Vulners
Lucene search
MiracleLinux 3 : kernel-2.6.18-128.13AXS3 (AXSA:2009-433:12)
| Reporter | Title | Published | Views | Family All 303 |
|---|---|---|---|---|
 | Linux Kernel 2.6.x pipe.c Privilege Escalation Exploit | 24 Nov 201600:00 | – | zdt |
 | CentOS 4 : kernel (CESA-2009:1522) | 27 Oct 200900:00 | – | nessus |
| CentOS 4 : kernel (CESA-2009:1541) | 29 Jun 201300:00 | – | nessus |
| CentOS 5 : kernel (CESA-2009:1548) | 29 Jun 201300:00 | – | nessus |
| CentOS 3 : kernel (CESA-2009:1550) | 29 Jun 201300:00 | – | nessus |
| CentOS 4 : kernel (CESA-2009:1671) | 21 Dec 200900:00 | – | nessus |
| Debian DSA-1915-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak | 24 Feb 201000:00 | – | nessus |
| Debian DSA-1927-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak | 24 Feb 201000:00 | – | nessus |
| Debian DSA-1928-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak | 24 Feb 201000:00 | – | nessus |
| Debian DSA-1929-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak | 24 Feb 201000:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2009-433:12.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(284097);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/12");
script_cve_id(
"CVE-2009-2695",
"CVE-2009-2908",
"CVE-2009-3228",
"CVE-2009-3286",
"CVE-2009-3547",
"CVE-2009-3613"
);
script_name(english:"MiracleLinux 3 : kernel-2.6.18-128.13AXS3 (AXSA:2009-433:12)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2009-433:12 advisory.
The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The
kernel handles the basic functions of the operating system: memory allocation, process allocation, device
input and output, etc.
Security bug fixed with this release:
CVE-2009-2695
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and
other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer
dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low
boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes
allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the
CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr
protection mechanism and certain application programs.
CVE-2009-2908
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to
cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that
cause a negative dentry and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary
directory in an eCryptfs mount.
CVE-2009-3228
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before
2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure
members, which might allow local users to obtain sensitive information from kernel memory via unspecified
vectors.
CVE-2009-3286
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an
O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and
possibly allows local users to gain privileges, related to the execution of the do_open_permission
function even when a create fails.
CVE-2009-3547
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a
denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an
anonymous pipe via a /proc/*/fd/ pathname.
CVE-2009-3613
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22
allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using
jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Other fixed bugs:
- removed a warning message that would appear at boot time when HPET is enabled in the BIOS
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/1071");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-2695");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2009-3547");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/28");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '3',
'pkgs': [
{'reference':'kernel-2.6.18-128.13AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-2.6.18-128.13AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-devel-2.6.18-128.13AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-devel-2.6.18-128.13AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-headers-2.6.18-128.13AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-PAE-2.6.18-128.13AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-PAE-devel-2.6.18-128.13AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-xen-2.6.18-128.13AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-xen-2.6.18-128.13AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-xen-devel-2.6.18-128.13AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-xen-devel-2.6.18-128.13AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Feb 2026 00:00Current
8High risk
Vulners AI Score8
CVSS 27.8
CVSS 3.17
EPSS0.05651