Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2310.NASL
HistorySep 26, 2011 - 12:00 a.m.

Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak

2011-09-2600:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems :

  • CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system’s USB ports could obtain elevated privileges using a specially crafted USB device.

  • CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system’s USB ports could obtain elevated privileges using a specially crafted USB device.

  • CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.

  • CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the alpha architecture. Local users could obtain access to sensitive kernel memory.

  • CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4() system call on the alpha architecture permitting local users to gain elevated privileges.

  • CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop.

  • CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (CPU time and memory).

  • CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.

  • CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.

  • CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process’ proc directory was world-readable, resulting in local information disclosure of information such as password lengths.

  • CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.

  • CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.

  • CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.

  • CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.

  • CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.

  • CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.

This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian bug #633738).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2310. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(56285);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2009-4067", "CVE-2011-0712", "CVE-2011-1020", "CVE-2011-2209", "CVE-2011-2211", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2525", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191");
  script_bugtraq_id(46419, 46567, 47321, 48254, 48333, 48383, 48441, 48472, 48641, 48687, 49141, 49256, 49289, 49295, 49408);
  script_xref(name:"DSA", value:"2310");

  script_name(english:"Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leak. The Common Vulnerabilities and Exposures project identifies the
following problems :

  - CVE-2009-4067
    Rafael Dominguez Vega of MWR InfoSecurity reported an
    issue in the auerswald module, a driver for Auerswald
    PBX/System Telephone USB devices. Attackers with
    physical access to a system's USB ports could obtain
    elevated privileges using a specially crafted USB
    device.

  - CVE-2011-0712
    Rafael Dominguez Vega of MWR InfoSecurity reported an
    issue in the caiaq module, a USB driver for Native
    Instruments USB audio devices. Attackers with physical
    access to a system's USB ports could obtain elevated
    privileges using a specially crafted USB device.

  - CVE-2011-1020
    Kees Cook discovered an issue in the /proc filesystem
    that allows local users to gain access to sensitive
    process information after execution of a setuid binary.

  - CVE-2011-2209
    Dan Rosenberg discovered an issue in the osf_sysinfo()
    system call on the alpha architecture. Local users could
    obtain access to sensitive kernel memory.

  - CVE-2011-2211
    Dan Rosenberg discovered an issue in the osf_wait4()
    system call on the alpha architecture permitting local
    users to gain elevated privileges.

  - CVE-2011-2213
    Dan Rosenberg discovered an issue in the INET socket
    monitoring interface. Local users could cause a denial
    of service by injecting code and causing the kernel to
    execute an infinite loop.

  - CVE-2011-2484
    Vasiliy Kulikov of Openwall discovered that the number
    of exit handlers that a process can register is not
    capped, resulting in local denial of service through
    resource exhaustion (CPU time and memory).

  - CVE-2011-2491
    Vasily Averin discovered an issue with the NFS locking
    implementation. A malicious NFS server can cause a
    client to hang indefinitely in an unlock call.

  - CVE-2011-2492
    Marek Kroemeke and Filip Palian discovered that
    uninitialized struct elements in the Bluetooth subsystem
    could lead to a leak of sensitive kernel memory through
    leaked stack memory.

  - CVE-2011-2495
    Vasiliy Kulikov of Openwall discovered that the io file
    of a process' proc directory was world-readable,
    resulting in local information disclosure of information
    such as password lengths.

  - CVE-2011-2496
    Robert Swiecki discovered that mremap() could be abused
    for local denial of service by triggering a BUG_ON
    assert.

  - CVE-2011-2497
    Dan Rosenberg discovered an integer underflow in the
    Bluetooth subsystem, which could lead to denial of
    service or privilege escalation.

  - CVE-2011-2525
    Ben Pfaff reported an issue in the network scheduling
    code. A local user could cause a denial of service (NULL
    pointer dereference) by sending a specially crafted
    netlink message.

  - CVE-2011-2928
    Timo Warns discovered that insufficient validation of Be
    filesystem images could lead to local denial of service
    if a malformed filesystem image is mounted.

  - CVE-2011-3188
    Dan Kaminsky reported a weakness of the sequence number
    generation in the TCP protocol implementation. This can
    be used by remote attackers to inject packets into an
    active session.

  - CVE-2011-3191
    Darren Lavender reported an issue in the Common Internet
    File System (CIFS). A malicious file server could cause
    memory corruption leading to a denial of service.

This update also includes a fix for a regression introduced with the
previous security fix for CVE-2011-1768 (Debian bug #633738)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-4067"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-0712"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-1020"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2209"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2211"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2213"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2484"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2491"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2492"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2495"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2496"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2497"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2525"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2928"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-3188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-3191"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-1768"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2011/dsa-2310"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the linux-2.6 and user-mode-linux packages. These updates will
not become active until after the system is rebooted.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.6.26-26lenny4. Updates for arm and alpha are not yet
available, but will be released as soon as possible. Updates for the
hppa and ia64 architectures will be included in the upcoming 5.0.9
point release.

