Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.DEBIAN_DSA-336.NASL
HistorySep 29, 2004 - 12:00 a.m.

Debian DSA-336-1 : linux-kernel-2.2.20 - several vulnerabilities

2004-09-2900:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
25
JSON

A number of vulnerabilities have been discovered in the Linux kernel.

  • CAN-2002-1380: Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.

  • CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall)

  • CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets

  • CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel

  • CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain

  • CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.

  • CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (‘kernel oops’)

  • CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.

  • CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions

This advisory provides updated 2.2.20 kernel source, and binary kernel images for the i386 architecture. Other architectures and kernel versions will be covered by separate advisories.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-336. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15173);
  script_version("1.29");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2002-0429", "CVE-2002-1380", "CVE-2003-0001", "CVE-2003-0127", "CVE-2003-0244", "CVE-2003-0246", "CVE-2003-0247", "CVE-2003-0248", "CVE-2003-0364");
  script_bugtraq_id(4259, 6420, 6535, 7112, 7600, 7601, 7791, 7793, 7797);
  script_xref(name:"DSA", value:"336");

  script_name(english:"Debian DSA-336-1 : linux-kernel-2.2.20 - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities have been discovered in the Linux kernel.

  - CAN-2002-1380: Linux kernel 2.2.x allows local users to
    cause a denial of service (crash) by using the mmap()
    function with a PROT_READ parameter to access
    non-readable memory pages through the /proc/pid/mem
    interface.
  - CVE-2002-0429: The iBCS routines in
    arch/i386/kernel/traps.c for Linux kernels 2.4.18 and
    earlier on x86 systems allow local users to kill
    arbitrary processes via a binary compatibility interface
    (lcall)

  - CAN-2003-0001: Multiple ethernet Network Interface Card
    (NIC) device drivers do not pad frames with null bytes,
    which allows remote attackers to obtain information from
    previous packets or kernel memory by using malformed
    packets

  - CAN-2003-0127: The kernel module loader allows local
    users to gain root privileges by using ptrace to attach
    to a child process that is spawned by the kernel

  - CAN-2003-0244: The route cache implementation in Linux
    2.4, and the Netfilter IP conntrack module, allows
    remote attackers to cause a denial of service (CPU
    consumption) via packets with forged source addresses
    that cause a large number of hash table collisions
    related to the PREROUTING chain

  - CAN-2003-0246: The ioperm system call in Linux kernel
    2.4.20 and earlier does not properly restrict
    privileges, which allows local users to gain read or
    write access to certain I/O ports.

  - CAN-2003-0247: vulnerability in the TTY layer of the
    Linux kernel 2.4 allows attackers to cause a denial of
    service ('kernel oops')

  - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows
    attackers to modify CPU state registers via a malformed
    address.

  - CAN-2003-0364: The TCP/IP fragment reassembly handling
    in the Linux kernel 2.4 allows remote attackers to cause
    a denial of service (CPU consumption) via certain
    packets that cause a large number of hash table
    collisions

This advisory provides updated 2.2.20 kernel source, and binary kernel
images for the i386 architecture. Other architectures and kernel
versions will be covered by separate advisories."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2003/dsa-336"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"For the stable distribution (woody) on the i386 architecture, these
problems have been fixed in kernel-source-2.2.20 version
2.2.20-5woody2 and kernel-image-i386 version 2.2.20-5woody3.

We recommend that you update your kernel packages.

NOTE: A system reboot will be required immediately after the upgrade
in order to replace the running kernel. Remember to read carefully and
follow the instructions given during the kernel upgrade process.

NOTE: These kernels are not binary-compatible with the previous
version. Any loadable modules will need to be recompiled in order to
work with the new kernel."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-2.2.20-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-source-2.2.20");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/06/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"kernel-doc-2.2.20", reference:"2.2.20-5woody2")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.2.20", reference:"2.2.20-5woody3")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.2.20-compact", reference:"2.2.20-5woody3")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-headers-2.2.20-idepci", reference:"2.2.20-5woody3")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.2.20", reference:"2.2.20-5woody3")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.2.20-compact", reference:"2.2.20-5woody3")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-image-2.2.20-idepci", reference:"2.2.20-5woody3")) flag++;
if (deb_check(release:"3.0", prefix:"kernel-source-2.2.20", reference:"2.2.20-5woody2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxkernel-image-2.2.20-i386p-cpe:/a:debian:debian_linux:kernel-image-2.2.20-i386
debiandebian_linuxkernel-source-2.2.20p-cpe:/a:debian:debian_linux:kernel-source-2.2.20
debiandebian_linux3.0cpe:/o:debian:debian_linux:3.0

