Vulnerabilities > CVE-2008-4302 - Improper Locking vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
debian
redhat
CWE-667
nessus
exploit available

Summary

fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.

Vulnerable Configurations

Part Description Count
OS
Linux
836
OS
Debian
1
OS
Redhat
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Race Conditions via Symbolic Links
    This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to her. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file she will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.

Exploit-Db

descriptionLinux Kernel 2.6.x 'add_to_page_cache_lru()' Local Denial of Service Vulnerability. CVE-2008-4302. Dos exploit for linux platform
idEDB-ID:32384
last seen2016-02-03
modified2007-07-20
published2007-07-20
reporterJens Axboe
sourcehttps://www.exploit-db.com/download/32384/
titleLinux Kernel 2.6.x - 'add_to_page_cache_lru' Local Denial of Service Vulnerability

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0957.NASL
    descriptionUpdated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 12th November 2008] The original packages distributed with this errata had a bug which prevented the Xen kernel booting on older hardware. We have updated the packages to correct this bug. The kernel packages contain the Linux kernel, the core of any Linux operating system. * the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service. (CVE-2007-5907, Important) * Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects (vDSO) implementation. This could allow a local unprivileged user to cause a denial of service or escalate privileges. (CVE-2008-3527, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833, Important) * a flaw was found in the Linux kernel splice implementation. This could cause a local denial of service when there is a certain failure in the add_to_page_cache_lru() function. (CVE-2008-4302, Important) * a flaw was found in the Linux kernel when running on AMD64 systems. During a context switch, EFLAGS were being neither saved nor restored. This could allow a local unprivileged user to cause a denial of service. (CVE-2006-5755, Low) * a flaw was found in the Linux kernel virtual memory implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2372, Low) * an integer overflow was discovered in the Linux kernel Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. By default, remote DCCP is blocked by SELinux. (CVE-2008-3276, Low) In addition, these updated packages fix the following bugs : * random32() seeding has been improved. * in a multi-core environment, a race between the QP async event-handler and the destro_qp() function could occur. This led to unpredictable results during invalid memory access, which could lead to a kernel crash. * a format string was omitted in the call to the request_module() function. * a stack overflow caused by an infinite recursion bug in the binfmt_misc kernel module was corrected. * the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for scatterlist usage before calling kmap_atomic(). * a sentinel NUL byte was added to the device_write() function to ensure that lspace.name is NUL-terminated. * in the character device driver, a range_is_allowed() check was added to the read_mem() and write_mem() functions. It was possible for an illegitimate application to bypass these checks, and access /dev/mem beyond the 1M limit by calling mmap_mem() instead. Also, the parameters of range_is_allowed() were changed to cleanly handle greater than 32-bits of physical address on 32-bit architectures. * some of the newer Nehalem-based systems declare their CPU DSDT entries as type
    last seen2020-06-01
    modified2020-06-02
    plugin id34690
    published2008-11-04
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34690
    titleRHEL 5 : kernel (RHSA-2008:0957)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0957. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34690);
      script_version ("1.29");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2006-5755", "CVE-2007-5907", "CVE-2008-2372", "CVE-2008-3276", "CVE-2008-3527", "CVE-2008-3833", "CVE-2008-4210", "CVE-2008-4302");
      script_bugtraq_id(31368);
      script_xref(name:"RHSA", value:"2008:0957");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2008:0957)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that resolve several security issues and fix
    various bugs are now available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    [Updated 12th November 2008] The original packages distributed with
    this errata had a bug which prevented the Xen kernel booting on older
    hardware. We have updated the packages to correct this bug.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * the Xen implementation did not prevent applications running in a
    para-virtualized guest from modifying CR4 TSC. This could cause a
    local denial of service. (CVE-2007-5907, Important)
    
    * Tavis Ormandy reported missing boundary checks in the Virtual
    Dynamic Shared Objects (vDSO) implementation. This could allow a local
    unprivileged user to cause a denial of service or escalate privileges.
    (CVE-2008-3527, Important)
    
    * the do_truncate() and generic_file_splice_write() functions did not
    clear the setuid and setgid bits. This could allow a local
    unprivileged user to obtain access to privileged information.
    (CVE-2008-4210, CVE-2008-3833, Important)
    
    * a flaw was found in the Linux kernel splice implementation. This
    could cause a local denial of service when there is a certain failure
    in the add_to_page_cache_lru() function. (CVE-2008-4302, Important)
    
    * a flaw was found in the Linux kernel when running on AMD64 systems.
    During a context switch, EFLAGS were being neither saved nor restored.
    This could allow a local unprivileged user to cause a denial of
    service. (CVE-2006-5755, Low)
    
    * a flaw was found in the Linux kernel virtual memory implementation.
    This could allow a local unprivileged user to cause a denial of
    service. (CVE-2008-2372, Low)
    
    * an integer overflow was discovered in the Linux kernel Datagram
    Congestion Control Protocol (DCCP) implementation. This could allow a
    remote attacker to cause a denial of service. By default, remote DCCP
    is blocked by SELinux. (CVE-2008-3276, Low)
    
    In addition, these updated packages fix the following bugs :
    
    * random32() seeding has been improved.
    
