MiracleLinux 3 : kernel-2.6.18-128.7AXS3 (AXSA:2009-168:07)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2009-168:07.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284191);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id("CVE-2008-3528", "CVE-2008-5700");

  script_name(english:"MiracleLinux 3 : kernel-2.6.18-128.7AXS3 (AXSA:2009-168:07)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2009-168:07 advisory.

    The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system.  The
    kernel handles the basic functions of the operating system:  memory allocation, process allocation, device
    input and output, etc.
    Fixed bugs:
    CVE-2008-5700
    libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows
    local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous
    invocations of an unspecified test program.
    CVE-2008-3528
    The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c
    in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory
    corruption, which allows physically proximate attackers to cause a denial of service (temporary system
    hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a)
    read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege
    boundaries.
    Other bugs:
    - [fs] proc: avoid info leaks to non-privileged processes
    - [net] tg3: Fix firmware event timeouts
    - [scsi] libiscsi: fix nop response/reply and session cleanup race
    - [misc] compile: add -fwrapv to gcc CFLAGS
    - [misc] random: make get_random_int more random
    - [gfs2] fix uninterruptible quotad sleeping
    - [mm] cow vs gup race fix (Andrea Arcangeli
    - [mm] fork vs gup race fix (Andrea Arcangeli
    - [nfs] fix hangs during heavy write workloads
    - [fs] keep eventpoll from locking up the box
    - [misc] waitpid reports stopped process more than once
    - [ata] libata: ahci enclosure management bios workaround
    - [ia64] fix regression in nanosleep syscall
    - [nfs] race with nfs_access_cache_shrinker() and umount
    - [fs] fix softlockup in posix_locks_deadlock
    - [net] ipv4: remove uneeded bh_lock/unlock from udp_rcv
    - [scsi] qla2xxx: reduce DID_BUS_BUSY failover errors
    - [net] ixgbe: stop double counting frames and bytes
    - [xen] x86: update the earlier APERF/MPERF patch
    - [xen] x86: fix dom0 panic when using dom0_max_vcpus
    - [net] fix oops when using openswan
    - [x86] NONSTOP_TSC in tsc clocksource
    - [ppc] keyboard not recognized on bare metal
    - [xen] x86: silence WRMSR warnings
    - [dlm] fix length calculation in compat code
    - [nfs] fix hung clients from deadlock in flush_workqueue
    - [ia64] use current_kernel_time/xtime in hrtimer_start()
    - [net] bonding: fix arp_validate=3 slaves behaviour
    - [net] enic: return notify intr credits
    - [input] wacom: 12x12 problem while using lens cursor
    - [net] ehea: improve behaviour in low mem conditions (AMEET M. PARANJAPE ) [487035 483148]
    - [x86] add nonstop_tsc flag in /proc/cpuinfo
    - [x86_64] mce: do not clear an unrecoverable error status
    - [wireless] iwlwifi: booting with RF-kill switch enabled
    - [misc] signal: modify locking to handle large loads
    - [x86] TSC keeps running in C3+
    - [x86] limit max_cstate to use TSC on some platforms
    - [ptrace] correctly handle ptrace_update return value
    - [firmware] dell_rbu: prevent oops
    - [gfs2] panic in debugfs_remove when unmounting
    - [scsi] libata: sas_ata fixup sas_sata_ops
    - [qla2xxx] correct endianness during flash manipulation
    - [net] ixgbe: frame reception and ring parameter issues
    - [misc] fix memory leak during pipe failure
    - [nfs] handle attribute timeout and u32 jiffies wrap
    - [net] deadlock in Hierarchical token bucket scheduler
    - [wireless] iwl: fix BUG_ON in driver
    - [sched] fix clock_gettime monotonicity
    - [nfs] create rpc clients with proper auth flavor
    - [md] fix oops with device-mapper mirror target
    - [openib] restore traffic in connected mode on HCA
    - [x86_64] copy_user_c assembler can leave garbage in rsi
    - [misc] setpgid returns ESRCH in some situations
    - [s390] zfcp: fix hexdump data in s390dbf traces
    - Added EDAC support for MCH 3200/3210
    - ACPI SRAT on x86: added support for nodes spanning other nodes. Example of fixed bug: for sytems with
    the following NUMA topology, the system would not boot: 8 GB memory spread beween 2 nodes:
      node 0: 0-2GB, 4-6GB
      node 1: 2-4GB, 6-8GB
    - updated OCFS2 from 1.2.8 to 1.4.7.
    - updated the e1000e driver to version 0.5.18.3.
    - the CPUID driver now supports cpuid.4 and cpuid.0xb instruments
    - added proper support for megaraid sas tape: the erase command for SAS (megaraid_sas) tape would return
    input/output error.
    - Added support for Nehalem to keep TSC running even in C3/C4 states.
    - the igb has been updated to version 1.3.8.6.
    - the ioatdma/dca driver has been updated to version 3.61
    - fixed the following problem: loading multiple instances of the cpufreq driver could corrupt the driver
    data structure.
    - added support for Intel AES-NI instructions on x86_64 platform
    - added support for Toshiba afxxxc RAID driver
    - when using kexec to boot another kernel, the network did not start (the igb driver would not work).
    - fixed a problem with hugepages that would cause the machine to reboot.
    - when KVM was loaded, the system would hang after echo c > /proc/sysrq-trigger
    - afxxxc source code has been cleaned up.
    - the e1000e network driver now works when a second kernel is loaded with kexec.
    - the ixgbe driver support has been added.
    - changed the format of /proc/net/IPv6_route.
    - fixed a problem with modprobe ioatdma that would trigger kernel panic.
    - the writeback cache of the afxxxc driver can be enabled.
    - fixed a problem with the ocfs2 kernel module.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/806");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-3528");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2008-5700");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/08/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'kernel-2.6.18-128.7AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-2.6.18-128.7AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.18-128.7AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.18-128.7AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-headers-2.6.18-128.7AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-PAE-2.6.18-128.7AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-PAE-devel-2.6.18-128.7AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-2.6.18-128.7AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-2.6.18-128.7AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-devel-2.6.18-128.7AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-devel-2.6.18-128.7AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / etc');
}