Vulnerabilities > CVE-2008-1514 - Resource Management Errors vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference.

Vulnerable Configurations

Part Description Count
OS
Linux
284

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-5668.NASL
    descriptionThis kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and some security problems : - When creating a file, open()/creat() allowed the setgid bit to be set via the mode argument even when, due to the bsdgroups mount option or the file being created in a setgid directory, the new file
    last seen2020-06-01
    modified2020-06-02
    plugin id41535
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41535
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41535);
      script_version ("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:32");
    
      script_cve_id("CVE-2007-6716", "CVE-2008-1514", "CVE-2008-3525", "CVE-2008-3528", "CVE-2008-4210");
    
      script_name(english:"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes
    various bugs and some security problems :
    
      - When creating a file, open()/creat() allowed the setgid
        bit to be set via the mode argument even when, due to
        the bsdgroups mount option or the file being created in
        a setgid directory, the new file's group is one which
        the user is not a member of. The local attacker could
        then use ftruncate() and memory-mapped I/O to turn the
        new file into an arbitrary binary and thus gain the
        privileges of this group, since these operations do not
        clear the setgid bit.'. (CVE-2008-4210)
    
      - The ext[234] filesystem code fails to properly handle
        corrupted data structures. With a mounted filesystem
        image or partition that have corrupted dir->i_size and
        dir->i_blocks, a user performing either a read or write
        operation on the mounted image or partition can lead to
        a possible denial of service by spamming the logfile.
        (CVE-2008-3528)
    
      - The S/390 ptrace code allowed local users to cause a
        denial of service (kernel panic) via the
        user-area-padding test from the ptrace testsuite in
        31-bit mode, which triggers an invalid dereference.
        (CVE-2008-1514)
    
      - fs/direct-io.c in the dio subsystem in the Linux kernel
        did not properly zero out the dio struct, which allows
        local users to cause a denial of service (OOPS), as
        demonstrated by a certain fio test. (CVE-2007-6716)
    
      - Added missing capability checks in sbni_ioctl().
        (CVE-2008-3525)
    
    Also OCFS2 was updated to version v1.4.1-1.
    
    The full amount of changes can be reviewed in the RPM changelog."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-6716.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1514.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-3525.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-3528.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-4210.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5668.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/10/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-default-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-smp-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-source-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-syms-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-xen-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-debug-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-default-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-smp-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-source-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-syms-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-xen-2.6.16.60-0.31")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.31")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0972.NASL
    descriptionUpdated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. * a flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id34841
    published2008-11-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34841
    titleRHEL 4 : kernel (RHSA-2008:0972)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0972. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34841);
      script_version ("1.29");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-5093", "CVE-2007-6716", "CVE-2008-1514", "CVE-2008-3272", "CVE-2008-3528", "CVE-2008-4210");
      script_bugtraq_id(30559, 31177, 31368, 31515);
      script_xref(name:"RHSA", value:"2008:0972");
    
      script_name(english:"RHEL 4 : kernel (RHSA-2008:0972)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that resolve several security issues and fix
    various bugs are now available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * a flaw was found in the Linux kernel's Direct-IO implementation.
    This could have allowed a local unprivileged user to cause a denial of
    service. (CVE-2007-6716, Important)
    
    * when running ptrace in 31-bit mode on an IBM S/390 or IBM System z
    kernel, a local unprivileged user could cause a denial of service by
    reading from or writing into a padding area in the user_regs_struct32
    structure. (CVE-2008-1514, Important)
    
    * the do_truncate() and generic_file_splice_write() functions did not
    clear the setuid and setgid bits. This could have allowed a local
    unprivileged user to obtain access to privileged information.
    (CVE-2008-4210, Important)
    
    * Tobias Klein reported a missing check in the Linux kernel's Open
    Sound System (OSS) implementation. This deficiency could have led to
    an information leak. (CVE-2008-3272, Moderate)
    
    * a potential denial of service attack was discovered in the Linux
    kernel's PWC USB video driver. A local unprivileged user could have
    used this flaw to bring the kernel USB subsystem into the busy-waiting
    state. (CVE-2007-5093, Low)
    
    * the ext2 and ext3 file systems code failed to properly handle
    corrupted data structures, leading to a possible local denial of
    service issue when read or write operations were performed.
    (CVE-2008-3528, Low)
    
    In addition, these updated packages fix the following bugs :
    
    * when using the CIFS 'forcedirectio' option, appending to an open
    file on a CIFS share resulted in that file being overwritten with the
    data to be appended.
    