The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update :

                        Debian 5.0 (lenny)     
  user-mode-linux        2.6.26-1um-2+26lenny4  
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or 'leap-frog' fashion."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/09/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"linux-base", reference:"2.6.26-26lenny4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxlinux-2.6p-cpe:/a:debian:debian_linux:linux-2.6
debiandebian_linux5.0cpe:/o:debian:debian_linux:5.0

References

Related

debian 3
osv 2
openvas 64
securityvulns 4
nessus 44
ubuntu 21
oraclelinux 5
suse 5
redhat 4
centos 1
prion 10
ibm 5
cve 11
veracode 8
amazon 1
seebug 1
ubuntucve 8
f5 2
debian
debian
[SECURITY] [DSA 2310-1] linux-2.6 security update
2011-09-22 22:48:48
[SECURITY] [DSA 2303-1] linux-2.6 security update
2011-09-08 21:31:02
[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression
2011-09-11 02:06:57
osv
osv
linux-2.6 - several issues
2011-09-22 00:00:00
linux-2.6 - several issues
2011-09-10 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2310-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-2303-1)
2023-03-08 00:00:00
Ubuntu Update for linux USN-1246-1
2011-10-31 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression
2011-09-13 00:00:00
[USN-1268-1] Linux kernel vulnerabilities
2011-11-27 00:00:00
Linux kernel security vulnerabilities
2011-09-13 00:00:00
nessus
nessus
Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak
2011-09-09 00:00:00
Ubuntu 11.04 : linux vulnerabilities (USN-1246-1)
2011-10-26 00:00:00
Ubuntu 8.04 LTS : linux vulnerabilities (USN-1225-1)
2011-10-05 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2011-10-25 00:00:00
Linux kernel vulnerabilities
2011-10-04 00:00:00
Linux kernel vulnerabilities
2011-12-03 00:00:00
oraclelinux
oraclelinux
Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update
2011-08-19 00:00:00
Unbreakable Enterprise kernel security and bug fix update
2011-08-24 00:00:00
kernel security, bug fix, and enhancement update
2011-08-23 00:00:00
suse
suse
kernel update for SLE11 SP1 (important)
2011-10-08 01:08:26
Security update for Linux kernel (important)
2011-10-08 01:08:22
denial of service in kernel
2011-10-17 17:58:35
redhat
redhat
(RHSA-2011:1189) Important: kernel security, bug fix, and enhancement update
2011-08-23 00:00:00
(RHSA-2011:1386) Important: kernel security, bug fix, and enhancement update
2011-10-20 00:00:00
(RHSA-2011:1408) Moderate: rhev-hypervisor security update
2011-10-26 00:00:00
centos
centos
kernel security update
2011-10-21 00:31:03
prion
prion
Integer overflow
2012-06-13 10:24:00
Design/Logic Flaw
2012-05-24 23:55:00
Buffer overflow
2011-02-18 20:00:00
ibm
ibm
Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in IBM Storwize V7000 Unified system (CVE-2011-3188)
2018-06-18 00:07:45
Security Bulletin: Flex System Manager (FSM) Denial of Service (CVE-2011-3188)
2019-01-30 08:20:01
Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)
2022-08-20 00:54:31
cve
cve
CVE-2011-3188
2012-05-24 23:55:00
CVE-2011-2209
2012-06-13 10:24:00
CVE-2011-1768
2012-06-13 10:24:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:00:36
Denial Of Service (DoS)
2020-04-10 01:05:14
Man-in-the-Middle (MitM)
2020-04-10 01:07:46
amazon
amazon
Medium: kernel
2011-10-31 18:26:00
seebug
seebug
Linux内核隧道初始化远程拒绝服务漏洞
2011-05-18 00:00:00
ubuntucve
ubuntucve
CVE-2011-2496
2011-10-06 00:00:00
CVE-2011-2484
2011-06-24 00:00:00
CVE-2011-1768
2011-10-06 00:00:00
f5
f5
K15301 : Linux kernel TCP ISN vulnerability CVE-2011-3188
2014-07-25 00:00:00
SOL15301 - Linux kernel TCP ISN vulnerability CVE-2011-3188
2014-06-02 00:00:00
JSON
Related for DEBIAN_DSA-2310.NASL
debian3osv2openvas64securityvulns4nessus44ubuntu21oraclelinux5suse5redhat4centos1prion10ibm5cve11veracode8amazon1seebug1ubuntucve8f52