Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.DEBIAN_DSA-1070.NASL
HistoryOct 14, 2006 - 12:00 a.m.

Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities

2006-10-1400:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
33
JSON

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :

  • CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found.

  • CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found.

  • CVE-2004-0394 A buffer overflow in the panic handling code has been found.

  • CVE-2004-0447 A local denial of service vulnerability through a NULL pointer dereference in the IA64 process handling code has been found.

  • CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found.

  • CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture.

  • CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information.

  • CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation.

  • CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service or information disclosure.

  • CVE-2004-0949 An information leak discovered in the SMB filesystem code.

  • CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer.

  • CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability.

  • CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found.

  • CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service.

  • CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector.

  • CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack.

  • CVE-2003-0984 Inproper initialization of the RTC may disclose information.

  • CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation.

  • CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation.

  • CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service.

  • CVE-2004-1073 The open_exec function may disclose information.

  • CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries.

  • CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found.

  • CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation.

  • CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries.

  • CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions.

  • CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation.

  • CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation.

  • CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver.

  • CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which architecture fixes the problems mentioned above :

                               Debian 3.0 (woody)                 Source                           2.4.19-4                           Sun Sparc architecture           26woody1                           Little endian MIPS architecture  0.020911.1.woody5

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1070. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22612);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2003-0984", "CVE-2004-0138", "CVE-2004-0394", "CVE-2004-0427", "CVE-2004-0447", "CVE-2004-0554", "CVE-2004-0565", "CVE-2004-0685", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-0997", "CVE-2004-1016", "CVE-2004-1017", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1074", "CVE-2004-1234", "CVE-2004-1235", "CVE-2004-1333", "CVE-2004-1335", "CVE-2005-0001", "CVE-2005-0003", "CVE-2005-0124", "CVE-2005-0135", "CVE-2005-0384", "CVE-2005-0489", "CVE-2005-0504");
  script_xref(name:"DSA", value:"1070");

  script_name(english:"Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2004-0427
    A local denial of service vulnerability in do_fork() has
    been found.

  - CVE-2005-0489
    A local denial of service vulnerability in proc memory
    handling has been found.

  - CVE-2004-0394
    A buffer overflow in the panic handling code has been
    found.

  - CVE-2004-0447
    A local denial of service vulnerability through a NULL
    pointer dereference in the IA64 process handling code
    has been found.

  - CVE-2004-0554
    A local denial of service vulnerability through an
    infinite loop in the signal handler code has been found.

  - CVE-2004-0565
    An information leak in the context switch code has been
    found on the IA64 architecture.

  - CVE-2004-0685
    Unsafe use of copy_to_user in USB drivers may disclose
    sensitive information.

  - CVE-2005-0001
    A race condition in the i386 page fault handler may
    allow privilege escalation.

  - CVE-2004-0883
    Multiple vulnerabilities in the SMB filesystem code may
    allow denial of service or information disclosure.

  - CVE-2004-0949
    An information leak discovered in the SMB filesystem
    code.

  - CVE-2004-1016
    A local denial of service vulnerability has been found
    in the SCM layer.

  - CVE-2004-1333
    An integer overflow in the terminal code may allow a
    local denial of service vulnerability.

  - CVE-2004-0997
    A local privilege escalation in the MIPS assembly code
    has been found.

  - CVE-2004-1335
    A memory leak in the ip_options_get() function may lead
    to denial of service.

  - CVE-2004-1017
    Multiple overflows exist in the io_edgeport driver which
    might be usable as a denial of service attack vector.

  - CVE-2005-0124
    Bryan Fulton reported a bounds checking bug in the
    coda_pioctl function which may allow local users to
    execute arbitrary code or trigger a denial of service
    attack.

  - CVE-2003-0984
    Inproper initialization of the RTC may disclose
    information.

  - CVE-2004-1070
    Insufficient input sanitising in the load_elf_binary()
    function may lead to privilege escalation.

  - CVE-2004-1071
    Incorrect error handling in the binfmt_elf loader may
    lead to privilege escalation.

  - CVE-2004-1072
    A buffer overflow in the binfmt_elf loader may lead to
    privilege escalation or denial of service.

  - CVE-2004-1073
    The open_exec function may disclose information.

  - CVE-2004-1074
    The binfmt code is vulnerable to denial of service
    through malformed a.out binaries.

  - CVE-2004-0138
    A denial of service vulnerability in the ELF loader has
    been found.

  - CVE-2004-1068
    A programming error in the unix_dgram_recvmsg() function
    may lead to privilege escalation.

  - CVE-2004-1234
    The ELF loader is vulnerable to denial of service
    through malformed binaries.

  - CVE-2005-0003
    Crafted ELF binaries may lead to privilege escalation,
    due to insufficient checking of overlapping memory
    regions.

  - CVE-2004-1235
    A race condition in the load_elf_library() and
    binfmt_aout() functions may allow privilege escalation.

  - CVE-2005-0504
    An integer overflow in the Moxa driver may lead to
    privilege escalation.

  - CVE-2005-0384
    A remote denial of service vulnerability has been found
    in the PPP driver.

  - CVE-2005-0135
    An IA64 specific local denial of service vulnerability
    has been found in the unw_unwind_to_user() function.