    * a kernel panic occurred when a device with PCI ID 8086:10c8 was
    present on a system with a loaded ixgbe driver.
    
    * due to an aacraid driver regression, the kernel failed to boot when
    trying to load the aacraid driver and printed the following error
    message: 'aac_srb: aac_fib_send failed with status: 8195'.
    
    * due to an mpt driver regression, when RAID 1 was configured on
    Primergy systems with an LSI SCSI IME 53C1020/1030 controller, the
    kernel panicked during boot.
    
    * the mpt driver produced a large number of extraneous debugging
    messages when performing a 'Host reset' operation.
    
    * due to a regression in the sym driver, the kernel panicked when a
    SCSI hot swap was performed using MCP18 hardware.
    
    * all cores on a multi-core system now scale their frequencies in
    accordance with the policy set by the system's CPU frequency governor.
    
    * the netdump subsystem suffered from several stability issues. These
    are addressed in this updated kernel.
    
    * under certain conditions, the ext3 file system reported a negative
    count of used blocks.
    
    * reading /proc/self/mem incorrectly returned 'Invalid argument'
    instead of 'input/output error' due to a regression.
    
    * under certain conditions, the kernel panicked when a USB device was
    removed while the system was busy accessing the device.
    
    * a race condition in the kernel could have led to a kernel crash
    during the creation of a new process.
    
    All Red Hat Enterprise Linux 4 Users should upgrade to these updated
    packages, which contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6716"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3528"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-4210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0972"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2007-5093", "CVE-2007-6716", "CVE-2008-1514", "CVE-2008-3272", "CVE-2008-3528", "CVE-2008-4210");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2008:0972");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0972";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"kernel-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"kernel-devel-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"kernel-doc-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-devel-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-devel-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-devel-2.6.9-78.0.8.EL")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-78.0.8.EL")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081119_KERNEL_ON_SL4_X.NASL
    description - a flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id60497
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60497
    titleScientific Linux Security Update : kernel on SL4.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60497);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2007-5093", "CVE-2007-6716", "CVE-2008-1514", "CVE-2008-3272", "CVE-2008-3528", "CVE-2008-4210");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL4.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - a flaw was found in the Linux kernel's Direct-IO
        implementation. This could have allowed a local
        unprivileged user to cause a denial of service.
        (CVE-2007-6716, Important)
    
      - when running ptrace in 31-bit mode on an IBM S/390 or
        IBM System z kernel, a local unprivileged user could
        cause a denial of service by reading from or writing
        into a padding area in the user_regs_struct32 structure.
        (CVE-2008-1514, Important)
    
      - the do_truncate() and generic_file_splice_write()
        functions did not clear the setuid and setgid bits. This
        could have allowed a local unprivileged user to obtain
        access to privileged information. (CVE-2008-4210,
        Important)
    
      - Tobias Klein reported a missing check in the Linux
        kernel's Open Sound System (OSS) implementation. This
        deficiency could have led to an information leak.
        (CVE-2008-3272, Moderate)
    
      - a potential denial of service attack was discovered in
        the Linux kernel's PWC USB video driver. A local
        unprivileged user could have used this flaw to bring the
        kernel USB subsystem into the busy-waiting state.
        (CVE-2007-5093, Low)
    
      - the ext2 and ext3 file systems code failed to properly
        handle corrupted data structures, leading to a possible
        local denial of service issue when read or write
        operations were performed. (CVE-2008-3528, Low)
    
    In addition, these updated packages fix the following bugs :
    
      - when using the CIFS 'forcedirectio' option, appending to
        an open file on a CIFS share resulted in that file being
        overwritten with the data to be appended.
    
      - a kernel panic occurred when a device with PCI ID
        8086:10c8 was present on a system with a loaded ixgbe
        driver.
    
      - due to an aacraid driver regression, the kernel failed
        to boot when trying to load the aacraid driver and
        printed the following error message: 'aac_srb:
        aac_fib_send failed with status: 8195'.
    
