Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2007-226.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Mandrake Linux Security Advisory : kernel (MDKSA-2007:226)

2009-04-2300:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
9

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.072 Low

EPSS

Percentile

94.1%

JSON

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :

The tcp_sacktag_write_queue function in the Linux kernel 2.6.21 through 2.6.23.7 allows remote attackers to cause a denial of service via crafted ACK responses that trigger a NULL pointer dereference (CVE-2007-5501).

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2007:226. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(37602);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-5501");
  script_xref(name:"MDKSA", value:"2007:226");

  script_name(english:"Mandrake Linux Security Advisory : kernel (MDKSA-2007:226)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel :

The tcp_sacktag_write_queue function in the Linux kernel 2.6.21
through 2.6.23.7 allows remote attackers to cause a denial of service
via crafted ACK responses that trigger a NULL pointer dereference
(CVE-2007-5501).

To update your kernel, please follow the directions located at :

http://www.mandriva.com/en/security/kernelupdate"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-desktop586-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-laptop-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-laptop-devel-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-laptop-devel-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-laptop-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-2.6.22.9-2mdv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source-latest");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.0", reference:"kernel-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-desktop-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-desktop-devel-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-desktop-devel-latest-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-desktop-latest-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"kernel-desktop586-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"kernel-desktop586-devel-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"kernel-desktop586-devel-latest-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"kernel-desktop586-latest-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-doc-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-laptop-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-laptop-devel-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-laptop-devel-latest-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-laptop-latest-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-server-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-server-devel-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-server-devel-latest-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-server-latest-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-source-2.6.22.9-2mdv-1-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"kernel-source-latest-2.6.22.9-2mdv2008.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxkernel-desktop586-2.6.22.9-2mdvp-cpe:/a:mandriva:linux:kernel-desktop586-2.6.22.9-2mdv
mandrivalinuxkernel-desktop586-devel-2.6.22.9-2mdvp-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.22.9-2mdv
mandrivalinuxkernel-desktop586-devel-latestp-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest
mandrivalinuxkernel-desktop586-latestp-cpe:/a:mandriva:linux:kernel-desktop586-latest
mandrivalinuxkernel-docp-cpe:/a:mandriva:linux:kernel-doc
mandrivalinuxkernel-laptop-2.6.22.9-2mdvp-cpe:/a:mandriva:linux:kernel-laptop-2.6.22.9-2mdv
mandrivalinuxkernel-laptop-devel-2.6.22.9-2mdvp-cpe:/a:mandriva:linux:kernel-laptop-devel-2.6.22.9-2mdv
mandrivalinuxkernel-laptop-devel-latestp-cpe:/a:mandriva:linux:kernel-laptop-devel-latest
mandrivalinuxkernel-laptop-latestp-cpe:/a:mandriva:linux:kernel-laptop-latest
mandrivalinuxkernel-server-2.6.22.9-2mdvp-cpe:/a:mandriva:linux:kernel-server-2.6.22.9-2mdv
Rows per page:
1-10 of 211

Related

ubuntucve 1
cvelist 1
prion 1
nvd 1
cve 1
redhatcve 1
nessus 7
fedora 3
openvas 14
suse 2
ubuntu 2
ubuntucve
ubuntucve
CVE-2007-5501
2007-11-15 00:00:00
cvelist
cvelist
CVE-2007-5501
2007-11-15 20:00:00
prion
prion
Null pointer dereference
2007-11-15 20:46:00
nvd
nvd
CVE-2007-5501
2007-11-15 20:46:00
cve
cve
CVE-2007-5501
2007-11-15 20:46:00
redhatcve
redhatcve
CVE-2007-5501
2015-10-30 10:01:00
nessus
nessus
Fedora 7 : kernel-2.6.23.8-34.fc7 (2007-3751)
2007-12-11 00:00:00
Fedora Core 6 : kernel-2.6.22.14-72.fc6 (2007-759)
2007-12-11 00:00:00
Fedora 8 : kernel-2.6.23.8-63.fc8 (2007-3837)
2007-12-04 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: kernel-2.6.23.8-63.fc8
2007-12-03 17:05:46
[SECURITY] Fedora Core 6 Update: kernel-2.6.22.14-72.fc6
2007-12-07 18:06:29
[SECURITY] Fedora 7 Update: kernel-2.6.23.8-34.fc7
2007-12-07 18:25:56
openvas
openvas
Fedora Update for kernel FEDORA-2007-3837
2009-02-27 00:00:00
Fedora Update for kernel FEDORA-2007-3751
2009-02-27 00:00:00
Fedora Update for kernel FEDORA-2007-3751
2009-02-27 00:00:00
suse
suse
remote denial of service in kernel
2007-12-03 17:05:19
local privilege escalation in kernel-rt
2008-03-06 17:51:13
ubuntu
ubuntu
Linux kernel vulnerabilities
2007-12-19 00:00:00
Linux kernel vulnerabilities
2008-02-04 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.072 Low

EPSS

Percentile

94.1%

JSON
Related for MANDRAKE_MDKSA-2007-226.NASL
ubuntucve1cvelist1prion1nvd1cve1redhatcve1nessus7fedora3openvas14suse2ubuntu2