Vulnerabilities > CVE-2008-3792 - Unspecified vulnerability in Linux Kernel 2.6.26.3

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
nessus

Summary

net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.

Vulnerable Configurations

Part Description Count
OS
Linux
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_KERNEL-081022.NASL
    descriptionThis patch updates the openSUSE 11.0 kernel to the 2.6.25.18 stable release. It also includes bugfixes and security fixes : CVE-2008-4410: The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state. sctp: Fix kernel panic while process protocol violation parameter. CVE-2008-3528: The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile. CVE-2008-3526: Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. CVE-2008-3525: Added missing capability checks in sbni_ioctl(). CVE-2008-4576: SCTP in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. CVE-2008-4445: The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function. CVE-2008-3792: net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.26.3 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks. CVE-2008-4113: The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function. CVE-2008-3911: The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.
    last seen2020-06-01
    modified2020-06-02
    plugin id40010
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40010
    titleopenSUSE Security Update : kernel (kernel-270)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update kernel-270.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40010);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-3525", "CVE-2008-3526", "CVE-2008-3528", "CVE-2008-3792", "CVE-2008-3911", "CVE-2008-4113", "CVE-2008-4410", "CVE-2008-4445", "CVE-2008-4576");
    
      script_name(english:"openSUSE Security Update : kernel (kernel-270)");
      script_summary(english:"Check for the kernel-270 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This patch updates the openSUSE 11.0 kernel to the 2.6.25.18 stable
    release.
    
    It also includes bugfixes and security fixes :
    
    CVE-2008-4410: The vmi_write_ldt_entry function in
    arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the
    Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry
    was intended, which allows local users to cause a denial of service
    (persistent application failure) via crafted function calls, related
    to the Java Runtime Environment (JRE) experiencing improper LDT
    selector state.
    
    sctp: Fix kernel panic while process protocol violation parameter.
    
    CVE-2008-3528: The ext[234] filesystem code fails to properly handle
    corrupted data structures. With a mounted filesystem image or
    partition that have corrupted dir->i_size and dir->i_blocks, a user
    performing either a read or write operation on the mounted image or
    partition can lead to a possible denial of service by spamming the
    logfile.
    
    CVE-2008-3526: Integer overflow in the sctp_setsockopt_auth_key
    function in net/sctp/socket.c in the Stream Control Transmission
    Protocol (sctp) implementation in the Linux kernel allows remote
    attackers to cause a denial of service (panic) or possibly have
    unspecified other impact via a crafted sca_keylength field associated
    with the SCTP_AUTH_KEY option.
    
    CVE-2008-3525: Added missing capability checks in sbni_ioctl().
    
    CVE-2008-4576: SCTP in Linux kernel before 2.6.25.18 allows remote
    attackers to cause a denial of service (OOPS) via an INIT-ACK that
    states the peer does not support AUTH, which causes the
    sctp_process_init function to clean up active transports and triggers
    the OOPS when the T1-Init timer expires.
    
    CVE-2008-4445: The sctp_auth_ep_set_hmacs function in net/sctp/auth.c
    in the Stream Control Transmission Protocol (sctp) implementation in
    the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is
    enabled, does not verify that the identifier index is within the
    bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users
    to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL
    request involving the sctp_getsockopt function.
    
    CVE-2008-3792: net/sctp/socket.c in the Stream Control Transmission
    Protocol (sctp) implementation in the Linux kernel 2.6.26.3 does not
    verify that the SCTP-AUTH extension is enabled before proceeding with
    SCTP-AUTH API functions, which allows attackers to cause a denial of
    service (panic) via vectors that result in calls to (1)
    sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3)
    sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5)
    sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7)
    sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or
    (9) sctp_getsockopt_local_auth_chunks.
    
    CVE-2008-4113: The sctp_getsockopt_hmac_ident function in
    net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
    implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH
    extension is enabled, relies on an untrusted length value to limit
    copying of data from kernel memory, which allows local users to obtain
    sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request
    involving the sctp_getsockopt function.
    