      - due to an mpt driver regression, when RAID 1 was
        configured on Primergy systems with an LSI SCSI IME
        53C1020/1030 controller, the kernel panicked during
        boot.
    
      - the mpt driver produced a large number of extraneous
        debugging messages when performing a 'Host reset'
        operation.
    
      - due to a regression in the sym driver, the kernel
        panicked when a SCSI hot swap was performed using MCP18
        hardware.
    
      - all cores on a multi-core system now scale their
        frequencies in accordance with the policy set by the
        system's CPU frequency governor.
    
      - the netdump subsystem suffered from several stability
        issues. These are addressed in this updated kernel.
    
      - under certain conditions, the ext3 file system reported
        a negative count of used blocks.
    
      - reading /proc/self/mem incorrectly returned 'Invalid
        argument' instead of 'input/output error' due to a
        regression.
    
      - under certain conditions, the kernel panicked when a USB
        device was removed while the system was busy accessing
        the device.
    
      - a race condition in the kernel could have led to a
        kernel crash during the creation of a new process."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0811&L=scientific-linux-errata&T=0&P=1696
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7b7ff8bf"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"kernel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", reference:"kernel-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", reference:"kernel-doc-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", cpu:"i386", reference:"kernel-hugemem-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", reference:"kernel-smp-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", reference:"kernel-smp-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", reference:"kernel-xenU-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"SL4", reference:"kernel-xenU-devel-2.6.9-78.0.8.EL")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0972.NASL
    descriptionFrom Red Hat Security Advisory 2008:0972 : Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. * a flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id67762
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67762
    titleOracle Linux 4 : kernel (ELSA-2008-0972)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0972 and 
    # Oracle Linux Security Advisory ELSA-2008-0972 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67762);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2007-5093", "CVE-2007-6716", "CVE-2008-1514", "CVE-2008-3272", "CVE-2008-3528", "CVE-2008-4210");
      script_bugtraq_id(30559, 31177, 31368, 31515);
      script_xref(name:"RHSA", value:"2008:0972");
    
      script_name(english:"Oracle Linux 4 : kernel (ELSA-2008-0972)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0972 :
    
    Updated kernel packages that resolve several security issues and fix
    various bugs are now available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * a flaw was found in the Linux kernel's Direct-IO implementation.
    This could have allowed a local unprivileged user to cause a denial of
    service. (CVE-2007-6716, Important)
    
    * when running ptrace in 31-bit mode on an IBM S/390 or IBM System z
    kernel, a local unprivileged user could cause a denial of service by
    reading from or writing into a padding area in the user_regs_struct32
    structure. (CVE-2008-1514, Important)
    
    * the do_truncate() and generic_file_splice_write() functions did not
    clear the setuid and setgid bits. This could have allowed a local
    unprivileged user to obtain access to privileged information.
    (CVE-2008-4210, Important)
    
    * Tobias Klein reported a missing check in the Linux kernel's Open
    Sound System (OSS) implementation. This deficiency could have led to
    an information leak. (CVE-2008-3272, Moderate)
    
    * a potential denial of service attack was discovered in the Linux
    kernel's PWC USB video driver. A local unprivileged user could have
    used this flaw to bring the kernel USB subsystem into the busy-waiting
    state. (CVE-2007-5093, Low)
    
    * the ext2 and ext3 file systems code failed to properly handle
    corrupted data structures, leading to a possible local denial of
    service issue when read or write operations were performed.
    (CVE-2008-3528, Low)
    
    In addition, these updated packages fix the following bugs :
    
    * when using the CIFS 'forcedirectio' option, appending to an open
    file on a CIFS share resulted in that file being overwritten with the
    data to be appended.
    
    * a kernel panic occurred when a device with PCI ID 8086:10c8 was
    present on a system with a loaded ixgbe driver.
    
    * due to an aacraid driver regression, the kernel failed to boot when
    trying to load the aacraid driver and printed the following error
    message: 'aac_srb: aac_fib_send failed with status: 8195'.
    
    * due to an mpt driver regression, when RAID 1 was configured on
    Primergy systems with an LSI SCSI IME 53C1020/1030 controller, the
    kernel panicked during boot.
    
