Vulnerabilities > CVE-2009-0778

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE

Summary

The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."

Vulnerable Configurations

Part Description Count
OS
Linux
838
OS
Microsoft
1
OS
Vmware
4
OS
Redhat
1
Application
Vmware
5

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0079.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567, Important) * the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important) * memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important) * a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the
    last seen2020-06-01
    modified2020-06-02
    plugin id63915
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63915
    titleRHEL 5 : kernel (RHSA-2010:0079)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0079. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63915);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2007-4567", "CVE-2007-5966", "CVE-2009-0778", "CVE-2009-0834", "CVE-2009-1385", "CVE-2009-1895", "CVE-2009-4536", "CVE-2009-4537", "CVE-2009-4538");
      script_bugtraq_id(35647, 37519, 37521, 37523);
      script_xref(name:"RHSA", value:"2010:0079");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2010:0079)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 5.2 Extended
    Update Support.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
    * a flaw was found in the IPv6 Extension Header (EH) handling
    implementation in the Linux kernel. The skb->dst data structure was
    not properly validated in the ipv6_hop_jumbo() function. This could
    possibly lead to a remote denial of service. (CVE-2007-4567,
    Important)
    
    * the possibility of a timeout value overflow was found in the Linux
    kernel high-resolution timers functionality, hrtimers. This could
    allow a local, unprivileged user to execute arbitrary code, or cause a
    denial of service (kernel panic). (CVE-2007-5966, Important)
    
    * memory leaks were found on some error paths in the icmp_send()
    function in the Linux kernel. This could, potentially, cause the
    network connectivity to cease. (CVE-2009-0778, Important)
    
    * a deficiency was found in the Linux kernel system call auditing
    implementation on 64-bit systems. This could allow a local,
    unprivileged user to circumvent a system call audit configuration, if
    that configuration filtered based on the 'syscall' number or
    arguments. (CVE-2009-0834, Important)
    
    * a flaw was found in the Intel PRO/1000 Linux driver (e1000) in the
    Linux kernel. Frames with sizes near the MTU of an interface may be
    split across multiple hardware receive descriptors. Receipt of such a
    frame could leak through a validation check, leading to a corruption
    of the length check. A remote attacker could use this flaw to send a
    specially crafted packet that would cause a denial of service or code
    execution. (CVE-2009-1385, Important)
    
    * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared
    when a setuid or setgid program was executed. A local, unprivileged
    user could use this flaw to bypass the mmap_min_addr protection
    mechanism and perform a NULL pointer dereference attack, or bypass the
    Address Space Layout Randomization (ASLR) security feature.
    (CVE-2009-1895, Important)
    
    * a flaw was found in each of the following Intel PRO/1000 Linux
    drivers in the Linux kernel: e1000 and e1000e. A remote attacker using
    packets larger than the MTU could bypass the existing fragment check,
    resulting in partial, invalid frames being passed to the network
    stack. These flaws could also possibly be used to trigger a remote
    denial of service. (CVE-2009-4536, CVE-2009-4538, Important)
    
    * a flaw was found in the Realtek r8169 Ethernet driver in the Linux
    kernel. Receiving overly-long frames with a certain revision of the
    network cards supported by this driver could possibly result in a
    remote denial of service. (CVE-2009-4537, Important)
    
    Note: This update also fixes several bugs. Documentation for these bug
    fixes will be available shortly from
    www.redhat.com/docs/en-US/errata/RHSA-2010-0079/Kernel_Security_Update
    / index.html
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-4567.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-5966.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-0778.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-0834.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-1385.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-1895.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-4536.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-4537.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-4538.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://rhn.redhat.com/errata/RHSA-2010-0079.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 189, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/02/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    flag = 0;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-PAE-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-debug-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-debug-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-debug-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-debug-devel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-devel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-devel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-devel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", reference:"kernel-doc-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i386", reference:"kernel-headers-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-headers-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-headers-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-kdump-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-xen-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-xen-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-xen-devel-2.6.18-92.1.35.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-92.1.35.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090401_KERNEL_ON_SL5_X.NASL
    descriptionSecurity fixes : - memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important) - Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate) - an off-by-one underflow flaw was found in the eCryptfs subsystem. This could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate) - a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in
    last seen2020-06-01
    modified2020-06-02
    plugin id60559
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60559
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60559);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2008-3528", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0778");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fixes :
    
