Vulnerabilities > CVE-2009-0745 - Improper Input Validation vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0039.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 79507 published 2014-11-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79507 title OracleVM 2.2 : kernel (OVMSA-2013-0039) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2013-0039. # include("compat.inc"); if (description) { script_id(79507); script_version("1.25"); script_cvs_date("Date: 2020/02/13"); script_cve_id("CVE-2006-6304", "CVE-2007-4567", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2908", "CVE-2009-3080", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3726", "CVE-2009-4020", "CVE-2009-4021", "CVE-2009-4067", "CVE-2009-4138", "CVE-2009-4141", "CVE-2009-4307", "CVE-2009-4308", "CVE-2009-4536", "CVE-2009-4537", "CVE-2009-4538", "CVE-2010-0007", "CVE-2010-0415", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0727", "CVE-2010-1083", "CVE-2010-1084", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1173", "CVE-2010-1188", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2226", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2798", "CVE-2010-2942", "CVE-2010-2963", "CVE-2010-3067", "CVE-2010-3078", "CVE-2010-3086", "CVE-2010-3296", "CVE-2010-3432", "CVE-2010-3442", "CVE-2010-3477", "CVE-2010-3858", "CVE-2010-3859", "CVE-2010-3876", "CVE-2010-3877", "CVE-2010-4073", "CVE-2010-4080", "CVE-2010-4081", "CVE-2010-4083", "CVE-2010-4157", "CVE-2010-4158", "CVE-2010-4242", "CVE-2010-4248", "CVE-2010-4249", "CVE-2010-4258", "CVE-2010-4346", "CVE-2010-4649", "CVE-2010-4655", "CVE-2011-0521", "CVE-2011-0726", "CVE-2011-1010", "CVE-2011-1020", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1083", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1162", "CVE-2011-1163", "CVE-2011-1182", "CVE-2011-1573", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2525", "CVE-2011-3191", "CVE-2011-3637", "CVE-2011-3638", "CVE-2011-4077", "CVE-2011-4086", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4324", "CVE-2011-4330", "CVE-2011-4348", "CVE-2012-1583", "CVE-2012-2136"); script_bugtraq_id(35281, 35647, 35850, 35851, 35930, 36038, 36472, 36639, 36723, 36824, 36827, 36901, 36936, 37068, 37069, 37339, 37519, 37521, 37523, 37762, 37806, 38144, 38165, 38185, 38479, 38898, 39016, 39042, 39044, 39101, 39569, 39715, 39719, 39794, 40356, 40920, 42124, 42242, 42249, 42505, 42529, 43022, 43221, 43353, 43480, 43787, 43809, 44242, 44301, 44354, 44630, 44648, 44754, 44758, 45014, 45028, 45037, 45058, 45063, 45073, 45159, 45323, 45972, 45986, 46073, 46488, 46492, 46567, 46616, 46630, 46766, 46793, 46866, 46878, 47003, 47308, 47321, 47343, 47381, 47534, 47535, 47791, 47796, 47843, 48236, 48333, 48383, 48641, 48687, 49108, 49141, 49295, 49373, 50322, 50370, 50750, 50755, 50764, 50798, 51176, 51361, 51363, 51945, 53139, 53721); script_name(english:"OracleVM 2.2 : kernel (OVMSA-2013-0039)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2013-May/000153.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/14"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); flag = 0; if (rpm_check(release:"OVS2.2", reference:"kernel-2.6.18-128.2.1.5.10.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"kernel-PAE-2.6.18-128.2.1.5.10.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"kernel-PAE-devel-2.6.18-128.2.1.5.10.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"kernel-devel-2.6.18-128.2.1.5.10.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"kernel-ovs-2.6.18-128.2.1.5.10.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"kernel-ovs-devel-2.6.18-128.2.1.5.10.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / kernel-ovs / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1749.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. - CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. - CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. - CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). - CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry. - CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. - CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. - CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. - CVE-2009-0746 Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem. - CVE-2009-0747 David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. - CVE-2009-0748 David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. last seen 2020-06-01 modified 2020-06-02 plugin id 35987 published 2009-03-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35987 title Debian DSA-1749-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1749. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(35987); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748"); script_bugtraq_id(33113, 33846); script_xref(name:"DSA", value:"1749"); script_name(english:"Debian DSA-1749-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. - CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. - CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users. - CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). - CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry. - CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. - CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. - CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. - CVE-2009-0746 Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem. - CVE-2009-0747 David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem. - CVE-2009-0748 David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0029" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0031" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0065" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0269" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0322" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0676" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0675" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0745" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0746" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0747" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0748" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1749" ); script_set_attribute( attribute:"solution", value: "Upgrade the linux-2.6 packages. For the oldstable distribution (etch), these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24. For the stable distribution (lenny), these problems have been fixed in version 2.6.26-13lenny2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 119, 189, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"linux-doc-2.6.26", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-486", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-4kc-malta", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-5kc-malta", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-686-bigmem", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-alpha", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-arm", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-armel", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-hppa", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-i386", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-ia64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-mips", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-mipsel", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-powerpc", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-s390", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-all-sparc", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-alpha-generic", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-alpha-legacy", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-alpha-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-common", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-common-openvz", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-common-vserver", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-common-xen", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-footbridge", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-iop32x", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-itanium", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