MiracleLinux 3 : kernel-2.6.18-53.16AXS3 (AXSA:2008-531:11)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 3 kernel packages have multiple vulnerabilities per AXSA 2008-531-11.

Reporter	Title	Published	Views	Family All 187
Tenable Nessus	CentOS 5 : kernel (CESA-2008:0957)	6 Jan 201000:00	–	nessus
Tenable Nessus	CentOS 4 : kernel (CESA-2008:0972)	23 Apr 200900:00	–	nessus
Tenable Nessus	CentOS 3 : kernel (CESA-2008:0973)	17 Dec 200800:00	–	nessus
Tenable Nessus	Debian DSA-1636-1 : linux-2.6.24 - denial of service/information leak	12 Sep 200800:00	–	nessus
Tenable Nessus	Debian DSA-1653-1 : linux-2.6 - denial of service/privilege escalation	14 Oct 200800:00	–	nessus
Tenable Nessus	Debian DSA-1687-1 : linux-2.6 - denial of service/privilege escalation	16 Dec 200800:00	–	nessus
Tenable Nessus	Oracle Linux 5 : kernel (ELSA-2008-0957)	12 Jul 201300:00	–	nessus
Tenable Nessus	Oracle Linux 4 : kernel (ELSA-2008-0972)	12 Jul 201300:00	–	nessus
Tenable Nessus	Oracle Linux 3 : kernel (ELSA-2008-0973)	12 Jul 201300:00	–	nessus
Tenable Nessus	Oracle Linux 5 : Oracle / Enterprise / Linux / 5.3 / kernel (ELSA-2009-0225)	7 Sep 202300:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/627
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2008-531:11.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284413);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/12");

  script_cve_id(
    "CVE-2008-2372",
    "CVE-2008-3276",
    "CVE-2008-3527",
    "CVE-2008-3833",
    "CVE-2008-4210",
    "CVE-2008-4302"
  );

  script_name(english:"MiracleLinux 3 : kernel-2.6.18-53.16AXS3 (AXSA:2008-531:11)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2008-531:11 advisory.

    The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system.  The
    kernel handles the basic functions of the operating system:  memory allocation, process allocation, device
    input and output, etc.
    Fixed bugs
    CVE-2008-2372
    The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory
    consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE
    optimization and results in allocation of useless newly zeroed pages.
    CVE-2008-3276
    Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion
    Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers
    to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options
    without at least one byte in the dccpsf_val field.
    CVE-2008-3527
    arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux
    kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or
    cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and
    syscall32_nopage functions.
    CVE-2008-3833
    The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly
    strip setuid and setgid bits when there is a write to a file, which allows local users to gain the
    privileges of a different group, and obtain sensitive information or possibly have unspecified other
    impact, by splicing into an inode in order to create an executable file in a setgid directory, a different
    vulnerability than CVE-2008-4210.
    CVE-2008-4210
    fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a
    write to a file, which allows local users to gain the privileges of a different group, and obtain
    sensitive information or possibly have unspecified other impact, by creating an executable file in a
    setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
    CVE-2008-4302
    fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure
    of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked,
    which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by
    the fio I/O tool.
    Bug fixed:
     - process's coredump did not include POSIX shared memory in AXS3
     - added MTD map driver for ATCA-7221 (blade-type single board computer by Motorola for telecom
    equipment).

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/627");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-3833");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2008-4302");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/12/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'kernel-2.6.18-53.16AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-2.6.18-53.16AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.18-53.16AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.18-53.16AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-headers-2.6.18-53.16AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-PAE-2.6.18-53.16AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-PAE-devel-2.6.18-53.16AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-2.6.18-53.16AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-2.6.18-53.16AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-devel-2.6.18-53.16AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-devel-2.6.18-53.16AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / etc');
}

12 Feb 2026 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 27.1

CVSS 3.15.5

EPSS0.113