The following matrix explains which kernel version for which
architecture fixes the problems mentioned above :

                                   Debian 3.0 (woody)               
  Source                           2.4.19-4                         
  Sun Sparc architecture           26woody1                         
  Little endian MIPS architecture  0.020911.1.woody5"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0489"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0394"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0447"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0554"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0685"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0883"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1333"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0997"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0124"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2003-0984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1070"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1071"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1072"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-0138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1068"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0003"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2004-1235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0504"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0384"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-0135"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1070"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the kernel package immediately and reboot the machine."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-sparc-2.4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-2.4.19-mips");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.4.19");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/01/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"kernel-doc-2.4.19", reference:"2.4.19-4.woody3")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.18-sparc", reference:"22woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.19", reference:"2.4.19-0.020911.1.woody5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.4.19-sparc", reference:"26woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-sun4u", reference:"22woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.18-sun4u-smp", reference:"22woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-r4k-ip22", reference:"2.4.19-0.020911.1.woody5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-r5k-ip22", reference:"2.4.19-0.020911.1.woody5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-sun4u", reference:"26woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.4.19-sun4u-smp", reference:"26woody1")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-patch-2.4.19-mips", reference:"2.4.19-0.020911.1.woody5")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-source-2.4.19", reference:"2.4.19-4.woody3")) flag++;
if (deb_check(release:"3.0", prefix:"mips-tools", reference:"2.4.19-0.020911.1.woody5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxkernel-image-sparc-2.4p-cpe:/a:debian:debian_linux:kernel-image-sparc-2.4
debiandebian_linuxkernel-patch-2.4.19-mipsp-cpe:/a:debian:debian_linux:kernel-patch-2.4.19-mips
debiandebian_linuxkernel-source-2.4.19p-cpe:/a:debian:debian_linux:kernel-source-2.4.19
debiandebian_linux3.0cpe:/o:debian:debian_linux:3.0

References

Related

openvas 33
osv 4
debian 5
nessus 49
redhat 18
suse 6
ubuntu 6
securityvulns 7
gentoo 3
ubuntucve 22
cve 32
checkpoint_advisories 1
cert 4
slackware 2
packetstorm 2
prion 1
centos 4
openvas
openvas
Debian: Security Advisory (DSA-1069-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 1082-1 (kernel-2.4.17)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1082-1)
2008-01-17 00:00:00
osv
osv
kernel-source-2.4.18 - several
2006-05-20 00:00:00
kernel-source-2.4.19 - several vulnerabilities
2006-05-21 00:00:00
kernel-source-2.4.17 - several vulnerabilities
2006-05-29 00:00:00
debian
debian
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities
2006-05-21 02:53:34
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities
2006-05-21 17:30:06
[SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities
2006-05-20 08:20:15
nessus
nessus
Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilities
2006-10-14 00:00:00
Debian DSA-1069-1 : kernel-source-2.4.18 - several vulnerabilities
2006-10-14 00:00:00
Debian DSA-1082-1 : kernel-source-2.4.17 - several vulnerabilities
2006-10-14 00:00:00
redhat
redhat
(RHSA-2004:505) Updated kernel packages fix security vulnerability
2004-12-13 00:00:00
(RHSA-2004:504) Updated Itanium kernel packages resolve security issues
2004-12-13 00:00:00
(RHSA-2004:549) kernel security update
2004-12-02 00:00:00
suse
suse
local and remote denial of service in kernel
2004-12-01 14:31:07
local privilege escalation in kernel
2005-01-21 15:09:06
local privilege escalation in kernel
2004-12-21 19:35:11
ubuntu
ubuntu
Linux kernel vulnerabilities
2005-01-14 00:00:00
Linux kernel vulnerabilities
2004-11-19 00:00:00
Linux amd64 kernel vulnerability
2004-12-17 00:00:00
securityvulns
securityvulns
Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
2004-11-18 00:00:00
[Full-Disclosure] Linux kernel uselib&#40;&#41; privilege elevation, corrected
2005-01-07 00:00:00
Linux kernel scm_send local DoS
2004-12-15 00:00:00
gentoo
gentoo
Linux Kernel: Multiple DoS and permission vulnerabilities
2004-07-22 00:00:00
Linux Kernel: Multiple vulnerabilities
2004-07-03 00:00:00
Linux Kernel: Multiple information leaks
2004-08-25 00:00:00
ubuntucve
ubuntucve
CVE-2003-0984
2004-01-05 00:00:00
CVE-2004-0685
2004-12-23 00:00:00
CVE-2004-0883
2005-01-10 00:00:00
cve
cve
CVE-2003-0984
2004-01-05 05:00:00
CVE-2004-0883
2005-01-10 05:00:00
CVE-2004-0949
2005-01-10 05:00:00
checkpoint_advisories
checkpoint_advisories
Linux Kernel SMB Filesystem smb_receive Transaction2 - Ver2 (CVE-2004-0949)
2014-12-28 00:00:00
cert
cert
SMB filesystem read system call vulnerable to buffer overflow
2005-02-02 00:00:00
Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
2004-06-15 00:00:00
Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length
2004-03-09 00:00:00
slackware
slackware
kernel DoS
2004-06-15 10:53:26
kernel security updates
2004-04-28 13:56:48
packetstorm
packetstorm
isec-0021-uselib.txt
2005-01-07 00:00:00
isec-0019-scm.txt
2004-12-30 00:00:00
prion
prion
Design/Logic Flaw
2007-02-15 18:28:00
centos
centos
kernel security update
2005-04-22 21:54:37
kernel security update
2005-08-26 03:54:07
kernel security update
2005-04-29 05:42:41
JSON
Related for DEBIAN_DSA-1070.NASL
openvas33osv4debian5nessus49redhat18suse6ubuntu6securityvulns7gentoo3ubuntucve22cve32checkpoint_advisories1cert4slackware2packetstorm2prion1centos4