    * in a multi-core environment, a race between the QP async
    event-handler and the destro_qp() function could occur. This led to
    unpredictable results during invalid memory access, which could lead
    to a kernel crash.
    
    * a format string was omitted in the call to the request_module()
    function.
    
    * a stack overflow caused by an infinite recursion bug in the
    binfmt_misc kernel module was corrected.
    
    * the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check
    for scatterlist usage before calling kmap_atomic().
    
    * a sentinel NUL byte was added to the device_write() function to
    ensure that lspace.name is NUL-terminated.
    
    * in the character device driver, a range_is_allowed() check was added
    to the read_mem() and write_mem() functions. It was possible for an
    illegitimate application to bypass these checks, and access /dev/mem
    beyond the 1M limit by calling mmap_mem() instead. Also, the
    parameters of range_is_allowed() were changed to cleanly handle
    greater than 32-bits of physical address on 32-bit architectures.
    
    * some of the newer Nehalem-based systems declare their CPU DSDT
    entries as type 'Alias'. During boot, this caused an 'Error attaching
    device data' message to be logged.
    
    * the evtchn event channel device lacked locks and memory barriers.
    This has led to xenstore becoming unresponsive on the Itanium(r)
    architecture.
    
    * sending of gratuitous ARP packets in the Xen frontend network driver
    is now delayed until the backend signals that its carrier status has
    been processed by the stack.
    
    * on forcedeth devices, whenever setting ethtool parameters for link
    speed, the device could stop receiving interrupts.
    
    * the CIFS 'forcedirectio' option did not allow text to be appended to
    files.
    
    * the gettimeofday() function returned a backwards time on Intel(r) 64.
    
    * residual-count corrections during UNDERRUN handling were added to
    the qla2xxx driver.
    
    * the fix for a small quirk was removed for certain Adaptec
    controllers for which it caused problems.
    
    * the 'xm trigger init' command caused a domain panic if a userland
    application was running on a guest on the Intel(r) 64 architecture.
    
    Users of kernel should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-5755"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-2372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3276"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3833"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-4210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-4302"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0957"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(20, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2006-5755", "CVE-2007-5907", "CVE-2008-2372", "CVE-2008-3276", "CVE-2008-3527", "CVE-2008-3833", "CVE-2008-4210", "CVE-2008-4302");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2008:0957");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0957";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-92.1.18.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-92.1.18.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081104_KERNEL_ON_SL5_X.NASL
    description - the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service. (CVE-2007-5907, Important) - Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects (vDSO) implementation. This could allow a local unprivileged user to cause a denial of service or escalate privileges. (CVE-2008-3527, Important) - the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833, Important) - a flaw was found in the Linux kernel splice implementation. This could cause a local denial of service when there is a certain failure in the add_to_page_cache_lru() function. (CVE-2008-4302, Important) - a flaw was found in the Linux kernel when running on AMD64 systems. During a context switch, EFLAGS were being neither saved nor restored. This could allow a local unprivileged user to cause a denial of service. (CVE-2006-5755, Low) - a flaw was found in the Linux kernel virtual memory implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2372, Low) - an integer overflow was discovered in the Linux kernel Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. By default, remote DCCP is blocked by SELinux. (CVE-2008-3276, Low) In addition, these updated packages fix the following bugs : - random32() seeding has been improved. - in a multi-core environment, a race between the QP async event-handler and the destro_qp() function could occur. This led to unpredictable results during invalid memory access, which could lead to a kernel crash. - a format string was omitted in the call to the request_module() function. - a stack overflow caused by an infinite recursion bug in the binfmt_misc kernel module was corrected. - the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for scatterlist usage before calling kmap_atomic(). - a sentinel NUL byte was added to the device_write() function to ensure that lspace.name is NUL-terminated. - in the character device driver, a range_is_allowed() check was added to the read_mem() and write_mem() functions. It was possible for an illegitimate application to bypass these checks, and access /dev/mem beyond the 1M limit by calling mmap_mem() instead. Also, the parameters of range_is_allowed() were changed to cleanly handle greater than 32-bits of physical address on 32-bit architectures. - some of the newer Nehalem-based systems declare their CPU DSDT entries as type
    last seen2020-06-01
    modified2020-06-02
    plugin id60488
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60488
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60488);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2006-5755", "CVE-2007-5907", "CVE-2008-2372", "CVE-2008-3276", "CVE-2008-3527", "CVE-2008-3833", "CVE-2008-4210", "CVE-2008-4302");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - the Xen implementation did not prevent applications
        running in a para-virtualized guest from modifying CR4
        TSC. This could cause a local denial of service.
        (CVE-2007-5907, Important)
    