      - memory leaks were found on some error paths in the
        icmp_send() function in the Linux kernel. This could,
        potentially, cause the network connectivity to cease.
        (CVE-2009-0778, Important)
    
      - Chris Evans reported a deficiency in the clone() system
        call when called with the CLONE_PARENT flag. This flaw
        permits the caller (the parent process) to indicate an
        arbitrary signal it wants to receive when its child
        process exits. This could lead to a denial of service of
        the parent process. (CVE-2009-0028, Moderate)
    
      - an off-by-one underflow flaw was found in the eCryptfs
        subsystem. This could potentially cause a local denial
        of service when the readlink() function returned an
        error. (CVE-2009-0269, Moderate)
    
      - a deficiency was found in the Remote BIOS Update (RBU)
        driver for Dell systems. This could allow a local,
        unprivileged user to cause a denial of service by
        reading zero bytes from the image_type or packet_size
        files in '/sys/devices/platform/dell_rbu/'.
        (CVE-2009-0322, Moderate)
    
      - an inverted logic flaw was found in the SysKonnect FDDI
        PCI adapter driver, allowing driver statistics to be
        reset only when the CAP_NET_ADMIN capability was absent
        (local, unprivileged users could reset driver
        statistics). (CVE-2009-0675, Moderate)
    
      - the sock_getsockopt() function in the Linux kernel did
        not properly initialize a data structure that can be
        directly returned to user-space when the getsockopt()
        function is called with SO_BSDCOMPAT optname set. This
        flaw could possibly lead to memory disclosure.
        (CVE-2009-0676, Moderate)
    
      - the ext2 and ext3 file system code failed to properly
        handle corrupted data structures, leading to a possible
        local denial of service when read or write operations
        were performed on a specially crafted file system.
        (CVE-2008-3528, Low)
    
      - a deficiency was found in the libATA implementation.
        This could, potentially, lead to a local denial of
        service. Note: by default, the '/dev/sg*' devices are
        accessible only to the root user. (CVE-2008-5700, Low)
    
    Bug fixes :
    
      - a bug in aic94xx may have caused kernel panics during
        boot on some systems with certain SATA disks.
        (BZ#485909)
    
      - a word endianness problem in the qla2xx driver on
        PowerPC-based machines may have corrupted flash-based
        devices. (BZ#485908)
    
      - a memory leak in pipe() may have caused a system
        deadlock. The workaround, which involved manually
        allocating extra file descriptors toprocesses calling
        do_pipe, is no longer necessary. (BZ#481576)
    
      - CPU soft-lockups in the network rate estimator.
        (BZ#481746)
    
      - bugs in the ixgbe driver caused it to function
        unreliably on some systems with 16 or more CPU cores.
        (BZ#483210)
    
      - the iwl4965 driver may have caused a kernel panic.
        (BZ#483206)
    
      - a bug caused NFS attributes to not update for some
        long-lived NFS mounted file systems. (BZ#483201)
    
      - unmounting a GFS2 file system may have caused a panic.
        (BZ#485910)
    
      - a bug in ptrace() may have caused a panic when single
        stepping a target. (BZ#487394)
    
      - on some 64-bit systems, notsc was incorrectly set at
        boot, causing slow gettimeofday() calls. (BZ#488239)
    
      - do_machine_check() cleared all Machine Check Exception
        (MCE) status registers, preventing the BIOS from using
        them to determine the cause of certain panics and
        errors. (BZ#490433)
    
      - scaling problems caused performance problems for LAPI
        applications. (BZ#489457)
    
      - a panic may have occurred on systems using certain Intel
        WiFi Link 5000 products when booting with the RF Kill
        switch on. (BZ#489846)
    
      - the TSC is invariant with C/P/T states, and always runs
        at constant frequency from now on. (BZ#489310)
    