    CVE-2008-3911: The proc_do_xprt function in net/sunrpc/sysctl.c in the
    Linux kernel 2.6.26.3 does not check the length of a certain buffer
    obtained from userspace, which allows local users to overflow a
    stack-based buffer and have unspecified other impact via a crafted
    read system call for the /proc/sys/sunrpc/transports file."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=403346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=406656"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=409961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=415372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=417821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=419134"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=421321"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=427244"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=432488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=432490"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(20, 119, 189, 200, 264, 287);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-rt_debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/10/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"kernel-debug-2.6.25.18-0.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"kernel-default-2.6.25.18-0.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"kernel-pae-2.6.25.18-0.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"kernel-rt-2.6.25.18-0.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"kernel-rt_debug-2.6.25.18-0.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"kernel-source-2.6.25.18-0.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"kernel-syms-2.6.25.18-0.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"kernel-vanilla-2.6.25.18-0.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"kernel-xen-2.6.25.18-0.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-default / kernel-pae / kernel-rt / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-659-1.NASL
    descriptionIt was discovered that the direct-IO subsystem did not correctly validate certain structures. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2007-6716) It was discovered that the disabling of the ZERO_PAGE optimization could lead to large memory consumption. A local attacker could exploit this to allocate all available memory, leading to a denial of service. (CVE-2008-2372) It was discovered that the Datagram Congestion Control Protocol (DCCP) did not correctly validate its arguments. If DCCP was in use, a remote attacker could send specially crafted network traffic and cause a system crash, leading to a denial of service. (CVE-2008-3276) It was discovered that the SBNI WAN driver did not correctly check for the NET_ADMIN capability. A malicious local root user lacking CAP_NET_ADMIN would be able to change the WAN device configuration, leading to a denial of service. (CVE-2008-3525) It was discovered that the Stream Control Transmission Protocol (SCTP) did not correctly validate the key length in the SCTP_AUTH_KEY option. If SCTP is in use, a remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2008-3526) It was discovered that the tmpfs implementation did not correctly handle certain sequences of inode operations. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-3534) It was discovered that the readv/writev functions did not correctly handle certain sequences of file operations. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-3535) It was discovered that SCTP did not correctly validate its userspace arguments. A local attacker could call certain sctp_* functions with malicious options and cause a system crash, leading to a denial of service. (CVE-2008-3792, CVE-2008-4113, CVE-2008-4445) It was discovered the the i915 video driver did not correctly validate memory addresses. A local attacker could exploit this to remap memory that could cause a system crash, leading to a denial of service. (CVE-2008-3831) Johann Dahm and David Richter discovered that NFSv4 did not correctly handle certain file ACLs. If NFSv4 is in use, a local attacker could create a malicious ACL that could cause a system crash, leading to a denial of service. (CVE-2008-3915). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36681
    published2009-04-23
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36681
    titleUbuntu 6.06 LTS / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/22 vulnerabilities (USN-659-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-659-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36681);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2007-6716", "CVE-2008-2372", "CVE-2008-3276", "CVE-2008-3525", "CVE-2008-3526", "CVE-2008-3534", "CVE-2008-3535", "CVE-2008-3792", "CVE-2008-3831", "CVE-2008-3915", "CVE-2008-4113", "CVE-2008-4445");
      script_bugtraq_id(31515, 31792);
      script_xref(name:"USN", value:"659-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/22 vulnerabilities (USN-659-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the direct-IO subsystem did not correctly
    validate certain structures. A local attacker could exploit this to
    cause a system crash, leading to a denial of service. (CVE-2007-6716)
    
    It was discovered that the disabling of the ZERO_PAGE optimization
    could lead to large memory consumption. A local attacker could exploit
    this to allocate all available memory, leading to a denial of service.
    (CVE-2008-2372)
    
    It was discovered that the Datagram Congestion Control Protocol (DCCP)
    did not correctly validate its arguments. If DCCP was in use, a remote
    attacker could send specially crafted network traffic and cause a
    system crash, leading to a denial of service. (CVE-2008-3276)
    
    It was discovered that the SBNI WAN driver did not correctly check for
    the NET_ADMIN capability. A malicious local root user lacking
    CAP_NET_ADMIN would be able to change the WAN device configuration,
    leading to a denial of service. (CVE-2008-3525)
    
    It was discovered that the Stream Control Transmission Protocol (SCTP)
    did not correctly validate the key length in the SCTP_AUTH_KEY option.
    If SCTP is in use, a remote attacker could send specially crafted
    network traffic that would crash the system, leading to a denial of
    service. (CVE-2008-3526)
    
    It was discovered that the tmpfs implementation did not correctly
    handle certain sequences of inode operations. A local attacker could
    exploit this to crash the system, leading to a denial of service.
    (CVE-2008-3534)
    