      - Tavis Ormandy reported missing boundary checks in the
        Virtual Dynamic Shared Objects (vDSO) implementation.
        This could allow a local unprivileged user to cause a
        denial of service or escalate privileges.
        (CVE-2008-3527, Important)
    
      - the do_truncate() and generic_file_splice_write()
        functions did not clear the setuid and setgid bits. This
        could allow a local unprivileged user to obtain access
        to privileged information. (CVE-2008-4210,
        CVE-2008-3833, Important)
    
      - a flaw was found in the Linux kernel splice
        implementation. This could cause a local denial of
        service when there is a certain failure in the
        add_to_page_cache_lru() function. (CVE-2008-4302,
        Important)
    
      - a flaw was found in the Linux kernel when running on
        AMD64 systems. During a context switch, EFLAGS were
        being neither saved nor restored. This could allow a
        local unprivileged user to cause a denial of service.
        (CVE-2006-5755, Low)
    
      - a flaw was found in the Linux kernel virtual memory
        implementation. This could allow a local unprivileged
        user to cause a denial of service. (CVE-2008-2372, Low)
    
      - an integer overflow was discovered in the Linux kernel
        Datagram Congestion Control Protocol (DCCP)
        implementation. This could allow a remote attacker to
        cause a denial of service. By default, remote DCCP is
        blocked by SELinux. (CVE-2008-3276, Low)
    
    In addition, these updated packages fix the following bugs :
    
      - random32() seeding has been improved.
    
      - in a multi-core environment, a race between the QP async
        event-handler and the destro_qp() function could occur.
        This led to unpredictable results during invalid memory
        access, which could lead to a kernel crash.
    
      - a format string was omitted in the call to the
        request_module() function.
    
      - a stack overflow caused by an infinite recursion bug in
        the binfmt_misc kernel module was corrected.
    
      - the ata_scsi_rbuf_get() and ata_scsi_rbuf_put()
        functions now check for scatterlist usage before calling
        kmap_atomic().
    
      - a sentinel NUL byte was added to the device_write()
        function to ensure that lspace.name is NUL-terminated.
    
      - in the character device driver, a range_is_allowed()
        check was added to the read_mem() and write_mem()
        functions. It was possible for an illegitimate
        application to bypass these checks, and access /dev/mem
        beyond the 1M limit by calling mmap_mem() instead. Also,
        the parameters of range_is_allowed() were changed to
        cleanly handle greater than 32-bits of physical address
        on 32-bit architectures.
    
      - some of the newer Nehalem-based systems declare their
        CPU DSDT entries as type 'Alias'. During boot, this
        caused an 'Error attaching device data' message to be
        logged.
    
      - the evtchn event channel device lacked locks and memory
        barriers. This has led to xenstore becoming unresponsive
        on the Itanium&reg; architecture.
    
      - sending of gratuitous ARP packets in the Xen frontend
        network driver is now delayed until the backend signals
        that its carrier status has been processed by the stack.
    
      - on forcedeth devices, whenever setting ethtool
        parameters for link speed, the device could stop
        receiving interrupts.
    
      - the CIFS 'forcedirectio' option did not allow text to be
        appended to files.
    
      - the gettimeofday() function returned a backwards time on
        Intel&reg; 64.
    
      - residual-count corrections during UNDERRUN handling were
        added to the qla2xxx driver.
    
      - the fix for a small quirk was removed for certain
        Adaptec controllers for which it caused problems.
    