Related

osv 9
openvas 22
nessus 28
debian 15
securityvulns 9
redhat 5
cert 2
f5 2
ubuntucve 5
cve 14
saint 4
suse 1
slackware 1
exploitpack 3
seebug 4
packetstorm 2
exploitdb 3
paloalto 1
prion 4
oracle 1
osv
osv
linux-kernel-2.2.20 - several vulnerabilities
2003-06-29 00:00:00
linux-kernel-2.4.18 - several vulnerabilities
2003-06-08 00:00:00
kernel-patch-2.4.18-powerpc - several vulnerabilities
2003-06-09 00:00:00
openvas
openvas
Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)
2008-01-17 00:00:00
Debian Security Advisory DSA 311-1 (kernel)
2008-01-17 00:00:00
Debian Security Advisory DSA 311-1 (kernel)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-311-1 : linux-kernel-2.4.18 - several vulnerabilities
2004-09-29 00:00:00
Debian DSA-332-1 : linux-kernel-2.4.17 - several vulnerabilities
2004-09-29 00:00:00
Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities
2004-09-29 00:00:00
debian
debian
[SECURITY] [DSA-312-1] New powerpc kernel fixes several vulnerabilities
2003-06-10 03:42:32
[SECURITY] [DSA-332-1] New Linux 2.4.17 source code and MIPS kernel images fix several vulnerabilities
2003-06-29 01:44:01
[SECURITY] [DSA-311-1] New kernel packages fix several vulnerabilities
2003-06-09 01:26:02
securityvulns
securityvulns
MDKSA-2003:066 - Updated kernel packages fix multiple vulnerabilities
2003-06-21 00:00:00
[ESA-20030318-009] Several &#39;kernel&#39; vulnerabilities
2003-03-19 00:00:00
[RHSA-2003:172-00] Updated 2.4 kernel fixes security vulnerabilities and various bugs
2003-05-15 00:00:00
redhat
redhat
(RHSA-2003:195) kernel security update
2003-06-19 00:00:00
(RHSA-2003:147) kernel security update
2003-05-29 00:00:00
(RHSA-2003:145) Updated kernel fixes security vulnerabilities and updates drivers
2003-05-27 00:00:00
cert
cert
ptrace contains vulnerability allowing for local root compromise
2004-04-16 00:00:00
Network device drivers reuse old frame buffer data to pad packets
2003-01-06 00:00:00
f5
f5
SOL2591 - Linux kernel vulnerabilities - CAN-2003-0244, CAN-2003-0246
2007-05-16 00:00:00
Linux kernel vulnerabilities CAN-2003-0244 and CAN-2003-0246
2007-05-17 04:00:00
ubuntucve
ubuntucve
CVE-2003-0246
2003-06-16 00:00:00
CVE-2003-0127
2003-03-31 00:00:00
CVE-2003-0244
2003-05-27 00:00:00
cve
cve
CVE-2003-0246
2003-06-16 04:00:00
CVE-2003-0364
2003-06-16 04:00:00
CVE-2003-0244
2003-05-27 04:00:00
saint
saint
Linux kernel ptrace privilege elevation vulnerability
2007-06-27 00:00:00
Linux kernel ptrace privilege elevation vulnerability
2007-06-27 00:00:00
Linux kernel ptrace privilege elevation vulnerability
2007-06-27 00:00:00
suse
suse
local privilege escalation in kernel
2003-03-25 17:27:05
slackware
slackware
2.4.21 kernels available
2003-06-17 22:01:21
exploitpack
exploitpack
Ethernet Device Drivers Frame Padding - Etherleak Infomation Leakage
2007-03-23 00:00:00
Cisco ASA 8.4.4.6 8.2.5.32 - Ethernet Information Leak
2013-06-10 00:00:00
Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
2007-03-23 00:00:00
seebug
seebug
Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure
2014-07-01 00:00:00
Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak
2014-07-01 00:00:00
Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)
2014-07-01 00:00:00
packetstorm
packetstorm
etherleak.txt
2007-03-24 00:00:00
Cisco ASA Ethernet Information Leak
2013-06-10 00:00:00
exploitdb
exploitdb
Cisco ASA &lt; 8.4.4.6 &lt; 8.2.5.32 - Ethernet Information Leak
2013-06-10 00:00:00
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
2007-03-23 00:00:00
Ethernet Device Drivers Frame Padding - &#039;Etherleak&#039; Infomation Leakage
2007-03-23 00:00:00
paloalto
paloalto
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
2021-01-13 17:00:00
prion
prion
Design/Logic Flaw
2018-01-10 22:29:00
Information disclosure
2021-01-13 18:15:00
Code injection
2022-07-20 15:15:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
JSON
Related for DEBIAN_DSA-336.NASL
osv9openvas22nessus28debian15securityvulns9redhat5cert2f52ubuntucve5cve14saint4suse1slackware1exploitpack3seebug4packetstorm2exploitdb3paloalto1prion4oracle1