Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2006-0710.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 3 : kernel (ELSA-2006-0710)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

From Red Hat Security Advisory 2006:0710 :

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available.

This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described below :

  • a flaw in the IPC shared-memory implementation that allowed a local user to cause a denial of service (deadlock) that resulted in freezing the system (CVE-2006-4342, Important)

  • an information leak in the copy_from_user() implementation on s390 and s390x platforms that allowed a local user to read arbitrary kernel memory (CVE-2006-5174, Important)

  • a flaw in the ATM subsystem affecting systems with installed ATM hardware and configured ATM support that allowed a remote user to cause a denial of service (panic) by accessing socket buffer memory after it has been freed (CVE-2006-4997, Moderate)

  • a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via ‘…\’ sequences (CVE-2006-1864, Moderate)

  • a flaw in the mprotect system call that allowed enabling write permission for a read-only attachment of shared memory (CVE-2006-2071, Moderate)

  • a flaw in the DVD handling of the CDROM driver that could be used together with a custom built USB device to gain root privileges (CVE-2006-2935, Moderate)

In addition to the security issues described above, a bug fix for a clock skew problem (which could lead to unintended keyboard repeat under X11) was also included. The problem only occurred when running the 32-bit x86 kernel on 64-bit dual-core x86_64 hardware.

Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2006:0710 and 
# Oracle Linux Security Advisory ELSA-2006-0710 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67413);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/08/24");

  script_cve_id("CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2935", "CVE-2006-4342", "CVE-2006-4997", "CVE-2006-5174");
  script_xref(name:"RHSA", value:"2006:0710");

  script_name(english:"Oracle Linux 3 : kernel (ELSA-2006-0710)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2006:0710 :

Updated kernel packages that fix several security issues in the Red
Hat Enterprise Linux 3 kernel are now available.

This security advisory has been rated as having important security
impact by the Red Hat Security Response Team.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below :

* a flaw in the IPC shared-memory implementation that allowed a local
user to cause a denial of service (deadlock) that resulted in freezing
the system (CVE-2006-4342, Important)

* an information leak in the copy_from_user() implementation on s390
and s390x platforms that allowed a local user to read arbitrary kernel
memory (CVE-2006-5174, Important)

* a flaw in the ATM subsystem affecting systems with installed ATM
hardware and configured ATM support that allowed a remote user to
cause a denial of service (panic) by accessing socket buffer memory
after it has been freed (CVE-2006-4997, Moderate)

* a directory traversal vulnerability in smbfs that allowed a local
user to escape chroot restrictions for an SMB-mounted filesystem via
'..\\' sequences (CVE-2006-1864, Moderate)

* a flaw in the mprotect system call that allowed enabling write
permission for a read-only attachment of shared memory (CVE-2006-2071,
Moderate)

* a flaw in the DVD handling of the CDROM driver that could be used
together with a custom built USB device to gain root privileges
(CVE-2006-2935, Moderate)

In addition to the security issues described above, a bug fix for a
clock skew problem (which could lead to unintended keyboard repeat
under X11) was also included. The problem only occurred when running
the 32-bit x86 kernel on 64-bit dual-core x86_64 hardware.

Note: The kernel-unsupported package contains various drivers and
modules that are unsupported and therefore might contain security
problems that have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architecture and
configurations as listed in this erratum."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2007-March/000086.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-unsupported");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  cve_list = make_list("CVE-2006-1864", "CVE-2006-2071", "CVE-2006-2935", "CVE-2006-4342", "CVE-2006-4997", "CVE-2006-5174");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2006-0710");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "2.4";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_exists(release:"EL3", rpm:"kernel-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-BOOT-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-doc-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-doc-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-doc-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-doc-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-hugemem-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-hugemem-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-hugemem-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-hugemem-unsupported-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-smp-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-smp-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-smp-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-smp-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-smp-unsupported-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-smp-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-source-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-source-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-source-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-source-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-unsupported-2.4.21-47.0.1.EL")) flag++;
if (rpm_exists(release:"EL3", rpm:"kernel-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-unsupported-2.4.21-47.0.1.EL")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}
VendorProductVersionCPE
oraclelinuxkernelp-cpe:/a:oracle:linux:kernel
oraclelinuxkernel-bootp-cpe:/a:oracle:linux:kernel-boot
oraclelinuxkernel-docp-cpe:/a:oracle:linux:kernel-doc
oraclelinuxkernel-hugememp-cpe:/a:oracle:linux:kernel-hugemem
oraclelinuxkernel-hugemem-unsupportedp-cpe:/a:oracle:linux:kernel-hugemem-unsupported
oraclelinuxkernel-smpp-cpe:/a:oracle:linux:kernel-smp
oraclelinuxkernel-smp-unsupportedp-cpe:/a:oracle:linux:kernel-smp-unsupported
oraclelinuxkernel-sourcep-cpe:/a:oracle:linux:kernel-source
oraclelinuxkernel-unsupportedp-cpe:/a:oracle:linux:kernel-unsupported
oraclelinux3cpe:/o:oracle:linux:3