      - the 'xm trigger init' command caused a domain panic if a
        userland application was running on a guest on the
        Intel&reg; 64 architecture."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0811&L=scientific-linux-errata&T=0&P=435
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fddd7885"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(20, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"kernel-2.6.18-92.1.17.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-92.1.17.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-92.1.17.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-92.1.17.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-92.1.17.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-92.1.17.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-92.1.17.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-92.1.17.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-92.1.17.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-92.1.17.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0957.NASL
    descriptionUpdated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 12th November 2008] The original packages distributed with this errata had a bug which prevented the Xen kernel booting on older hardware. We have updated the packages to correct this bug. The kernel packages contain the Linux kernel, the core of any Linux operating system. * the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service. (CVE-2007-5907, Important) * Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects (vDSO) implementation. This could allow a local unprivileged user to cause a denial of service or escalate privileges. (CVE-2008-3527, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833, Important) * a flaw was found in the Linux kernel splice implementation. This could cause a local denial of service when there is a certain failure in the add_to_page_cache_lru() function. (CVE-2008-4302, Important) * a flaw was found in the Linux kernel when running on AMD64 systems. During a context switch, EFLAGS were being neither saved nor restored. This could allow a local unprivileged user to cause a denial of service. (CVE-2006-5755, Low) * a flaw was found in the Linux kernel virtual memory implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2372, Low) * an integer overflow was discovered in the Linux kernel Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. By default, remote DCCP is blocked by SELinux. (CVE-2008-3276, Low) In addition, these updated packages fix the following bugs : * random32() seeding has been improved. * in a multi-core environment, a race between the QP async event-handler and the destro_qp() function could occur. This led to unpredictable results during invalid memory access, which could lead to a kernel crash. * a format string was omitted in the call to the request_module() function. * a stack overflow caused by an infinite recursion bug in the binfmt_misc kernel module was corrected. * the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for scatterlist usage before calling kmap_atomic(). * a sentinel NUL byte was added to the device_write() function to ensure that lspace.name is NUL-terminated. * in the character device driver, a range_is_allowed() check was added to the read_mem() and write_mem() functions. It was possible for an illegitimate application to bypass these checks, and access /dev/mem beyond the 1M limit by calling mmap_mem() instead. Also, the parameters of range_is_allowed() were changed to cleanly handle greater than 32-bits of physical address on 32-bit architectures. * some of the newer Nehalem-based systems declare their CPU DSDT entries as type
    last seen2020-06-01
    modified2020-06-02
    plugin id43713
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43713
    titleCentOS 5 : kernel (CESA-2008:0957)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0957 and 
    # CentOS Errata and Security Advisory 2008:0957 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43713);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2006-5755", "CVE-2007-5907", "CVE-2008-2372", "CVE-2008-3276", "CVE-2008-3527", "CVE-2008-3833", "CVE-2008-4210", "CVE-2008-4302");
      script_bugtraq_id(31368);
      script_xref(name:"RHSA", value:"2008:0957");
    
      script_name(english:"CentOS 5 : kernel (CESA-2008:0957)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that resolve several security issues and fix
    various bugs are now available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    [Updated 12th November 2008] The original packages distributed with
    this errata had a bug which prevented the Xen kernel booting on older
    hardware. We have updated the packages to correct this bug.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * the Xen implementation did not prevent applications running in a
    para-virtualized guest from modifying CR4 TSC. This could cause a
    local denial of service. (CVE-2007-5907, Important)
    
    * Tavis Ormandy reported missing boundary checks in the Virtual
    Dynamic Shared Objects (vDSO) implementation. This could allow a local
    unprivileged user to cause a denial of service or escalate privileges.
    (CVE-2008-3527, Important)
    
    * the do_truncate() and generic_file_splice_write() functions did not
    clear the setuid and setgid bits. This could allow a local
    unprivileged user to obtain access to privileged information.
    (CVE-2008-4210, CVE-2008-3833, Important)
    
    * a flaw was found in the Linux kernel splice implementation. This
    could cause a local denial of service when there is a certain failure
    in the add_to_page_cache_lru() function. (CVE-2008-4302, Important)
    
    * a flaw was found in the Linux kernel when running on AMD64 systems.
    During a context switch, EFLAGS were being neither saved nor restored.
    This could allow a local unprivileged user to cause a denial of
    service. (CVE-2006-5755, Low)
    
    * a flaw was found in the Linux kernel virtual memory implementation.
    This could allow a local unprivileged user to cause a denial of
    service. (CVE-2008-2372, Low)
    
    * an integer overflow was discovered in the Linux kernel Datagram
    Congestion Control Protocol (DCCP) implementation. This could allow a
    remote attacker to cause a denial of service. By default, remote DCCP
    is blocked by SELinux. (CVE-2008-3276, Low)
    
    In addition, these updated packages fix the following bugs :
    
    * random32() seeding has been improved.
    
