:0233) NASL family SuSE Local Security Checks NASL id SUSE_KERNEL-5339.NASL description This kernel update fixes the following security problems: CVE-2008-2136: A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine. CVE-2008-1615: On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. CVE-2008-2148: The permission checking in sys_utimensat was incorrect and local attackers could change the filetimes of files they do not own to the current time. CVE-2008-1669: Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. CVE-2008-1375: Fixed a dnotify race condition, which could be used by local attackers to potentially execute code. CVE-2007-6282: A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. This requires the host to be able to receive such packets (default filtered by the firewall). CVE-2008-1367: Clear the last seen 2020-06-01 modified 2020-06-02 plugin id 33253 published 2008-06-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33253 title openSUSE 10 Security Update : kernel (kernel-5339)
Oval
| accepted | 2013-04-29T04:11:33.596-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11108 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- http://lwn.net/Articles/272048/#Comments
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
- http://lkml.org/lkml/2008/3/5/207
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html
- http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html
- http://www.redhat.com/support/errata/RHSA-2008-0211.html
- http://www.redhat.com/support/errata/RHSA-2008-0233.html
- http://secunia.com/advisories/31246
- https://bugzilla.redhat.com/show_bug.cgi?id=437312
- http://marc.info/?l=git-commits-head&m=120492000901739&w=2
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
- http://secunia.com/advisories/30818
- http://secunia.com/advisories/30890
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
- http://rhn.redhat.com/errata/RHSA-2008-0508.html
- http://lists.vmware.com/pipermail/security-announce/2008/000023.html
- http://secunia.com/advisories/30962
- http://secunia.com/advisories/30850
- http://secunia.com/advisories/30116
- http://secunia.com/advisories/30110
- http://www.securityfocus.com/bid/29084
- http://www.vupen.com/english/advisories/2008/2222/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41340
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51