    It was discovered that the readv/writev functions did not correctly
    handle certain sequences of file operations. A local attacker could
    exploit this to crash the system, leading to a denial of service.
    (CVE-2008-3535)
    
    It was discovered that SCTP did not correctly validate its userspace
    arguments. A local attacker could call certain sctp_* functions with
    malicious options and cause a system crash, leading to a denial of
    service. (CVE-2008-3792, CVE-2008-4113, CVE-2008-4445)
    
    It was discovered the the i915 video driver did not correctly validate
    memory addresses. A local attacker could exploit this to remap memory
    that could cause a system crash, leading to a denial of service.
    (CVE-2008-3831)
    
    Johann Dahm and David Richter discovered that NFSv4 did not correctly
    handle certain file ACLs. If NFSv4 is in use, a local attacker could
    create a malicious ACL that could cause a system crash, leading to a
    denial of service. (CVE-2008-3915).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/659-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 119, 189, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/10/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|7\.10|8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.10 / 8.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2007-6716", "CVE-2008-2372", "CVE-2008-3276", "CVE-2008-3525", "CVE-2008-3526", "CVE-2008-3534", "CVE-2008-3535", "CVE-2008-3792", "CVE-2008-3831", "CVE-2008-3915", "CVE-2008-4113", "CVE-2008-4445");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-659-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"linux-doc-2.6.15", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-52", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-52-386", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-52-686", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-52-amd64-generic", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-52-amd64-k8", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-52-amd64-server", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-52-amd64-xeon", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-52-server", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-52-386", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-52-686", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-52-amd64-generic", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-52-amd64-k8", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-52-amd64-server", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-52-amd64-xeon", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-52-server", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-kernel-devel", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"linux-source-2.6.15", pkgver:"2.6.15-52.73")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-doc-2.6.22", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-15", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-15-386", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-15-generic", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-15-rt", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-15-server", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-15-ume", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-15-virtual", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-headers-2.6.22-15-xen", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-386", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-cell", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-generic", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-lpia", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-lpiacompat", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-rt", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-server", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-ume", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-virtual", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-2.6.22-15-xen", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-debug-2.6.22-15-386", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-debug-2.6.22-15-generic", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-debug-2.6.22-15-server", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-image-debug-2.6.22-15-virtual", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-kernel-devel", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-libc-dev", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"linux-source-2.6.22", pkgver:"2.6.22-15.59")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-doc-2.6.24", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-21", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-21-386", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-21-generic", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-21-openvz", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-21-rt", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-21-server", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-21-virtual", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-21-xen", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-21-386", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-21-generic", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-21-lpia", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-21-lpiacompat", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-21-openvz", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-21-rt", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-21-server", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-21-virtual", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-21-xen", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-21-386", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-21-generic", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-21-server", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-21-virtual", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-kernel-devel", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-libc-dev", pkgver:"2.6.24-21.43")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"linux-source-2.6.24", pkgver:"2.6.24-21.43")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc-2.6.15 / linux-doc-2.6.22 / linux-doc-2.6.24 / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1636.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or leak sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3272 Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information. - CVE-2008-3275 Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service. - CVE-2008-3276 Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic. - CVE-2008-3526 Eugene Teo reported a missing bounds check in the SCTP subsystem. By exploiting an integer overflow in the SCTP_AUTH_KEY handling code, remote attackers may be able to cause a denial of service in the form of a kernel panic. - CVE-2008-3534 Kel Modderman reported an issue in the tmpfs filesystem that allows local users to crash a system by triggering a kernel BUG() assertion. - CVE-2008-3535 Alexey Dobriyan discovered an off-by-one-error in the iov_iter_advance function which can be exploited by local users to crash a system, resulting in a denial of service. - CVE-2008-3792 Vlad Yasevich reported several NULL pointer reference conditions in the SCTP subsystem that can be triggered by entering sctp-auth codepaths when the AUTH feature is inactive. This may allow attackers to cause a denial of service condition via a system panic. - CVE-2008-3915 Johann Dahm and David Richter reported an issue in the nfsd subsystem that may allow remote attackers to cause a denial of service via a buffer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id34171
    published2008-09-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34171
    titleDebian DSA-1636-1 : linux-2.6.24 - denial of service/information leak
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1636. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34171);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2008-3272", "CVE-2008-3275", "CVE-2008-3276", "CVE-2008-3526", "CVE-2008-3534", "CVE-2008-3535", "CVE-2008-3792", "CVE-2008-3915");
      script_xref(name:"DSA", value:"1636");
    
      script_name(english:"Debian DSA-1636-1 : linux-2.6.24 - denial of service/information leak");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service or leak sensitive data. The Common
    Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2008-3272
        Tobias Klein reported a locally exploitable data leak in
        the snd_seq_oss_synth_make_info() function. This may
        allow local users to gain access to sensitive
        information.
    