    * in a multi-core environment, a race between the QP async
    event-handler and the destro_qp() function could occur. This led to
    unpredictable results during invalid memory access, which could lead
    to a kernel crash.
    
    * a format string was omitted in the call to the request_module()
    function.
    
    * a stack overflow caused by an infinite recursion bug in the
    binfmt_misc kernel module was corrected.
    
    * the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check
    for scatterlist usage before calling kmap_atomic().
    
    * a sentinel NUL byte was added to the device_write() function to
    ensure that lspace.name is NUL-terminated.
    
    * in the character device driver, a range_is_allowed() check was added
    to the read_mem() and write_mem() functions. It was possible for an
    illegitimate application to bypass these checks, and access /dev/mem
    beyond the 1M limit by calling mmap_mem() instead. Also, the
    parameters of range_is_allowed() were changed to cleanly handle
    greater than 32-bits of physical address on 32-bit architectures.
    
    * some of the newer Nehalem-based systems declare their CPU DSDT
    entries as type 'Alias'. During boot, this caused an 'Error attaching
    device data' message to be logged.
    
    * the evtchn event channel device lacked locks and memory barriers.
    This has led to xenstore becoming unresponsive on the Itanium(r)
    architecture.
    
    * sending of gratuitous ARP packets in the Xen frontend network driver
    is now delayed until the backend signals that its carrier status has
    been processed by the stack.
    
    * on forcedeth devices, whenever setting ethtool parameters for link
    speed, the device could stop receiving interrupts.
    
    * the CIFS 'forcedirectio' option did not allow text to be appended to
    files.
    
    * the gettimeofday() function returned a backwards time on Intel(r) 64.
    
    * residual-count corrections during UNDERRUN handling were added to
    the qla2xxx driver.
    
    * the fix for a small quirk was removed for certain Adaptec
    controllers for which it caused problems.
    
    * the 'xm trigger init' command caused a domain panic if a userland
    application was running on a guest on the Intel(r) 64 architecture.
    
    Users of kernel should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-November/015397.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?744cf616"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-November/015398.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b3f56c35"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(20, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-92.1.18.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-92.1.18.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-92.1.18.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-92.1.18.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-92.1.18.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-92.1.18.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-92.1.18.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-92.1.18.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-92.1.18.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-92.1.18.el5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1653.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-6716 Joe Jin reported a local denial of service vulnerability that allows system users to trigger an oops due to an improperly initialized data structure. - CVE-2008-1514 Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. - CVE-2008-3276 Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic. - CVE-2008-3525 Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations. - CVE-2008-3833 The S_ISUID/S_ISGID bits were not being cleared during an inode splice, which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. Mark Fasheh reported this issue. - CVE-2008-4210 David Watson reported an issue in the open()/creat() system calls which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. - CVE-2008-4302 A coding error in the splice subsystem allows local users to attempt to unlock a page structure that has not been locked, resulting in a system crash.
    last seen2020-06-01
    modified2020-06-02
    plugin id34392
    published2008-10-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34392
    titleDebian DSA-1653-1 : linux-2.6 - denial of service/privilege escalation
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1653. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34392);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2007-6716", "CVE-2008-1514", "CVE-2008-3276", "CVE-2008-3525", "CVE-2008-3833", "CVE-2008-4210", "CVE-2008-4302");
      script_bugtraq_id(31177, 31368, 31515);
      script_xref(name:"DSA", value:"1653");
    
      script_name(english:"Debian DSA-1653-1 : linux-2.6 - denial of service/privilege escalation");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service or privilege escalation. The Common
    Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2007-6716
        Joe Jin reported a local denial of service vulnerability
        that allows system users to trigger an oops due to an
        improperly initialized data structure.
    
      - CVE-2008-1514
        Jan Kratochvil reported a local denial of service
        vulnerability in the ptrace interface for the s390
        architecture. Local users can trigger an invalid pointer
        dereference, leading to a system panic.
    
      - CVE-2008-3276
        Eugene Teo reported an integer overflow in the DCCP
        subsystem that may allow remote attackers to cause a
        denial of service in the form of a kernel panic.
    
      - CVE-2008-3525
        Eugene Teo reported a lack of capability checks in the
        kernel driver for Granch SBNI12 leased line adapters
        (sbni), allowing local users to perform privileged
        operations.
    
      - CVE-2008-3833
        The S_ISUID/S_ISGID bits were not being cleared during
        an inode splice, which, under certain conditions, can be
        exploited by local users to obtain the privileges of a
        group for which they are not a member. Mark Fasheh
        reported this issue.
    