Related

redhat 9
nessus 34
centos 7
ubuntucve 7
cve 9
cert 1
prion 6
osv 6
securityvulns 6
openvas 24
debian 7
freebsd_advisory 1
ubuntu 4
oraclelinux 3
suse 6
vmware 1
redhat
redhat
(RHSA-2006:0710) kernel security update
2006-10-19 00:00:00
(RHSA-2007:0013) Moderate: kernel security update
2007-01-17 00:00:00
(RHSA-2007:0012) Moderate: kernel security update
2007-01-17 00:00:00
nessus
nessus
RHEL 3 : kernel (RHSA-2006:0710)
2006-10-25 00:00:00
CentOS 3 : kernel (CESA-2006:0710)
2006-10-20 00:00:00
RHEL 2.1 : kernel (RHSA-2007:0013)
2007-01-17 00:00:00
centos
centos
kernel security update
2006-10-19 14:36:54
kernel security update
2007-01-19 03:58:19
kernel security update
2006-07-17 05:19:27
ubuntucve
ubuntucve
CVE-2006-2935
2006-07-05 00:00:00
CVE-2006-4997
2006-10-10 00:00:00
CVE-2006-4342
2006-10-17 00:00:00
cve
cve
CVE-2006-2935
2006-07-05 18:05:00
CVE-2006-5174
2006-10-10 04:06:00
CVE-2006-4997
2006-10-10 04:06:00
cert
cert
The Red Hat Enterprise Linux 3 SMP Kernel fails to properly handle IPC shared-memory
2006-11-06 00:00:00
prion
prion
Buffer overflow
2006-07-05 18:05:00
Code injection
2006-04-19 18:18:00
Directory traversal
2006-06-02 01:02:00
osv
osv
kernel-source-2.4.27 - several
2006-12-17 00:00:00
kernel-source-2.6.8 - several
2006-12-10 00:00:00
kernel-source-2.4.27 - several vulnerabilities
2006-09-25 00:00:00
securityvulns
securityvulns
VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
2006-11-14 00:00:00
rPSA-2006-0162-1 kernel
2006-09-02 00:00:00
FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs
2006-06-02 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1237)
2008-01-17 00:00:00
Debian Security Advisory DSA 1237-1 (kernel-source-2.4.27)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1233)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1237-1] New Linux 2.4.27 packages fix several vulnerabilities
2006-12-17 14:07:46
[SECURITY] [DSA 1233-1] New Linux 2.6.8 packages fix several vulnerabilities
2006-12-10 21:06:55
[SECURITY] [DSA 1183-1] New Linux 2.4.27 packages fix several vulnerabilities
2006-09-25 06:44:29
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:16.smbfs
2006-05-31 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2006-08-03 00:00:00
Linux kernel vulnerabilities
2006-09-15 00:00:00
Linux kernel vulnerabilities
2006-06-15 00:00:00
oraclelinux
oraclelinux
Important kernel security update
2006-11-30 00:00:00
Important kernel security update
2006-11-30 00:00:00
Important: kernel security update
2007-01-31 00:00:00
suse
suse
local privilege escalation in kernel
2006-11-10 12:48:30
local privilege escalation in kernel
2006-08-18 13:53:33
remote denial of service in kernel
2006-12-21 15:00:30
vmware
vmware
Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.
2007-07-05 00:00:00
JSON
Related for ORACLELINUX_ELSA-2006-0710.NASL
redhat9nessus34centos7ubuntucve7cve9cert1prion6osv6securityvulns6openvas24debian7freebsd_advisory1ubuntu4oraclelinux3suse6vmware1