Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2004-062.NASLHistoryJul 31, 2004 - 12:00 a.m.
Mandrake Linux Security Advisory : kernel (MDKSA-2004:062)
2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
21
A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and earlier was discovered by Chris Wright. The e1000 driver does not properly reset memory or restrict the maximum length of a data structure, which can allow a local user to read portions of kernel memory (CVE-2004-0535).
A vulnerability was also discovered in the kernel were a certain C program would trigger a floating point exception that would crash the kernel. This vulnerability can only be triggered locally by users with shell access (CVE-2004-0554).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2004:062.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14161);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2004-0535", "CVE-2004-0554");
script_xref(name:"CERT", value:"973654");
script_xref(name:"MDKSA", value:"2004:062");
script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2004:062)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and
earlier was discovered by Chris Wright. The e1000 driver does not
properly reset memory or restrict the maximum length of a data
structure, which can allow a local user to read portions of kernel
memory (CVE-2004-0535).
A vulnerability was also discovered in the kernel were a certain C
program would trigger a floating point exception that would crash the
kernel. This vulnerability can only be triggered locally by users with
shell access (CVE-2004-0554)."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.4.21.0.31mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.4.22.35mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.4.25.6mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.3.14mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.21.0.31mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.22.35mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.25.6mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.3.14mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.4.22.35mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.4.25.6mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.3.14mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-p3-smp-64GB-2.4.22.35mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-p3-smp-64GB-2.4.25.6mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-p3-smp-64GB-2.6.3.14mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure-2.4.21.0.31mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure-2.4.22.35mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-secure-2.6.3.14mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.4.21.0.31mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.4.22.35mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.4.25.6mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-smp-2.6.3.14mdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-stripped");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");
script_set_attribute(attribute:"patch_publication_date", value:"2004/06/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK10.0", reference:"kernel-2.4.25.6mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"kernel-2.6.3.14mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-enterprise-2.4.25.6mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-enterprise-2.6.3.14mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.4.25.6mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-i686-up-4GB-2.6.3.14mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-p3-smp-64GB-2.4.25.6mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"kernel-p3-smp-64GB-2.6.3.14mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"kernel-secure-2.6.3.14mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"kernel-smp-2.4.25.6mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"kernel-smp-2.6.3.14mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"kernel-source-2.4.25-6mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"kernel-source-stripped-2.6.3-14mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-2.4.21.0.31mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-enterprise-2.4.21.0.31mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-secure-2.4.21.0.31mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-smp-2.4.21.0.31mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kernel-source-2.4.21-0.31mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", reference:"kernel-2.4.22.35mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"kernel-enterprise-2.4.22.35mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"kernel-i686-up-4GB-2.4.22.35mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"kernel-p3-smp-64GB-2.4.22.35mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", reference:"kernel-secure-2.4.22.35mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", reference:"kernel-smp-2.4.22.35mdk-1-1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", reference:"kernel-source-2.4.22-35mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | kernel-2.4.21.0.31mdk | p-cpe:/a:mandriva:linux:kernel-2.4.21.0.31mdk |
| mandriva | linux | kernel-2.4.22.35mdk | p-cpe:/a:mandriva:linux:kernel-2.4.22.35mdk |
| mandriva | linux | kernel-2.4.25.6mdk | p-cpe:/a:mandriva:linux:kernel-2.4.25.6mdk |
| mandriva | linux | kernel-2.6.3.14mdk | p-cpe:/a:mandriva:linux:kernel-2.6.3.14mdk |
| mandriva | linux | kernel-enterprise-2.4.21.0.31mdk | p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.21.0.31mdk |
| mandriva | linux | kernel-enterprise-2.4.22.35mdk | p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.22.35mdk |
| mandriva | linux | kernel-enterprise-2.4.25.6mdk | p-cpe:/a:mandriva:linux:kernel-enterprise-2.4.25.6mdk |
| mandriva | linux | kernel-enterprise-2.6.3.14mdk | p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.3.14mdk |
| mandriva | linux | kernel-i686-up-4gb-2.4.22.35mdk | p-cpe:/a:mandriva:linux:kernel-i686-up-4gb-2.4.22.35mdk |
| mandriva | linux | kernel-i686-up-4gb-2.4.25.6mdk | p-cpe:/a:mandriva:linux:kernel-i686-up-4gb-2.4.25.6mdk |
Related
nessus
nessus
Fedora Core 1 : kernel-2.4.22-1.2194.nptl (2004-186)
2004-07-23 00:00:00
SuSE-SA:2004:017: kernel
2004-07-25 00:00:00
Slackware 8.1 / 9.0 / 9.1 / current : kernel DoS (SSA:2004-167-01)
2005-07-13 00:00:00
cve
cve
CVE-2004-0535
2004-08-06 04:00:00
CVE-2004-0554
2004-08-06 04:00:00
ubuntucve
ubuntucve
CVE-2004-0535
2004-08-06 00:00:00
CVE-2004-0554
2004-08-06 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2004-167-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2004-167-01 kernel DoS
2012-09-11 00:00:00
Gentoo Security Advisory GLSA 200407-02 (Kernel)
2008-09-24 00:00:00
slackware
slackware
kernel DoS
2004-06-15 10:53:26
cert
cert
redhat
redhat
(RHSA-2004:260) kernel security update
2004-06-18 00:00:00
(RHSA-2004:418) kernel security update
2004-08-03 00:00:00
(RHSA-2004:255) kernel security update
2004-06-17 00:00:00
securityvulns
securityvulns
SUSE Security Announcement: kernel (SuSE-SA:2004:017)
2004-06-18 00:00:00
SUSE Security Announcement: kernel (SUSE-SA:2004:020)
2004-07-03 00:00:00
suse
suse
local denial-of-service attack in kernel
2004-06-16 14:13:55
local privilege escalation in kernel
2004-07-02 16:38:51
gentoo
gentoo
Linux Kernel: Multiple vulnerabilities
2004-07-03 00:00:00
osv
osv
kernel-source-2.4.18 - several
2006-05-20 00:00:00
kernel-source-2.4.19 - several vulnerabilities
2006-05-21 00:00:00
kernel-source-2.4.17 - several vulnerabilities
2006-05-29 00:00:00
debian
debian
Related for MANDRAKE_MDKSA-2004-062.NASL