      - CVE-2008-3275
        Zoltan Sogor discovered a coding error in the VFS that
        allows local users to exploit a kernel memory leak
        resulting in a denial of service.
    
      - CVE-2008-3276
        Eugene Teo reported an integer overflow in the DCCP
        subsystem that may allow remote attackers to cause a
        denial of service in the form of a kernel panic.
    
      - CVE-2008-3526
        Eugene Teo reported a missing bounds check in the SCTP
        subsystem. By exploiting an integer overflow in the
        SCTP_AUTH_KEY handling code, remote attackers may be
        able to cause a denial of service in the form of a
        kernel panic.
    
      - CVE-2008-3534
        Kel Modderman reported an issue in the tmpfs filesystem
        that allows local users to crash a system by triggering
        a kernel BUG() assertion.
    
      - CVE-2008-3535
        Alexey Dobriyan discovered an off-by-one-error in the
        iov_iter_advance function which can be exploited by
        local users to crash a system, resulting in a denial of
        service.
    
      - CVE-2008-3792
        Vlad Yasevich reported several NULL pointer reference
        conditions in the SCTP subsystem that can be triggered
        by entering sctp-auth codepaths when the AUTH feature is
        inactive. This may allow attackers to cause a denial of
        service condition via a system panic.
    
      - CVE-2008-3915
        Johann Dahm and David Richter reported an issue in the
        nfsd subsystem that may allow remote attackers to cause
        a denial of service via a buffer overflow."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3276"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3526"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3535"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1636"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the linux-2.6.24 packages.
    
    For the stable distribution (etch), these problems have been fixed in
    version 2.6.24-6~etchnhalf.5."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6.24");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"linux-doc-2.6.24", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-486", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-4kc-malta", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-5kc-malta", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-686", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-686-bigmem", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-alpha", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-amd64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-arm", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-hppa", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-i386", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-ia64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-mips", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-mipsel", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-powerpc", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-s390", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-all-sparc", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-alpha-generic", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-alpha-legacy", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-alpha-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-amd64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-common", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-footbridge", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-iop32x", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-itanium", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-ixp4xx", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-mckinley", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-parisc", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-parisc-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-parisc64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-parisc64-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-powerpc", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-powerpc-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-powerpc64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-r4k-ip22", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-r5k-ip32", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-s390", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-s390x", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-sparc64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.24-etchnhalf.1-sparc64-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-486", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-4kc-malta", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-5kc-malta", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-686", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-686-bigmem", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-alpha-generic", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-alpha-legacy", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-alpha-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-amd64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-footbridge", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-iop32x", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-itanium", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-ixp4xx", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-mckinley", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-parisc", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-parisc-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-parisc64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-parisc64-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-powerpc", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-powerpc-miboot", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-powerpc-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-powerpc64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-r4k-ip22", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-r5k-cobalt", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-r5k-ip32", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-s390", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-s390-tape", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-s390x", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-sparc64", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.24-etchnhalf.1-sparc64-smp", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-manual-2.6.24", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-patch-debian-2.6.24", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-source-2.6.24", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-support-2.6.24-etchnhalf.1", reference:"2.6.24-6~etchnhalf.5")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-tree-2.6.24", reference:"2.6.24-6~etchnhalf.5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Redhat

advisories
rhsa
idRHSA-2008:0857
rpms
  • kernel-rt-0:2.6.24.7-81.el5rt
  • kernel-rt-debug-0:2.6.24.7-81.el5rt
  • kernel-rt-debug-debuginfo-0:2.6.24.7-81.el5rt
  • kernel-rt-debug-devel-0:2.6.24.7-81.el5rt
  • kernel-rt-debuginfo-0:2.6.24.7-81.el5rt
  • kernel-rt-debuginfo-common-0:2.6.24.7-81.el5rt
  • kernel-rt-devel-0:2.6.24.7-81.el5rt
  • kernel-rt-doc-0:2.6.24.7-81.el5rt
  • kernel-rt-trace-0:2.6.24.7-81.el5rt
  • kernel-rt-trace-debuginfo-0:2.6.24.7-81.el5rt
  • kernel-rt-trace-devel-0:2.6.24.7-81.el5rt
  • kernel-rt-vanilla-0:2.6.24.7-81.el5rt
  • kernel-rt-vanilla-debuginfo-0:2.6.24.7-81.el5rt
  • kernel-rt-vanilla-devel-0:2.6.24.7-81.el5rt