      - CVE-2008-4210
        David Watson reported an issue in the open()/creat()
        system calls which, under certain conditions, can be
        exploited by local users to obtain the privileges of a
        group for which they are not a member.
    
      - CVE-2008-4302
        A coding error in the splice subsystem allows local
        users to attempt to unlock a page structure that has not
        been locked, resulting in a system crash."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-6716"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3276"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3525"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3833"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-4210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-4302"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1653"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the linux-2.6, fai-kernels, and user-mode-linux packages.
    
    For the stable distribution (etch), this problem has been fixed in
    version 2.6.18.dfsg.1-22etch3."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"fai-kernels", reference:"1.17+etch.22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-doc-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-486", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-686-bigmem", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-alpha", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-arm", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-hppa", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-i386", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-ia64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-mips", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-mipsel", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-s390", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-all-sparc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-alpha-generic", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-alpha-legacy", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-alpha-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-footbridge", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-iop32x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-itanium", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-ixp4xx", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-k7", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-mckinley", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-parisc64-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc-miboot", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-powerpc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-prep", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-qemu", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r3k-kn02", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r4k-ip22", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r4k-kn04", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r5k-cobalt", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-r5k-ip32", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-rpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-s390", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-s390x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-s3c2410", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sb1-bcm91250a", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sb1a-bcm91480b", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sparc32", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sparc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-sparc64-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-alpha", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-k7", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-powerpc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-s390x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-vserver-sparc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-vserver", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-headers-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-486", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-686-bigmem", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-alpha-generic", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-alpha-legacy", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-alpha-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-footbridge", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-iop32x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-itanium", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-ixp4xx", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-k7", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-mckinley", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-parisc64-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc-miboot", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-powerpc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-prep", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-qemu", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r3k-kn02", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r4k-ip22", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r4k-kn04", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r5k-cobalt", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-r5k-ip32", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-rpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s390", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s390-tape", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s390x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-s3c2410", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sb1-bcm91250a", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sb1a-bcm91480b", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sparc32", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sparc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-sparc64-smp", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-alpha", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-k7", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-powerpc", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-powerpc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-s390x", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-vserver-sparc64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-image-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-manual-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-modules-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-patch-debian-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-source-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-support-2.6.18-6", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"linux-tree-2.6.18", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"user-mode-linux", reference:"2.6.18-1um-2etch.22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-vserver-686", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"xen-linux-system-2.6.18-6-xen-vserver-amd64", reference:"2.6.18.dfsg.1-22etch3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0957.NASL
    descriptionFrom Red Hat Security Advisory 2008:0957 : Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 12th November 2008] The original packages distributed with this errata had a bug which prevented the Xen kernel booting on older hardware. We have updated the packages to correct this bug. The kernel packages contain the Linux kernel, the core of any Linux operating system. * the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service. (CVE-2007-5907, Important) * Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects (vDSO) implementation. This could allow a local unprivileged user to cause a denial of service or escalate privileges. (CVE-2008-3527, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833, Important) * a flaw was found in the Linux kernel splice implementation. This could cause a local denial of service when there is a certain failure in the add_to_page_cache_lru() function. (CVE-2008-4302, Important) * a flaw was found in the Linux kernel when running on AMD64 systems. During a context switch, EFLAGS were being neither saved nor restored. This could allow a local unprivileged user to cause a denial of service. (CVE-2006-5755, Low) * a flaw was found in the Linux kernel virtual memory implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2372, Low) * an integer overflow was discovered in the Linux kernel Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. By default, remote DCCP is blocked by SELinux. (CVE-2008-3276, Low) In addition, these updated packages fix the following bugs : * random32() seeding has been improved. * in a multi-core environment, a race between the QP async event-handler and the destro_qp() function could occur. This led to unpredictable results during invalid memory access, which could lead to a kernel crash. * a format string was omitted in the call to the request_module() function. * a stack overflow caused by an infinite recursion bug in the binfmt_misc kernel module was corrected. * the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for scatterlist usage before calling kmap_atomic(). * a sentinel NUL byte was added to the device_write() function to ensure that lspace.name is NUL-terminated. * in the character device driver, a range_is_allowed() check was added to the read_mem() and write_mem() functions. It was possible for an illegitimate application to bypass these checks, and access /dev/mem beyond the 1M limit by calling mmap_mem() instead. Also, the parameters of range_is_allowed() were changed to cleanly handle greater than 32-bits of physical address on 32-bit architectures. * some of the newer Nehalem-based systems declare their CPU DSDT entries as type
    last seen2020-06-01
    modified2020-06-02
    plugin id67758
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67758
    titleOracle Linux 5 : kernel (ELSA-2008-0957)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0957 and 
    # Oracle Linux Security Advisory ELSA-2008-0957 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67758);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2006-5755", "CVE-2007-5907", "CVE-2008-2372", "CVE-2008-3276", "CVE-2008-3527", "CVE-2008-3833", "CVE-2008-4210", "CVE-2008-4302");
      script_bugtraq_id(31368);
      script_xref(name:"RHSA", value:"2008:0957");
    