-ixp4xx", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-mckinley", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-openvz-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-openvz-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-orion5x", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-parisc", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-parisc-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-parisc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-parisc64-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-powerpc", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-powerpc-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-powerpc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-r4k-ip22", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-r5k-cobalt", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-r5k-ip32", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-s390", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-s390x", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-sb1-bcm91250a", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-sb1a-bcm91480b", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-sparc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-sparc64-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-versatile", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-vserver-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-vserver-686-bigmem", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-vserver-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-vserver-itanium", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-vserver-mckinley", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-vserver-powerpc", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-vserver-powerpc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-vserver-s390x", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-vserver-sparc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-xen-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-headers-2.6.26-1-xen-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-486", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-4kc-malta", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-5kc-malta", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-686-bigmem", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-alpha-generic", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-alpha-legacy", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-alpha-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-footbridge", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-iop32x", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-itanium", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-ixp4xx", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-mckinley", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-openvz-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-openvz-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-orion5x", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-parisc", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-parisc-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-parisc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-parisc64-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-powerpc", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-powerpc-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-powerpc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-r4k-ip22", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-r5k-cobalt", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-r5k-ip32", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-s390", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-s390-tape", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-s390x", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-sb1-bcm91250a", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-sb1a-bcm91480b", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-sparc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-sparc64-smp", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-versatile", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-vserver-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-vserver-686-bigmem", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-vserver-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-vserver-itanium", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-vserver-mckinley", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-vserver-powerpc", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-vserver-powerpc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-vserver-s390x", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-vserver-sparc64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-xen-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-image-2.6.26-1-xen-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-libc-dev", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-manual-2.6.26", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-modules-2.6.26-1-xen-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-modules-2.6.26-1-xen-amd64", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-patch-debian-2.6.26", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-source-2.6.26", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-support-2.6.26-1", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"linux-tree-2.6.26", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"xen-linux-system-2.6.26-1-xen-686", reference:"2.6.26-13lenny2")) flag++; if (deb_check(release:"5.0", prefix:"xen-linux-system-2.6.26-1-xen-amd64", reference:"2.6.26-13lenny2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1243.NASL description Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) * a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially crafted ext4 file system. (CVE-2009-0745, Low) * multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 43779 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43779 title CentOS 5 : kernel (CESA-2009:1243) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1243 and # CentOS Errata and Security Advisory 2009:1243 respectively. # include("compat.inc"); if (description) { script_id(43779); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:05"); script_cve_id("CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-2847", "CVE-2009-2848"); script_bugtraq_id(35930); script_xref(name:"RHSA", value:"2009:1243"); script_name(english:"CentOS 5 : kernel (CESA-2009:1243)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) * a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially crafted ext4 file system. (CVE-2009-0745, Low) * multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2009-September/016137.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?faf11e01" ); # https://lists.centos.org/pipermail/centos-announce/2009-September/016138.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fe5f2e6c" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(20, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/27"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-164.el5")) flag++; if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-164.el5")) flag++; if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-164.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-164.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-164.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-164.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-164.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1243.NASL description Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) * a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially crafted ext4 file system. (CVE-2009-0745, Low) * multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 40835 published 2009-09-02 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40835 title RHEL 5 : kernel (RHSA-2009:1243) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1243. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(40835); script_version ("1.32"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-2847", "CVE-2009-2848"); script_bugtraq_id(35930); script_xref(name:"RHSA", value:"2009:1243"); script_name(english:"RHEL 5 : kernel (RHSA-2009:1243)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) * a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially crafted ext4 file system. (CVE-2009-0745, Low) * multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0745" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0746" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0747" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0748" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-2847" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-2848" ); # http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/documentation/en-us/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:1243" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(20, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/27"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-2847", "CVE-2009-2848"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2009:1243"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:1243"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-164.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-164.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc"); } }NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0016.NASL description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 42870 published 2009-11-23 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42870 title VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. NASL family Misc. NASL id VMWARE_VMSA-2009-0016_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start last seen 2020-06-01 modified 2020-06-02 plugin id 89117 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89117 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-751-1.NASL description NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307) Sparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-6107) In certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. (CVE-2009-0028) The kernel keyring did not free memory correctly. A local attacker could consume unlimited kernel memory, leading to a denial of service. (CVE-2009-0031) The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065) The eCryptfs filesystem did not correctly handle certain VFS return codes. A local attacker with write-access to an eCryptfs filesystem could cause a system crash, leading to a denial of service. (CVE-2009-0269) The Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. (CVE-2009-0322) The page fault handler could consume stack memory. A local attacker could exploit this to crash the system or gain root privileges with a Kprobe registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605) Network interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. (CVE-2009-0675) The getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. (CVE-2009-0676) The ext4 filesystem did not correctly clear group descriptors when resizing. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2009-0745) The ext4 filesystem did not correctly validate certain fields. A local attacker could mount a malicious ext4 filesystem, causing a system crash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748) The syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835) The shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859) The virtual consoles did not correctly handle certain UTF-8 sequences. A local attacker on the physical console could exploit this to cause a system crash, leading to a denial of service. (CVE-2009-1046). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37337 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37337 title Ubuntu 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.22 vulnerabilities (USN-751-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1787.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG() due to a race condition in the do_setlk function. - CVE-2008-5079 Hugo Dias reported a DoS condition in the ATM subsystem that can be triggered by a local user by calling the svc_listen function twice on the same socket and reading /proc/net/atm/*vc. - CVE-2008-5395 Helge Deller discovered a denial of service condition that allows local users on PA-RISC systems to crash a system by attempting to unwind a stack containing userspace addresses. - CVE-2008-5700 Alan Cox discovered a lack of minimum timeouts on SG_IO requests, which allows local users of systems using ATA to cause a denial of service by forcing drives into PIO mode. - CVE-2008-5701 Vlad Malov reported an issue on 64-bit MIPS systems where a local user could cause a system crash by crafing a malicious binary which makes o32 syscalls with a number less than 4000. - CVE-2008-5702 Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call. - CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. - CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. - CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. - CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution. - CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). - CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry. - CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. - CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. - CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. - CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. - CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. - CVE-2009-1046 Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters. - CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem that may allow local users to read sensitive kernel memory due to a leak of uninitialized memory. - CVE-2009-1242 Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops. - CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialized kernel memory that may contain sensitive data. - CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. - CVE-2009-1338 Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach processes outside of the current process namespace. - CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount. last seen 2020-06-01 modified 2020-06-02 plugin id 38668 published 2009-05-04 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38668 title Debian DSA-1787-1 : linux-2.6.24 - denial of service/privilege escalation/information leak
Oval
accepted 2013-04-29T04:10:08.653-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. family unix id oval:org.mitre.oval:def:10942 status accepted submitted 2010-07-09T03:56:16-04:00 title The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. version 18 accepted 2014-01-20T04:01:36.747-05:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard name Chris Coffin organization The MITRE Corporation
definition_extensions comment VMware ESX Server 4.0 is installed oval oval:org.mitre.oval:def:6293 description The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. family unix id oval:org.mitre.oval:def:7765 status accepted submitted 2010-03-19T16:57:59.000-04:00 title VMware kernel ext4_group_add function vulnerability version 7
Redhat
| advisories |
| ||||
| rpms |
|
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-09-02 |
| organization | Red Hat |
| statement | This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. This issue was addressed in Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1243.html |
References
- http://www.vupen.com/english/advisories/2009/0509
- http://bugzilla.kernel.org/show_bug.cgi?id=12433
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
- http://www.debian.org/security/2009/dsa-1749
- http://secunia.com/advisories/34394
- http://www.ubuntu.com/usn/usn-751-1
- http://secunia.com/advisories/34981
- http://www.debian.org/security/2009/dsa-1787
- http://www.vupen.com/english/advisories/2009/3316
- http://secunia.com/advisories/37471
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://secunia.com/advisories/36562
- http://rhn.redhat.com/errata/RHSA-2009-1243.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7765
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10942
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdff73f094e7220602cc3f8959c7230517976412