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 31121 CVE ID:CVE-2008-3792 CNCVE ID:CNCVE-20083792 Linux是一款开放源代码的操作系统。 Linux内核'SCTP'模块存在多个安全问题,本地攻击者可以利用漏洞获得敏感信息或使内核崩溃。 问题代码如下: file: net/sctp/socket.c [...] SCTP_STATIC int sctp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { int retval = 0; int len; [...] if (get_user(len, optlen)) &lt;-- [1] return -EFAULT; [...] case SCTP_HMAC_IDENT: retval = sctp_getsockopt_hmac_ident(sk, len, optval, optlen); &lt;-- [2] break; [...] [1] 用户可控的&quot;optlen&quot;值拷贝到&quot;len&quot; [2] &quot;len&quot;用于&quot;sctp_getsockopt_hmac_ident()&quot;的参数 {...] static int sctp_getsockopt_hmac_ident(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_hmac_algo_param *hmacs; __u16 param_len; hmacs = sctp_sk(sk)-&gt;ep-&gt;auth_hmacs_list; &lt;-- [3] param_len = ntohs(hmacs-&gt;param_hdr.length); &lt;-- [4] if (len &lt; param_len) &lt;-- [5] return -EINVAL; if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, hmacs-&gt;hmac_ids, len)) &lt;-- [6] return -EFAULT; return 0; } [...] 如果SCTP验证关闭(net.sctp.auth_enable=0): [3] &quot;hmacs&quot;变成NULL [4] &quot;hmacs-&gt;param_hdr.length&quot; 导致NULL指针引用 如果SCTP验证启用(net.sctp.auth_enable=1): [3] &quot;hmacs&quot;获得合法值 [4] &quot;param_len&quot;获得合法值 [5] 因为&quot;len&quot;可控,长度检查很容易绕过 [6] &quot;len&quot;是用户控制的值,因此可能控制拷贝返回给用户的字节数 由于&quot;len&quot;没有充分校验,可导致非特权用户读取内存任意数据信息。 Linux kernel 2.6.26 3 Linux kernel 2.6.26 -rc6 Linux kernel 2.6.25 .9 Linux kernel 2.6.25 .8 Linux kernel 2.6.25 .7 Linux kernel 2.6.25 .6 Linux kernel 2.6.25 .5 Linux kernel 2.6.25 .15 Linux kernel 2.6.25 .13 Linux kernel 2.6.25 .12 Linux kernel 2.6.25 .11 Linux kernel 2.6.25 .10 Linux kernel 2.6.25 Linux kernel 2.6.25 Linux kernel 2.6.24 .2 Linux kernel 2.6.24 .1 Linux kernel 2.6.24 -rc5 Linux kernel 2.6.24 -rc4 Linux kernel 2.6.24 -rc3 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .3 Linux kernel 2.6.23 .2 Linux kernel 2.6.23 -rc2 Linux kernel 2.6.23 -rc1 Linux kernel 2.6.23 Linux kernel 2.6.22 7 Linux kernel 2.6.22 1 Linux kernel 2.6.22 .8 Linux kernel 2.6.22 .6 Linux kernel 2.6.22 .5 Linux kernel 2.6.22 .4 Linux kernel 2.6.22 .3 Linux kernel 2.6.22 .17 Linux kernel 2.6.22 .16 Linux kernel 2.6.22 .15 Linux kernel 2.6.22 .14 Linux kernel 2.6.22 .13 Linux kernel 2.6.22 .12 Linux kernel 2.6.22 .11 Linux kernel 2.6.22 Linux kernel 2.6.22 Linux kernel 2.6.21 4 Linux kernel 2.6.21 .7 Linux kernel 2.6.21 .6 Linux kernel 2.6.21 .2 Linux kernel 2.6.21 .1 Linux kernel 2.6.21 Linux kernel 2.6.21 Linux kernel 2.6.21 Linux kernel 2.6.20 .9 Linux kernel 2.6.20 .8 Linux kernel 2.6.20 .5 Linux kernel 2.6.20 .4 Linux kernel 2.6.20 .15 Linux kernel 2.6.20 Linux kernel 2.6.20 Linux kernel 2.6.19 1 Linux kernel 2.6.19 .2 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 -rc4 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.19 -rc3 Linux kernel 2.6.19 -rc2 Linux kernel 2.6.19 -rc1 Linux kernel 2.6.19 Linux kernel 2.6.18 .4 Linux kernel 2.6.18 .3 Linux kernel 2.6.18 .1 Linux kernel 2.6.18 Linux kernel 2.6.17 .8 Linux kernel 2.6.17 .7 Linux kernel 2.6.17 .6 Linux kernel 2.6.17 .5 Linux kernel 2.6.17 .3 Linux kernel 2.6.17 .2 Linux kernel 2.6.17 .14 Linux kernel 2.6.17 .13 Linux kernel 2.6.17 .12 Linux kernel 2.6.17 .11 Linux kernel 2.6.17 .10 Linux kernel 2.6.17 .1 Linux kernel 2.6.17 -rc5 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.16 27 Linux kernel 2.6.16 13 Linux kernel 2.6.16 .9 Linux kernel 2.6.16 .7 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.16 .23 Linux kernel 2.6.16 .19 Linux kernel 2.6.16 .12 Linux kernel 2.6.16 .11 Linux kernel 2.6.16 .1 Linux kernel 2.6.16 -rc1 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.15 .4 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .2 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 -rc3 Linux kernel 2.6.15 -rc2 Linux kernel 2.6.15 -rc1 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.15 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.14 .5 Linux kernel 2.6.14 .4 Linux kernel 2.6.14 .3 Linux kernel 2.6.14 .2 Linux kernel 2.6.14 .1 Linux kernel 2.6.14 -rc4 Linux kernel 2.6.14 -rc3 Linux kernel 2.6.14 -rc2 Linux kernel 2.6.14 -rc1 Linux kernel 2.6.14 Linux kernel 2.6.14 Linux kernel 2.6.13 .4 Linux kernel 2.6.13 .3 Linux kernel 2.6.13 .2 Linux kernel 2.6.13 .1 Linux kernel 2.6.13 -rc7 Linux kernel 2.6.13 -rc6 Linux kernel 2.6.13 -rc4 Linux kernel 2.6.13 -rc1 Linux kernel 2.6.13 Linux kernel 2.6.13 Linux kernel 2.6.12 .6 Linux kernel 2.6.12 .5 Linux kernel 2.6.12 .4 Linux kernel 2.6.12 .3 Linux kernel 2.6.12 .22 Linux kernel 2.6.12 .2 Linux kernel 2.6.12 .12 Linux kernel 2.6.12 .1 Linux kernel 2.6.12 -rc5 Linux kernel 2.6.12 -rc4 Linux kernel 2.6.12 -rc1 Linux kernel 2.6.12 Linux kernel 2.6.12 Linux kernel 2.6.11 .8 Linux kernel 2.6.11 .7 Linux kernel 2.6.11 .6 Linux kernel 2.6.11 .5 Linux kernel 2.6.11 .4 Linux kernel 2.6.11 .12 Linux kernel 2.6.11 .11 Linux kernel 2.6.11 -rc4 Linux kernel 2.6.11 -rc3 Linux kernel 