    * the mpt driver produced a large number of extraneous debugging
    messages when performing a 'Host reset' operation.
    
    * due to a regression in the sym driver, the kernel panicked when a
    SCSI hot swap was performed using MCP18 hardware.
    
    * all cores on a multi-core system now scale their frequencies in
    accordance with the policy set by the system's CPU frequency governor.
    
    * the netdump subsystem suffered from several stability issues. These
    are addressed in this updated kernel.
    
    * under certain conditions, the ext3 file system reported a negative
    count of used blocks.
    
    * reading /proc/self/mem incorrectly returned 'Invalid argument'
    instead of 'input/output error' due to a regression.
    
    * under certain conditions, the kernel panicked when a USB device was
    removed while the system was busy accessing the device.
    
    * a race condition in the kernel could have led to a kernel crash
    during the creation of a new process.
    
    All Red Hat Enterprise Linux 4 Users should upgrade to these updated
    packages, which contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-November/000809.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2007-5093", "CVE-2007-6716", "CVE-2008-1514", "CVE-2008-3272", "CVE-2008-3528", "CVE-2008-4210");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2008-0972");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL4", rpm:"kernel-2.6.9") && rpm_check(release:"EL4", reference:"kernel-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-devel-2.6.9") && rpm_check(release:"EL4", reference:"kernel-devel-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-doc-2.6.9") && rpm_check(release:"EL4", reference:"kernel-doc-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"ia64", reference:"kernel-largesmp-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"ia64", reference:"kernel-largesmp-devel-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-78.0.8.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-78.0.8.0.1.EL")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0972.NASL
    descriptionUpdated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. * a flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id37341
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37341
    titleCentOS 4 : kernel (CESA-2008:0972)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0972 and 
    # CentOS Errata and Security Advisory 2008:0972 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(37341);
      script_version("1.19");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2007-5093", "CVE-2007-6716", "CVE-2008-1514", "CVE-2008-3272", "CVE-2008-3528", "CVE-2008-4210");
      script_bugtraq_id(30559, 31177, 31368, 31515);
      script_xref(name:"RHSA", value:"2008:0972");
    
      script_name(english:"CentOS 4 : kernel (CESA-2008:0972)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that resolve several security issues and fix
    various bugs are now available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * a flaw was found in the Linux kernel's Direct-IO implementation.
    This could have allowed a local unprivileged user to cause a denial of
    service. (CVE-2007-6716, Important)
    
    * when running ptrace in 31-bit mode on an IBM S/390 or IBM System z
    kernel, a local unprivileged user could cause a denial of service by
    reading from or writing into a padding area in the user_regs_struct32
    structure. (CVE-2008-1514, Important)
    
    * the do_truncate() and generic_file_splice_write() functions did not
    clear the setuid and setgid bits. This could have allowed a local
    unprivileged user to obtain access to privileged information.
    (CVE-2008-4210, Important)
    
    * Tobias Klein reported a missing check in the Linux kernel's Open
    Sound System (OSS) implementation. This deficiency could have led to
    an information leak. (CVE-2008-3272, Moderate)
    
    * a potential denial of service attack was discovered in the Linux
    kernel's PWC USB video driver. A local unprivileged user could have
    used this flaw to bring the kernel USB subsystem into the busy-waiting
    state. (CVE-2007-5093, Low)
    
    * the ext2 and ext3 file systems code failed to properly handle
    corrupted data structures, leading to a possible local denial of
    service issue when read or write operations were performed.
    (CVE-2008-3528, Low)
    
    In addition, these updated packages fix the following bugs :
    
    * when using the CIFS 'forcedirectio' option, appending to an open
    file on a CIFS share resulted in that file being overwritten with the
    data to be appended.
    
    * a kernel panic occurred when a device with PCI ID 8086:10c8 was
    present on a system with a loaded ixgbe driver.
    
    * due to an aacraid driver regression, the kernel failed to boot when
    trying to load the aacraid driver and printed the following error
    message: 'aac_srb: aac_fib_send failed with status: 8195'.
    
    * due to an mpt driver regression, when RAID 1 was configured on
    Primergy systems with an LSI SCSI IME 53C1020/1030 controller, the
    kernel panicked during boot.
    