      script_name(english:"Oracle Linux 5 : kernel (ELSA-2008-0957)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0957 :
    
    Updated kernel packages that resolve several security issues and fix
    various bugs are now available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    [Updated 12th November 2008] The original packages distributed with
    this errata had a bug which prevented the Xen kernel booting on older
    hardware. We have updated the packages to correct this bug.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * the Xen implementation did not prevent applications running in a
    para-virtualized guest from modifying CR4 TSC. This could cause a
    local denial of service. (CVE-2007-5907, Important)
    
    * Tavis Ormandy reported missing boundary checks in the Virtual
    Dynamic Shared Objects (vDSO) implementation. This could allow a local
    unprivileged user to cause a denial of service or escalate privileges.
    (CVE-2008-3527, Important)
    
    * the do_truncate() and generic_file_splice_write() functions did not
    clear the setuid and setgid bits. This could allow a local
    unprivileged user to obtain access to privileged information.
    (CVE-2008-4210, CVE-2008-3833, Important)
    
    * a flaw was found in the Linux kernel splice implementation. This
    could cause a local denial of service when there is a certain failure
    in the add_to_page_cache_lru() function. (CVE-2008-4302, Important)
    
    * a flaw was found in the Linux kernel when running on AMD64 systems.
    During a context switch, EFLAGS were being neither saved nor restored.
    This could allow a local unprivileged user to cause a denial of
    service. (CVE-2006-5755, Low)
    
    * a flaw was found in the Linux kernel virtual memory implementation.
    This could allow a local unprivileged user to cause a denial of
    service. (CVE-2008-2372, Low)
    
    * an integer overflow was discovered in the Linux kernel Datagram
    Congestion Control Protocol (DCCP) implementation. This could allow a
    remote attacker to cause a denial of service. By default, remote DCCP
    is blocked by SELinux. (CVE-2008-3276, Low)
    
    In addition, these updated packages fix the following bugs :
    
    * random32() seeding has been improved.
    
    * in a multi-core environment, a race between the QP async
    event-handler and the destro_qp() function could occur. This led to
    unpredictable results during invalid memory access, which could lead
    to a kernel crash.
    
    * a format string was omitted in the call to the request_module()
    function.
    
    * a stack overflow caused by an infinite recursion bug in the
    binfmt_misc kernel module was corrected.
    
    * the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check
    for scatterlist usage before calling kmap_atomic().
    
    * a sentinel NUL byte was added to the device_write() function to
    ensure that lspace.name is NUL-terminated.
    
    * in the character device driver, a range_is_allowed() check was added
    to the read_mem() and write_mem() functions. It was possible for an
    illegitimate application to bypass these checks, and access /dev/mem
    beyond the 1M limit by calling mmap_mem() instead. Also, the
    parameters of range_is_allowed() were changed to cleanly handle
    greater than 32-bits of physical address on 32-bit architectures.
    
    * some of the newer Nehalem-based systems declare their CPU DSDT
    entries as type 'Alias'. During boot, this caused an 'Error attaching
    device data' message to be logged.
    
    * the evtchn event channel device lacked locks and memory barriers.
    This has led to xenstore becoming unresponsive on the Itanium(r)
    architecture.
    
    * sending of gratuitous ARP packets in the Xen frontend network driver
    is now delayed until the backend signals that its carrier status has
    been processed by the stack.
    
    * on forcedeth devices, whenever setting ethtool parameters for link
    speed, the device could stop receiving interrupts.
    
    * the CIFS 'forcedirectio' option did not allow text to be appended to
    files.
    
    * the gettimeofday() function returned a backwards time on Intel(r) 64.
    
    * residual-count corrections during UNDERRUN handling were added to
    the qla2xxx driver.
    
    * the fix for a small quirk was removed for certain Adaptec
    controllers for which it caused problems.
    
    * the 'xm trigger init' command caused a domain panic if a userland
    application was running on a guest on the Intel(r) 64 architecture.
    