2.6.11 -rc2 Linux kernel 2.6.11 Linux kernel 2.6.11 Linux kernel 2.6.10 rc2 Linux kernel 2.6.10 + RedHat Fedora Core3 + RedHat Fedora Core2 + Trustix Secure Linux 3.0 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 Linux kernel 2.6.10 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.2 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6.1 Linux kernel 2.6 .10 Linux kernel 2.6.26.1 Linux kernel 2.6.26-rc5-git1 Linux kernel 2.6.25.4 Linux kernel 2.6.25.3 Linux kernel 2.6.25.2 Linux kernel 2.6.25.1 Linux kernel 2.6.24.6 Linux kernel 2.6.24-rc2 Linux kernel 2.6.24-rc1 Linux kernel 2.6.23.14 Linux kernel 2.6.23.10 Linux kernel 2.6.23.1 Linux kernel 2.6.23.09 Linux kernel 2.6.22-rc7 Linux kernel 2.6.22-rc1 Linux kernel 2.6.21-RC6 Linux kernel 2.6.21-RC5 Linux kernel 2.6.21-RC4 Linux kernel 2.6.21-RC3 Linux kernel 2.6.21-RC3 Linux kernel 2.6.20.3 Linux kernel 2.6.20.2 Linux kernel 2.6.20.13 Linux kernel 2.6.20.11 Linux kernel 2.6.20.1 Linux kernel 2.6.20-rc2 Linux kernel 2.6.20-2 Linux kernel 2.6.18-8.1.8.el5 Linux kernel 2.6.18-53 Linux kernel 2.6.18 Linux kernel 2.6.15.5 Linux kernel 2.6.15.11 Linux kernel 2.6.15-27.48 Linux kernel 2.6.11.4 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 可参考如下补丁: Debian Linux 4.0 amd64 Debian linux-doc-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc- target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-</a> 2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.5_amd64.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.5_amd64.deb Debian linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_amd64.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_amd64.deb Debian linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_amd64.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_amd64.deb Debian linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_amd64.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_amd64.deb Debian linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_amd64.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_amd64.deb Debian linux-manual-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu</a> al-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc</a> h-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-source-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour</a> ce-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp</a> ort-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb Debian linux-tree-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree</a> -2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian Linux 4.0 ia-32 Debian linux-doc-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc- target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-</a> 2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.5_i386.deb Debian linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.5_i386.deb Debian linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.5_i386.deb Debian linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.5_i386.deb Debian linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_i386.deb Debian linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_i386.deb Debian linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_i386.deb Debian linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.5_i386.deb Debian linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.5_i386.deb Debian linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.5_i386.deb Debian linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_i386.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_i386.deb Debian linux-manual-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu</a> al-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc</a> h-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-source-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour</a> ce-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp</a> ort-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb Debian linux-tree-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree</a> -2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian Linux 4.0 mips Debian linux-doc-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc- target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-</a> 2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.5_mips.deb Debian linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.5_mips.deb Debian linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.5_mips.deb Debian linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_mips.deb Debian linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_mips.deb Debian linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.5_mips.deb Debian linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.5_mips.deb Debian linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.5_mips.deb Debian linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.5_mips.deb Debian linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.5_mips.deb Debian linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.5_mips.deb Debian linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.5_mips.deb Debian linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.5_mips.deb Debian linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.5_mips.deb Debian linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.5_mips.