    * the mpt driver produced a large number of extraneous debugging
    messages when performing a 'Host reset' operation.
    
    * due to a regression in the sym driver, the kernel panicked when a
    SCSI hot swap was performed using MCP18 hardware.
    
    * all cores on a multi-core system now scale their frequencies in
    accordance with the policy set by the system's CPU frequency governor.
    
    * the netdump subsystem suffered from several stability issues. These
    are addressed in this updated kernel.
    
    * under certain conditions, the ext3 file system reported a negative
    count of used blocks.
    
    * reading /proc/self/mem incorrectly returned 'Invalid argument'
    instead of 'input/output error' due to a regression.
    
    * under certain conditions, the kernel panicked when a USB device was
    removed while the system was busy accessing the device.
    
    * a race condition in the kernel could have led to a kernel crash
    during the creation of a new process.
    
    All Red Hat Enterprise Linux 4 Users should upgrade to these updated
    packages, which contain backported patches to correct these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-November/015424.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?03430f7b"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-November/015425.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2b753b77"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-November/015443.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d7396bf3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-largesmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xenU-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"kernel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"kernel-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"kernel-doc-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"kernel-largesmp-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"kernel-largesmp-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-78.0.8.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-78.0.8.EL")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1653.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-6716 Joe Jin reported a local denial of service vulnerability that allows system users to trigger an oops due to an improperly initialized data structure. - CVE-2008-1514 Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. - CVE-2008-3276 Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic. - CVE-2008-3525 Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations. - CVE-2008-3833 The S_ISUID/S_ISGID bits were not being cleared during an inode splice, which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. Mark Fasheh reported this issue. - CVE-2008-4210 David Watson reported an issue in the open()/creat() system calls which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. - CVE-2008-4302 A coding error in the splice subsystem allows local users to attempt to unlock a page structure that has not been locked, resulting in a system crash.
    last seen2020-06-01
    modified2020-06-02
    plugin id34392
    published2008-10-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34392
    titleDebian DSA-1653-1 : linux-2.6 - denial of service/privilege escalation
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1653. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34392);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2007-6716", "CVE-2008-1514", "CVE-2008-3276", "CVE-2008-3525", "CVE-2008-3833", "CVE-2008-4210", "CVE-2008-4302");
      script_bugtraq_id(31177, 31368, 31515);
      script_xref(name:"DSA", value:"1653");
    
      script_name(english:"Debian DSA-1653-1 : linux-2.6 - denial of service/privilege escalation");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service or privilege escalation. The Common
    Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2007-6716
        Joe Jin reported a local denial of service vulnerability
        that allows system users to trigger an oops due to an
        improperly initialized data structure.
    
      - CVE-2008-1514
        Jan Kratochvil reported a local denial of service
        vulnerability in the ptrace interface for the s390
        architecture. Local users can trigger an invalid pointer
        dereference, leading to a system panic.
    
      - CVE-2008-3276
        Eugene Teo reported an integer overflow in the DCCP
        subsystem that may allow remote attackers to cause a
        denial of service in the form of a kernel panic.
    
      - CVE-2008-3525
        Eugene Teo reported a lack of capability checks in the
        kernel driver for Granch SBNI12 leased line adapters
        (sbni), allowing local users to perform privileged
        operations.
    
      - CVE-2008-3833
        The S_ISUID/S_ISGID bits were not being cleared during
        an inode splice, which, under certain conditions, can be
        exploited by local users to obtain the privileges of a
        group for which they are not a member. Mark Fasheh
        reported this issue.
    
      - CVE-2008-4210
        David Watson reported an issue in the open()/creat()
        system calls which, under certain conditions, can be
        exploited by local users to obtain the privileges of a
        group for which they are not a member.
    
      - CVE-2008-4302
        A coding error in the splice subsystem allows local
        users to attempt to unlock a page structure that has not
        been locked, resulting in a system crash."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-6716"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3276"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3525"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3833"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-4210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-4302"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1653"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the linux-2.6, fai-kernels, and user-mode-linux packages.
    
