Vulnerabilities > CVE-2009-4026 - Unspecified vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linux
nessus
Summary
The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_2_KERNEL-091218.NASL description The Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 to fix the following bugs and security issues : - A file overwrite issue on the ext4 filesystem could be used by local attackers that have write access to a filesystem to change/overwrite files of other users, including root. (CVE-2009-4131) - A remote denial of service by sending overly long packets could be used by remote attackers to crash a machine. (CVE-2009-1298) - The mac80211 subsystem in the Linux kernel allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous last seen 2020-06-01 modified 2020-06-02 plugin id 43631 published 2010-01-05 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43631 title SuSE 11.2 Security Update: kernel (2009-12-18) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Updates. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(43631); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id( "CVE-2009-1298", "CVE-2009-3080", "CVE-2009-3547", "CVE-2009-3621", "CVE-2009-3624", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4021", "CVE-2009-4026", "CVE-2009-4027", "CVE-2009-4131", "CVE-2009-4138", "CVE-2009-4306", "CVE-2009-4307", "CVE-2009-4308" ); script_bugtraq_id( 36723, 36793, 36901, 37019, 37036, 37068, 37069, 37170, 37231, 37277, 37339 ); script_name(english:"SuSE 11.2 Security Update: kernel (2009-12-18)"); script_summary(english:"Check for the kernel package."); script_set_attribute(attribute:"synopsis", value:"The remote openSUSE host is missing a security update."); script_set_attribute(attribute:"description", value: "The Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 to fix the following bugs and security issues : - A file overwrite issue on the ext4 filesystem could be used by local attackers that have write access to a filesystem to change/overwrite files of other users, including root. (CVE-2009-4131) - A remote denial of service by sending overly long packets could be used by remote attackers to crash a machine. (CVE-2009-1298) - The mac80211 subsystem in the Linux kernel allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous 'code shuffling patch.' (CVE-2009-4026) - Race condition in the mac80211 subsystem in the Linux kernel allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session. (CVE-2009-4027) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. This requires the attacker to access the machine on ISDN protocol level. (CVE-2009-4005) - Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080) - The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. (CVE-2009-3624) - The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. (CVE-2009-4021) - Multiple race conditions in fs/pipe.c in the Linux kernel allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. As openSUSE 11.2 by default sets mmap_min_addr protection, this issue will just Oops the kernel and not be able to execute code. (CVE-2009-3547) - net/unix/af_unix.c in the Linux kernel allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. (CVE-2009-3621) - drivers/firewire/ohci.c in the Linux kernel when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. (CVE-2009-4138) - The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307) - Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131. (CVE-2009-4306) - The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. This can lead to privilege escalations. (CVE-2009-4131) - The rt2870 and rt2860 drivers were refreshed to the level they are in the Linux 2.6.32 kernel, bringing new device support and new functionality."); # http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9d661785"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=472410"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=498708"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=522790"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=523487"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=533555"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=533677"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=537081"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=539010"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=540589"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=540997"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=543407"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=543704"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=544779"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=546491"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=547357"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=548010"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=548728"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=549030"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=550787"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=551664"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=552033"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=552154"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=552492"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=556564"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=556568"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=556899"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=557180"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=557403"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=557668"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=557683"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=557760"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=558267"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=559062"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=559132"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=559680"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=560697"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=561018"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=561235"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=564712"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=559680"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=541736"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=561018"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=564382"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=564381"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=564380"); script_set_attribute(attribute:"see_also", value: "https://bugzilla.novell.com/show_bug.cgi?id=561018"); script_set_attribute(attribute:"solution", value:"Update the affected kernel packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 189, 264, 310, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:preload-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"kernel-debug-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-debug-base-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-debug-devel-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-default-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-default-base-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-default-devel-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-desktop-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-desktop-base-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-desktop-devel-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-pae-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-pae-base-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-pae-devel-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-syms-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-trace-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-trace-base-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-trace-devel-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-vanilla-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-vanilla-base-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-vanilla-devel-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-xen-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-xen-base-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"kernel-xen-devel-2.6.31.8-0.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"preload-kmp-default-1.1_2.6.31.8_0.1-6.9.3") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"preload-kmp-desktop-1.1_2.6.31.8_0.1-6.9.3") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-devel / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0178.NASL description Updated kernel packages that fix three security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note: This issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important) * a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727, Moderate) * a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-4307, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.5 Release Notes for information on the most significant of these changes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, refer to the kernel chapter in the Red Hat Enterprise Linux 5.5 Technical Notes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 46282 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46282 title RHEL 5 : kernel (RHSA-2010:0178) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0178. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(46282); script_version ("1.33"); script_cvs_date("Date: 2019/10/25 13:36:15"); script_cve_id("CVE-2007-6733", "CVE-2009-4026", "CVE-2009-4027", "CVE-2009-4307", "CVE-2010-0727", "CVE-2010-1188"); script_bugtraq_id(37170); script_xref(name:"RHSA", value:"2010:0178"); script_name(english:"RHEL 5 : kernel (RHSA-2010:0178)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix three security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note: This issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important) * a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727, Moderate) * a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-4307, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.5 Release Notes for information on the most significant of these changes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/ Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, refer to the kernel chapter in the Red Hat Enterprise Linux 5.5 Technical Notes : http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/ Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-4027" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-4307" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-0727" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-1188" ); # http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/ script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/documentation/en-us/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2010:0178" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189, 362); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/02"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2007-6733", "CVE-2009-4026", "CVE-2009-4027", "CVE-2009-4307", "CVE-2010-0727", "CVE-2010-1188"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2010:0178"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2010:0178"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-194.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-194.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-864-1.NASL description It was discovered that the AX.25 network subsystem did not correctly check integer signedness in certain setsockopt calls. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-2909) Jan Beulich discovered that the kernel could leak register contents to 32-bit processes that were switched to 64-bit mode. A local attacker could run a specially crafted binary to read register values from an earlier process, leading to a loss of privacy. (CVE-2009-2910) Dave Jones discovered that the gdth SCSI driver did not correctly validate array indexes in certain ioctl calls. A local attacker could exploit this to crash the system or gain elevated privileges. (CVE-2009-3080) Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystems would leak kernel memory via uninitialized structure members. A local attacker could exploit this to read several bytes of kernel memory, leading to a loss of privacy. (CVE-2009-3228, CVE-2009-3612) Earl Chew discovered race conditions in pipe handling. A local attacker could exploit anonymous pipes via /proc/*/fd/ and crash the system or gain root privileges. (CVE-2009-3547) Dave Jones and Francois Romieu discovered that the r8169 network driver could be made to leak kernel memory. A remote attacker could send a large number of jumbo frames until the system memory was exhausted, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-3613). Ben Hutchings discovered that the ATI Rage 128 video driver did not correctly validate initialization states. A local attacker could make specially crafted ioctl calls to crash the system or gain root privileges. (CVE-2009-3620) Tomoki Sekiyama discovered that Unix sockets did not correctly verify namespaces. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2009-3621) J. Bruce Fields discovered that NFSv4 did not correctly use the credential cache. A local attacker using a mount with AUTH_NULL authentication could exploit this to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3623) Alexander Zangerl discovered that the kernel keyring did not correctly reference count. A local attacker could issue a series of specially crafted keyring calls to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3624) David Wagner discovered that KVM did not correctly bounds-check CPUID entries. A local attacker could exploit this to crash the system or possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3638) Avi Kivity discovered that KVM did not correctly check privileges when accessing debug registers. A local attacker could exploit this to crash a host system from within a guest system, leading to a denial of service. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3722) Philip Reisner discovered that the connector layer for uvesafb, pohmelfs, dst, and dm did not correctly check capabilties. A local attacker could exploit this to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected. (CVE-2009-3725) Trond Myklebust discovered that NFSv4 clients did not robustly verify attributes. A malicious remote NFSv4 server could exploit this to crash a client or gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-3726) Robin Getz discovered that NOMMU systems did not correctly validate NULL pointers in do_mmap_pgoff calls. A local attacker could attempt to allocate large amounts of memory to crash the system, leading to a denial of service. Only Ubuntu 6.06 and 9.10 were affected. (CVE-2009-3888) Joseph Malicki discovered that the MegaRAID SAS driver had world-writable option files. A local attacker could exploit these to disrupt the behavior of the controller, leading to a denial of service. (CVE-2009-3889, CVE-2009-3939) Roel Kluin discovered that the Hisax ISDN driver did not correctly check the size of packets. A remote attacker could send specially crafted packets to cause a system crash, leading to a denial of service. (CVE-2009-4005) Lennert Buytenhek discovered that certain 802.11 states were not handled correctly. A physically-proximate remote attacker could send specially crafted wireless traffic that would crash the system, leading to a denial of service. Only Ubuntu 9.10 was affected. (CVE-2009-4026, CVE-2009-4027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43026 published 2009-12-07 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43026 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-864-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-864-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(43026); script_version("1.33"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2009-2909", "CVE-2009-2910", "CVE-2009-3080", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3623", "CVE-2009-3624", "CVE-2009-3638", "CVE-2009-3722", "CVE-2009-3725", "CVE-2009-3726", "CVE-2009-3888", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4026", "CVE-2009-4027"); script_bugtraq_id(36304, 36576, 36635, 36706, 36723, 36793, 36803, 36824, 36827, 36901, 36936, 37019, 37036, 37068, 37170, 37221); script_xref(name:"USN", value:"864-1"); script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-864-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the AX.25 network subsystem did not correctly check integer signedness in certain setsockopt calls. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-2909) Jan Beulich discovered that the kernel could leak register contents to 32-bit processes that were switched to 64-bit mode. A local attacker could run a specially crafted binary to read register values from an earlier process, leading to a loss of privacy. (CVE-2009-2910) Dave Jones discovered that the gdth SCSI driver did not correctly validate array indexes in certain ioctl calls. A local attacker could exploit this to crash the system or gain elevated privileges. (CVE-2009-3080) Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystems would leak kernel memory via uninitialized structure members. A local attacker could exploit this to read several bytes of kernel memory, leading to a loss of privacy. (CVE-2009-3228, CVE-2009-3612) Earl Chew discovered race conditions in pipe handling. A local attacker could exploit anonymous pipes via /proc/*/fd/ and crash the system or gain root privileges. (CVE-2009-3547) Dave Jones and Francois Romieu discovered that the r8169 network driver could be made to leak kernel memory. A remote attacker could send a large number of jumbo frames until the system memory was exhausted, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-3613). Ben Hutchings discovered that the ATI Rage 128 video driver did not correctly validate initialization states. A local attacker could make specially crafted ioctl calls to crash the system or gain root privileges. (CVE-2009-3620) Tomoki Sekiyama discovered that Unix sockets did not correctly verify namespaces. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2009-3621) J. Bruce Fields discovered that NFSv4 did not correctly use the credential cache. A local attacker using a mount with AUTH_NULL authentication could exploit this to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3623) Alexander Zangerl discovered that the kernel keyring did not correctly reference count. A local attacker could issue a series of specially crafted keyring calls to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3624) David Wagner discovered that KVM did not correctly bounds-check CPUID entries. A local attacker could exploit this to crash the system or possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3638) Avi Kivity discovered that KVM did not correctly check privileges when accessing debug registers. A local attacker could exploit this to crash a host system from within a guest system, leading to a denial of service. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3722) Philip Reisner discovered that the connector layer for uvesafb, pohmelfs, dst, and dm did not correctly check capabilties. A local attacker could exploit this to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected. (CVE-2009-3725) Trond Myklebust discovered that NFSv4 clients did not robustly verify attributes. A malicious remote NFSv4 server could exploit this to crash a client or gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-3726) Robin Getz discovered that NOMMU systems did not correctly validate NULL pointers in do_mmap_pgoff calls. A local attacker could attempt to allocate large amounts of memory to crash the system, leading to a denial of service. Only Ubuntu 6.06 and 9.10 were affected. (CVE-2009-3888) Joseph Malicki discovered that the MegaRAID SAS driver had world-writable option files. A local attacker could exploit these to disrupt the behavior of the controller, leading to a denial of service. (CVE-2009-3889, CVE-2009-3939) Roel Kluin discovered that the Hisax ISDN driver did not correctly check the size of packets. A remote attacker could send specially crafted packets to cause a system crash, leading to a denial of service. (CVE-2009-4005) Lennert Buytenhek discovered that certain 802.11 states were not handled correctly. A physically-proximate remote attacker could send specially crafted wireless traffic that would crash the system, leading to a denial of service. Only Ubuntu 9.10 was affected. (CVE-2009-4026, CVE-2009-4027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/864-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 119, 189, 200, 264, 287, 310, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.28"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.31"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|8\.04|8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2009-2909", "CVE-2009-2910", "CVE-2009-3080", "CVE-2009-3228", "CVE-2009-3547", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3623", "CVE-2009-3624", "CVE-2009-3638", "CVE-2009-3722", "CVE-2009-3725", "CVE-2009-3726", "CVE-2009-3888", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4026", "CVE-2009-4027"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-864-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"linux-doc-2.6.15", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-55", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-55-386", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-55-686", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-55-amd64-generic", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-55-amd64-k8", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-55-amd64-server", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-55-amd64-xeon", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-headers-2.6.15-55-server", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-55-386", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-55-686", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-55-amd64-generic", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-55-amd64-k8", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-55-amd64-server", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-55-amd64-xeon", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-image-2.6.15-55-server", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-kernel-devel", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"linux-source-2.6.15", pkgver:"2.6.15-55.81")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-doc-2.6.24", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-26", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-26-386", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-26-generic", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-26-openvz", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-26-rt", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-26-server", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-26-virtual", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-headers-2.6.24-26-xen", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-26-386", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-26-generic", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-26-lpia", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-26-lpiacompat", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-26-openvz", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-26-rt", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-26-server", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-26-virtual", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-2.6.24-26-xen", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-26-386", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-26-generic", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-26-server", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-image-debug-2.6.24-26-virtual", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-kernel-devel", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-libc-dev", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"linux-source-2.6.24", pkgver:"2.6.24-26.64")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"linux-doc-2.6.27", pkgver:"2.6.27-16.44")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"linux-headers-2.6.27-16", pkgver:"2.6.27-16.44")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"linux-headers-2.6.27-16-generic", pkgver:"2.6.27-16.44")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"linux-headers-2.6.27-16-server", pkgver:"2.6.27-16.44")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"linux-image-2.6.27-16-generic", pkgver:"2.6.27-16.44")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"linux-image-2.6.27-16-server", pkgver:"2.6.27-16.44")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"linux-image-2.6.27-16-virtual", pkgver:"2.6.27-16.44")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"linux-libc-dev", pkgver:"2.6.27-16.44")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"linux-source-2.6.27", pkgver:"2.6.27-16.44")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-doc-2.6.28", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-headers-2.6.28-17", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-headers-2.6.28-17-generic", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-headers-2.6.28-17-server", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-image-2.6.28-17-generic", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-image-2.6.28-17-lpia", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-image-2.6.28-17-server", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-image-2.6.28-17-versatile", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-image-2.6.28-17-virtual", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-libc-dev", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"linux-source-2.6.28", pkgver:"2.6.28-17.58")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-doc", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-headers-2.6.31-16", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-headers-2.6.31-16-386", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-headers-2.6.31-16-generic", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-headers-2.6.31-16-generic-pae", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-headers-2.6.31-16-server", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-image-2.6.31-16-386", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-image-2.6.31-16-generic", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-image-2.6.31-16-generic-pae", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-image-2.6.31-16-lpia", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-image-2.6.31-16-server", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-image-2.6.31-16-virtual", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-libc-dev", pkgver:"2.6.31-16.52")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"linux-source-2.6.31", pkgver:"2.6.31-16.52")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc / linux-doc-2.6.15 / linux-doc-2.6.24 / linux-doc-2.6.27 / etc"); }
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 37170 CVE(CAN) ID: CVE-2009-4026,CVE-2009-4027 Linux Kernel是开放源码操作系统Linux所使用的内核。 远程攻击者可以通过向Linux Kernel的mac80211子系统发送特制Delete Block ACK(DELBA)报文触发竞争条件等错误,导致拒绝服务的情况。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=827d42c9ac91ddd728e4f4a31fefb906ef2ceff7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4253119acf412fd686ef4bd8749b5a4d70ea3a51 |
| id | SSV:15026 |
| last seen | 2017-11-19 |
| modified | 2009-12-04 |
| published | 2009-12-04 |
| reporter | Root |
| title | Linux Kernel net/mac80211/子系统远程拒绝服务漏洞 |
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-12-03 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commits d75636ef and d92684e6 that introduced the problem. |
References
- http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.32-rc8-next-20091201.gz
- http://www.openwall.com/lists/oss-security/2009/12/01/2
- http://www.securityfocus.com/bid/37170
- https://bugzilla.redhat.com/show_bug.cgi?id=541149
- http://secunia.com/advisories/38017
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
- http://www.ubuntu.com/usn/usn-864-1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=827d42c9ac91ddd728e4f4a31fefb906ef2ceff7