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.5_mips.deb Debian linux-manual-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu</a> al-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc</a> h-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-source-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour</a> ce-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp</a> ort-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb Debian linux-tree-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree</a> -2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian Linux 4.0 arm Debian linux-doc-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc- target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-</a> 2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.5_arm.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.5_arm.deb Debian linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_arm.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_arm.deb Debian linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_arm.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_arm.deb Debian linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.5_arm.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.5_arm.deb Debian linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.5_arm.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.5_arm.deb Debian linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.5_arm.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.5_arm.deb Debian linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.5_arm.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.5_arm.deb Debian linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.5_arm.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.5_arm.deb Debian linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.5_arm.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.5_arm.deb Debian linux-manual-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu</a> al-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc</a> h-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-source-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour</a> ce-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp</a> ort-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb Debian linux-tree-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree</a> -2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian Linux 4.0 powerpc Debian linux-doc-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc- target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-</a> 2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-head</a> ers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.5_powerpc.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-imag</a> e-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.5_powerpc.deb Debian linux-manual-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu</a> al-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc</a> h-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-source-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour</a> ce-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp</a> ort-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb Debian linux-tree-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree</a> -2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian Linux 4.0 m68k Debian linux-doc-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc- target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-</a> 2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-manual-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manu</a> al-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patc</a> h-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-source-2.6.24_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-sour</a> ce-2.6.24_2.6.24-6~etchnhalf.5_all.deb Debian linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb <a href=http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp target=_blank>http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-supp</a> ort-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb Debian linux-tree-2.6
idSSV:4048
last seen2017-11-19
modified2008-09-14
published2008-09-14
reporterRoot
titleLinux Kernel 'SCTP'模块存在漏洞

Statements

contributorTomas Hoger
lastmodified2009-01-15
organizationRed Hat
statementThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html