    The system must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=481576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=481746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=483201"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=483206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=483210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=485908"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=485909"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=485910"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=487394"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=488239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=489310"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=489457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=489846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=490433"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=76
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ad870d63"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_cwe_id(189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"kernel-2.6.18-128.1.6.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-128.1.6.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-128.1.6.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-128.1.6.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-128.1.6.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-128.1.6.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-128.1.6.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-128.1.6.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-128.1.6.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-128.1.6.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0326.NASL
    descriptionFrom Red Hat Security Advisory 2009:0326 : Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important) * Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate) * an off-by-one underflow flaw was found in the eCryptfs subsystem. This could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate) * a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in
    last seen2020-06-01
    modified2020-06-02
    plugin id67812
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67812
    titleOracle Linux 5 : kernel (ELSA-2009-0326)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2009-0004.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : CVE-2008-3528 The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. CVE-2008-5700 libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program. CVE-2009-0028 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. CVE-2009-0322 drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0675 The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an
    last seen2020-06-01
    modified2020-06-02
    plugin id79453
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79453
    titleOracleVM 2.1 : kernel (OVMSA-2009-0004)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0326.NASL
    descriptionUpdated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important) * Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate) * an off-by-one underflow flaw was found in the eCryptfs subsystem. This could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate) * a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in
    last seen2020-06-01
    modified2020-06-02
    plugin id36069
    published2009-04-01
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36069
    titleRHEL 5 : kernel (RHSA-2009:0326)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0326.NASL
    descriptionUpdated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important) * Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate) * an off-by-one underflow flaw was found in the eCryptfs subsystem. This could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate) * a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in
    last seen2020-06-01
    modified2020-06-02
    plugin id43729
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43729
    titleCentOS 5 : kernel (CESA-2009:0326)

Oval

  • accepted2013-04-29T04:03:37.200-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionThe icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
    familyunix
    idoval:org.mitre.oval:def:10215
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleThe icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
    version18
  • accepted2014-01-20T04:01:37.227-05:00
    classvulnerability
    contributors
    • namePai Peng
      organizationHewlett-Packard
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    commentVMware ESX Server 4.0 is installed
    ovaloval:org.mitre.oval:def:6293
    descriptionThe icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
    familyunix
    idoval:org.mitre.oval:def:7867
    statusaccepted
    submitted2010-03-19T16:57:59.000-04:00
    titleVMware kernel icmp_send function vulnerability
    version7

