Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 Tenable Network Security, Inc.FEDORA_2005-313.NASL
HistorySep 12, 2005 - 12:00 a.m.

Fedora Core 3 : kernel-2.6.11-1.14_FC3 (2005-313)

2005-09-1200:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
19

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.057 Low

EPSS

Percentile

93.4%

JSON

This update rebases the kernel to the latest upstream stable release, which fixes a number of security issues. Notably :

  • CVE-2005-0210 : dst leak

    • CVE-2005-0384 : ppp dos

    • CVE-2005-0531 : Sign handling issues.

    • CVE-2005-0400 : EXT2 information leak.

    • CVE-2005-0449 : Remote oops.

    • CVE-2005-0736 : Epoll overflow

    • CVE-2005-0749 : ELF loader may kfree wrong memory.

    • CVE-2005-0750 : Missing range checking in bluetooth

    • CVE-2005-0767 : drm race in radeon

    • CVE-2005-0815 : Corrupt isofs images could cause oops

Additionally, a large number of improvements have come from the 2.6.10
-> 2.6.11 transition.

This update requires you are running the latest udev package, and also (if you are using SELinux) the latest selinux policy packages.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2005-313.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19648);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_xref(name:"FEDORA", value:"2005-313");

  script_name(english:"Fedora Core 3 : kernel-2.6.11-1.14_FC3 (2005-313)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora Core host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update rebases the kernel to the latest upstream stable release,
which fixes a number of security issues. Notably :

  - CVE-2005-0210 : dst leak

    - CVE-2005-0384 : ppp dos

    - CVE-2005-0531 : Sign handling issues.

    - CVE-2005-0400 : EXT2 information leak.

    - CVE-2005-0449 : Remote oops.

    - CVE-2005-0736 : Epoll overflow

    - CVE-2005-0749 : ELF loader may kfree wrong memory.

    - CVE-2005-0750 : Missing range checking in bluetooth

    - CVE-2005-0767 : drm race in radeon

    - CVE-2005-0815 : Corrupt isofs images could cause oops

Additionally, a large number of improvements have come from the 2.6.10
-> 2.6.11 transition.

This update requires you are running the latest udev package, and also
(if you are using SELinux) the latest selinux policy packages.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/announce/2005-April/000853.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4dbf8e72"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC3", reference:"kernel-2.6.11-1.14_FC3")) flag++;
if (rpm_check(release:"FC3", reference:"kernel-debuginfo-2.6.11-1.14_FC3")) flag++;
if (rpm_check(release:"FC3", reference:"kernel-doc-2.6.11-1.14_FC3")) flag++;
if (rpm_check(release:"FC3", reference:"kernel-smp-2.6.11-1.14_FC3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-doc / kernel-smp");
}
VendorProductVersionCPE
fedoraprojectfedorakernelp-cpe:/a:fedoraproject:fedora:kernel
fedoraprojectfedorakernel-debuginfop-cpe:/a:fedoraproject:fedora:kernel-debuginfo
fedoraprojectfedorakernel-docp-cpe:/a:fedoraproject:fedora:kernel-doc
fedoraprojectfedorakernel-smpp-cpe:/a:fedoraproject:fedora:kernel-smp
fedoraprojectfedora_core3cpe:/o:fedoraproject:fedora_core:3

Related

nessus 24
ubuntu 2
centos 6
openvas 19
redhat 9
securityvulns 5
nvd 11
ubuntucve 10
cvelist 10
cve 11
exploitdb 2
suse 3
cert 1
debian 10
osv 6
nessus
nessus
Fedora Core 2 : kernel-2.6.10-1.771_FC2 (2005-262)
2005-05-19 00:00:00
Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-103-1)
2006-01-15 00:00:00
RHEL 4 : kernel (RHSA-2005:366)
2005-04-19 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2005-04-01 00:00:00
Linux kernel vulnerabilities
2005-03-15 00:00:00
centos
centos
kernel security update
2005-04-20 01:47:21
kernel security update
2005-04-29 05:42:41
kernel security update
2005-04-22 21:54:37
openvas
openvas
Ubuntu: Security Advisory (USN-103-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-95-1)
2022-08-26 00:00:00
SLES9: Security update for kernel
2009-10-10 00:00:00
redhat
redhat
(RHSA-2005:366) kernel security update
2005-04-19 00:00:00
(RHSA-2005:283) kernel security update
2005-04-28 00:00:00
(RHSA-2005:284) kernel security update
2005-04-28 00:00:00
securityvulns
securityvulns
[CLA-2005:945] Conectiva Security Announcement - kernel
2005-04-01 00:00:00
Information leak in the Linux kernel ext2 implementation
2005-04-03 00:00:00
local root security bug in linux &gt;= 2.4.6 &lt;= 2.4.30-rc1 and 2.6.x.y &lt;= 2.6.11.5
2005-03-28 00:00:00
nvd
nvd
CVE-2005-0384
2005-03-15 05:00:00
CVE-2005-0400
2005-05-02 04:00:00
CVE-2005-0531
2005-05-02 04:00:00
ubuntucve
ubuntucve
CVE-2005-0531
2005-05-02 00:00:00
CVE-2005-0736
2005-03-09 00:00:00
CVE-2005-0400
2005-05-02 00:00:00
cvelist
cvelist
CVE-2005-0400
2005-04-05 04:00:00
CVE-2005-0384
2005-03-18 05:00:00
CVE-2005-0531
2005-02-24 05:00:00
cve
cve
CVE-2005-0384
2005-03-18 05:00:00
CVE-2005-0531
2005-05-02 04:00:00
CVE-2005-0750
2005-04-03 05:00:00
exploitdb
exploitdb
Linux Kernel 2.6.x - SYS_EPoll_Wait Local Integer Overflow Vulnerability 2
2005-03-09 00:00:00
Linux Kernel 2.4.x/2.6.x - Bluetooth Signed Buffer Index Vulnerability 4
2005-10-24 00:00:00
suse
suse
local privilege escalation in kernel
2005-06-09 11:10:38
local privilege escalation in kernel
2005-04-05 07:25:34
remote denial of service in kernel
2005-03-24 16:30:19
cert
cert
Linux kernel Bluetooth support fails to properly bounds check "protocol" variable
2005-04-05 00:00:00
debian
debian
[SECURITY] [DSA 1018-1] New Linux kernel 2.4.27 packages fix several vulnerabilities
2006-03-24 06:47:40
[SECURITY] [DSA 1018-1] New Linux kernel 2.4.27 packages fix several vulnerabilities
2006-03-24 06:47:40
[SECURITY] [DSA 1018-2] New Linux kernel 2.4.27 packages fix several vulnerabilities
2006-04-05 07:45:22
osv
osv
kernel-source-2.4.27 - several
2006-03-24 00:00:00
kernel-source-2.4.19 - several vulnerabilities
2006-05-21 00:00:00
kernel-source-2.4.18 - several
2006-05-20 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.057 Low

EPSS

Percentile

93.4%

JSON
Related for FEDORA_2005-313.NASL
nessus24ubuntu2centos6openvas19redhat9securityvulns5nvd11ubuntucve10cvelist10cve11exploitdb2suse3cert1debian10osv6