    For the stable distribution (etch), this problem has been fixed in
    version 2.6.18.dfsg.1-22etch3."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"fai-kernels", reference:"1.17+etch.22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-doc-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-486", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-686-bigmem", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-alpha", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-arm", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-hppa", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-i386", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-ia64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-mips", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-mipsel", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-s390", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-sparc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-alpha-generic", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-alpha-legacy", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-alpha-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-footbridge", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-iop32x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-itanium", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-ixp4xx", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-k7", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-mckinley", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc64-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc-miboot", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-prep", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-qemu", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r3k-kn02", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r4k-ip22", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r4k-kn04", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r5k-cobalt", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r5k-ip32", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-rpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-s390", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-s390x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-s3c2410", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sb1-bcm91250a", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sb1a-bcm91480b", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sparc32", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sparc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sparc64-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-alpha", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-k7", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-powerpc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-s390x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-sparc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-vserver", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-486", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-686-bigmem", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-alpha-generic", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-alpha-legacy", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-alpha-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-footbridge", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-iop32x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-itanium", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-ixp4xx", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-k7", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-mckinley", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc64-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc-miboot", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-prep", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-qemu", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r3k-kn02", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r4k-ip22", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r4k-kn04", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r5k-cobalt", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r5k-ip32", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-rpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s390", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s390-tape", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s390x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s3c2410", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sb1-bcm91250a", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sb1a-bcm91480b", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sparc32", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sparc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sparc64-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-alpha", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-k7", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-powerpc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-s390x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-sparc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-manual-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-patch-debian-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-source-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-support-2.6.18-6", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-tree-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"user-mode-linux", reference:"2.6.18-1um-2etch.22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-5667.NASL
    descriptionThis kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and some security problems : - When creating a file, open()/creat() allowed the setgid bit to be set via the mode argument even when, due to the bsdgroups mount option or the file being created in a setgid directory, the new file
    last seen2020-06-01
    modified2020-06-02
    plugin id59132
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59132
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5667)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1655.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1514 Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. - CVE-2008-3525 Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations. - CVE-2008-3831 Olaf Kirch discovered an issue with the i915 driver that may allow local users to cause memory corruption by use of an ioctl with insufficient privilege restrictions. - CVE-2008-4113/ CVE-2008-4445 Eugene Teo discovered two issues in the SCTP subsystem which allow local users to obtain access to sensitive memory when the SCTP-AUTH extension is enabled.
    last seen2020-06-01
    modified2020-06-02
    plugin id34444
    published2008-10-20
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34444
    titleDebian DSA-1655-1 : linux-2.6.24 - denial of service/information leak/privilege escalation

Oval

accepted2013-04-29T04:20:13.372-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionarch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference.
familyunix
idoval:org.mitre.oval:def:9555
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlearch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference.
version26

Redhat

advisories
rhsa
idRHSA-2008:0972
rpms
  • kernel-0:2.6.9-78.0.8.EL
  • kernel-debuginfo-0:2.6.9-78.0.8.EL
  • kernel-devel-0:2.6.9-78.0.8.EL
  • kernel-doc-0:2.6.9-78.0.8.EL
  • kernel-hugemem-0:2.6.9-78.0.8.EL
  • kernel-hugemem-devel-0:2.6.9-78.0.8.EL
  • kernel-largesmp-0:2.6.9-78.0.8.EL
  • kernel-largesmp-devel-0:2.6.9-78.0.8.EL
  • kernel-smp-0:2.6.9-78.0.8.EL
  • kernel-smp-devel-0:2.6.9-78.0.8.EL
  • kernel-xenU-0:2.6.9-78.0.8.EL
  • kernel-xenU-devel-0:2.6.9-78.0.8.EL

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2008-1514 CNCVE ID:CNCVE-20081514 Linux是一款开放源代码的操作系统。 Linuxs390架构运行31位ptrace存在错误,本地攻击者可以利用漏洞使内核出现Panic,导致拒绝服务攻击。 目前没有详细漏洞细节提供。 Linux Kernel 2.6.x 升级到Linux kernel 2.6.27-rc6版本: <a href=http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc6 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc6</a>
idSSV:4059
last seen2017-11-19
modified2008-09-16
published2008-09-16
reporterRoot
titleLinux Kernel s390 ptrace本地拒绝服务漏洞

Statements

contributorTomas Hoger
lastmodified2009-05-19
organizationRed Hat
statementThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 5, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2008-0972.html