Redhat

advisories
bugzilla
id490433
titleRHEL5.3 (x86_64): MCE handler must not clear status registers on fatal conditions
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • commentkernel earlier than 0:2.6.18-128.1.6.el5 is currently running
        ovaloval:com.redhat.rhsa:tst:20090326025
      • commentkernel earlier than 0:2.6.18-128.1.6.el5 is set to boot up on next boot
        ovaloval:com.redhat.rhsa:tst:20090326026
    • OR
      • AND
        • commentkernel-doc is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326001
        • commentkernel-doc is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314002
      • AND
        • commentkernel-xen-devel is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326003
        • commentkernel-xen-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314020
      • AND
        • commentkernel-devel is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326005
        • commentkernel-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314016
      • AND
        • commentkernel is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326007
        • commentkernel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314008
      • AND
        • commentkernel-debug is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326009
        • commentkernel-debug is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314014
      • AND
        • commentkernel-xen is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326011
        • commentkernel-xen is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314018
      • AND
        • commentkernel-headers is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326013
        • commentkernel-headers is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314006
      • AND
        • commentkernel-debug-devel is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326015
        • commentkernel-debug-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314004
      • AND
        • commentkernel-kdump-devel is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326017
        • commentkernel-kdump-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314012
      • AND
        • commentkernel-kdump is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326019
        • commentkernel-kdump is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314010
      • AND
        • commentkernel-PAE-devel is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326021
        • commentkernel-PAE-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314022
      • AND
        • commentkernel-PAE is earlier than 0:2.6.18-128.1.6.el5
          ovaloval:com.redhat.rhsa:tst:20090326023
        • commentkernel-PAE is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20080314024
rhsa
idRHSA-2009:0326
released2009-04-01
severityImportant
titleRHSA-2009:0326: kernel security and bug fix update (Important)
rpms
  • kernel-0:2.6.18-128.1.6.el5
  • kernel-PAE-0:2.6.18-128.1.6.el5
  • kernel-PAE-debuginfo-0:2.6.18-128.1.6.el5
  • kernel-PAE-devel-0:2.6.18-128.1.6.el5
  • kernel-debug-0:2.6.18-128.1.6.el5
  • kernel-debug-debuginfo-0:2.6.18-128.1.6.el5
  • kernel-debug-devel-0:2.6.18-128.1.6.el5
  • kernel-debuginfo-0:2.6.18-128.1.6.el5
  • kernel-debuginfo-common-0:2.6.18-128.1.6.el5
  • kernel-devel-0:2.6.18-128.1.6.el5
  • kernel-doc-0:2.6.18-128.1.6.el5
  • kernel-headers-0:2.6.18-128.1.6.el5
  • kernel-kdump-0:2.6.18-128.1.6.el5
  • kernel-kdump-debuginfo-0:2.6.18-128.1.6.el5
  • kernel-kdump-devel-0:2.6.18-128.1.6.el5
  • kernel-xen-0:2.6.18-128.1.6.el5
  • kernel-xen-debuginfo-0:2.6.18-128.1.6.el5
  • kernel-xen-devel-0:2.6.18-128.1.6.el5
  • kernel-0:2.6.18-92.1.35.el5
  • kernel-PAE-0:2.6.18-92.1.35.el5
  • kernel-PAE-debuginfo-0:2.6.18-92.1.35.el5
  • kernel-PAE-devel-0:2.6.18-92.1.35.el5
  • kernel-debug-0:2.6.18-92.1.35.el5
  • kernel-debug-debuginfo-0:2.6.18-92.1.35.el5
  • kernel-debug-devel-0:2.6.18-92.1.35.el5
  • kernel-debuginfo-0:2.6.18-92.1.35.el5
  • kernel-debuginfo-common-0:2.6.18-92.1.35.el5
  • kernel-devel-0:2.6.18-92.1.35.el5
  • kernel-doc-0:2.6.18-92.1.35.el5
  • kernel-headers-0:2.6.18-92.1.35.el5
  • kernel-kdump-0:2.6.18-92.1.35.el5
  • kernel-kdump-debuginfo-0:2.6.18-92.1.35.el5
  • kernel-kdump-devel-0:2.6.18-92.1.35.el5
  • kernel-xen-0:2.6.18-92.1.35.el5
  • kernel-xen-debuginfo-0:2.6.18-92.1.35.el5
  • kernel-xen-devel-0:2.6.18-92.1.35.el5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 34084 CVE(CAN) ID: CVE-2009-0778 Linux Kernel是开放源码操作系统Linux所使用的内核。 即使缓存的路由表保持不变,/proc/slabinfo中的ip_dst_cache值也会一直递增,这会导致ip_dst_cache最终会到达 /proc/sys/net/ipv4/route/max_size的值。当到达该值的时候,内核就会报告“dst cache overflow”,之后服务器不再响应任何网络活动。 Linux kernel 2.6.x 临时解决方法: * 删除REJECT路由,或用ip route add 10.10.0.0/16 via 127.0.0.1替换。 * 使用iptable。 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=https://bugzilla.redhat.com/attachment.cgi?id=333786 target=_blank rel=external nofollow>https://bugzilla.redhat.com/attachment.cgi?id=333786</a> <a href=https://bugzilla.redhat.com/attachment.cgi?id=334377 target=_blank rel=external nofollow>https://bugzilla.redhat.com/attachment.cgi?id=334377</a>
idSSV:4905
last seen2017-11-19
modified2009-03-14
published2009-03-14
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-4905
titleLinux Kernel /proc/net/rt_cache远程拒绝服务漏洞

Statements

contributorTomas Hoger
lastmodified2009-05-19
organizationRed Hat
statementThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0326.html .