    Users of kernel should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-November/000785.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(20, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2006-5755", "CVE-2007-5907", "CVE-2008-2372", "CVE-2008-3276", "CVE-2008-3527", "CVE-2008-3833", "CVE-2008-4210", "CVE-2008-4302");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2008-0957");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-92.1.17.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-92.1.17.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-92.1.17.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-92.1.17.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-92.1.17.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-92.1.17.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-92.1.17.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-92.1.17.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-92.1.17.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-92.1.17.0.1.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-5751.NASL
    descriptionThis kernel update fixes various bugs and also several security issues : CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP AUTH availability. This might be exploited remotely for a denial of service (crash) attack. CVE-2008-3833: The generic_file_splice_write function in fs/splice.c in the Linux kernel does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory. CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. CVE-2008-3528: The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile. CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. CVE-2008-3525: Added missing capability checks in sbni_ioctl(). CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. CVE-2008-2931: The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. CVE-2008-2812: Various NULL ptr checks have been added to tty op functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited. CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.
    last seen2020-06-01
    modified2020-06-02
    plugin id34755
    published2008-11-12
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34755
    titleopenSUSE 10 Security Update : kernel (kernel-5751)

Oval

accepted2013-04-29T04:06:36.214-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionfs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
familyunix
idoval:org.mitre.oval:def:10547
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlefs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
version18

Redhat

advisories
bugzilla
id470040
titlekernel-xen doesn't boot on Dell Optiplex GX280
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • commentkernel earlier than 0:2.6.18-92.1.18.el5 is currently running
        ovaloval:com.redhat.rhsa:tst:20080957025
      • commentkernel earlier than 0:2.6.18-92.1.18.el5 is set to boot up on next boot
        ovaloval:com.redhat.rhsa:tst:20080957026
    • OR
      • AND
        • commentkernel-doc is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957001
        • commentkernel-doc is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314002
      • AND
        • commentkernel-debug is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957003
        • commentkernel-debug is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314014
      • AND
        • commentkernel-xen-devel is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957005
        • commentkernel-xen-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314020
      • AND
        • commentkernel is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957007
        • commentkernel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314008
      • AND
        • commentkernel-xen is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957009
        • commentkernel-xen is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314018
      • AND
        • commentkernel-debug-devel is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957011
        • commentkernel-debug-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314004
      • AND
        • commentkernel-headers is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957013
        • commentkernel-headers is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314006
      • AND
        • commentkernel-devel is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957015
        • commentkernel-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314016
      • AND
        • commentkernel-kdump is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957017
        • commentkernel-kdump is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314010
      • AND
        • commentkernel-kdump-devel is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957019
        • commentkernel-kdump-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314012
      • AND
        • commentkernel-PAE is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957021
        • commentkernel-PAE is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314024
      • AND
        • commentkernel-PAE-devel is earlier than 0:2.6.18-92.1.18.el5
          ovaloval:com.redhat.rhsa:tst:20080957023
        • commentkernel-PAE-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314022
rhsa
idRHSA-2008:0957
released2008-11-12
severityImportant
titleRHSA-2008:0957: kernel security and bug fix update (Important)
rpms
  • kernel-0:2.6.18-92.1.18.el5
  • kernel-PAE-0:2.6.18-92.1.18.el5
  • kernel-PAE-debuginfo-0:2.6.18-92.1.18.el5
  • kernel-PAE-devel-0:2.6.18-92.1.18.el5
  • kernel-debug-0:2.6.18-92.1.18.el5
  • kernel-debug-debuginfo-0:2.6.18-92.1.18.el5
  • kernel-debug-devel-0:2.6.18-92.1.18.el5
  • kernel-debuginfo-0:2.6.18-92.1.18.el5
  • kernel-debuginfo-common-0:2.6.18-92.1.18.el5
  • kernel-devel-0:2.6.18-92.1.18.el5
  • kernel-doc-0:2.6.18-92.1.18.el5
  • kernel-headers-0:2.6.18-92.1.18.el5
  • kernel-kdump-0:2.6.18-92.1.18.el5
  • kernel-kdump-debuginfo-0:2.6.18-92.1.18.el5
  • kernel-kdump-devel-0:2.6.18-92.1.18.el5
  • kernel-xen-0:2.6.18-92.1.18.el5
  • kernel-xen-debuginfo-0:2.6.18-92.1.18.el5
  • kernel-xen-devel-0:2.6.18-92.1.18.el5

Statements

contributorTomas Hoger
lastmodified2009-01-15
organizationRed Hat
statementThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html

References