Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2003-389.NASL
HistoryJul 06, 2004 - 12:00 a.m.

RHEL 2.1 : kernel (RHSA-2003:389)

2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Updated kernel packages are now available that fix a security vulnerability allowing local users to gain root privileges.

The Linux kernel handles the basic functions of the operating system.

A flaw in bounds checking in the do_brk() function in the Linux kernel versions 2.4.22 and previous can allow a local attacker to gain root privileges. This issue is known to be exploitable; an exploit has been seen in the wild that takes advantage of this vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0961 to this issue.

All users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these errata packages, which contain a backported security patch that corrects this vulnerability.

Users of Red Hat Enterprise Linux 3 should upgrade to the kernel packages provided by RHBA-2003:308 (released on 30 October 2003), which already contained a patch correcting this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2003:389. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(12438);
  script_version("1.32");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2003-0961");
  script_xref(name:"RHSA", value:"2003:389");

  script_name(english:"RHEL 2.1 : kernel (RHSA-2003:389)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages are now available that fix a security
vulnerability allowing local users to gain root privileges.

The Linux kernel handles the basic functions of the operating system.

A flaw in bounds checking in the do_brk() function in the Linux kernel
versions 2.4.22 and previous can allow a local attacker to gain root
privileges. This issue is known to be exploitable; an exploit has been
seen in the wild that takes advantage of this vulnerability. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0961 to this issue.

All users of Red Hat Enterprise Linux 2.1 are advised to upgrade to
these errata packages, which contain a backported security patch that
corrects this vulnerability.

Users of Red Hat Enterprise Linux 3 should upgrade to the kernel
packages provided by RHBA-2003:308 (released on 30 October 2003),
which already contained a patch correcting this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0961"
  );
  # http://rhn.redhat.com/errata/RHBA-2003-308.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHBA-2003:308"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2003:389"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-enterprise");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-summit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2003/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2003-0961");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2003:389");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2003:389";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-BOOT-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-debug-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-doc-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-enterprise-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-headers-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-smp-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-source-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-summit-2.4.9-e.30")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-debug / kernel-doc / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxkernelp-cpe:/a:redhat:enterprise_linux:kernel
redhatenterprise_linuxkernel-bootp-cpe:/a:redhat:enterprise_linux:kernel-boot
redhatenterprise_linuxkernel-debugp-cpe:/a:redhat:enterprise_linux:kernel-debug
redhatenterprise_linuxkernel-docp-cpe:/a:redhat:enterprise_linux:kernel-doc
redhatenterprise_linuxkernel-enterprisep-cpe:/a:redhat:enterprise_linux:kernel-enterprise
redhatenterprise_linuxkernel-headersp-cpe:/a:redhat:enterprise_linux:kernel-headers
redhatenterprise_linuxkernel-smpp-cpe:/a:redhat:enterprise_linux:kernel-smp
redhatenterprise_linuxkernel-sourcep-cpe:/a:redhat:enterprise_linux:kernel-source
redhatenterprise_linuxkernel-summitp-cpe:/a:redhat:enterprise_linux:kernel-summit
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

Related

openvas 22
osv 10
securityvulns 3
debian 17
nessus 13
nvd 1
redhat 2
slackware 2
cert 1
cve 1
ubuntucve 1
cvelist 1
packetstorm 1
suse 1
openvas
openvas
Debian Security Advisory DSA 403-1 (kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18)
2008-01-17 00:00:00
Debian Security Advisory DSA 403-1 (kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18)
2008-01-17 00:00:00
Slackware Advisory SSA:2003-336-01 Kernel security update
2012-09-11 00:00:00
osv
osv
kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
2003-12-01 00:00:00
kernel-patch-2.4.17-mips - integer overflow
2004-02-04 00:00:00
linux-kernel-2.4.18-powerpc+alpha - missing boundary check
2004-01-07 00:00:00
securityvulns
securityvulns
[Full-Disclosure] [iSEC] Linux kernel do_brk&#40;&#41; lacks argument bound checking
2003-12-02 00:00:00
[Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory
2003-12-02 00:00:00
Multiple Remote Issues in Applied Watch IDS Suite &#40;advisory attached&#41;
2003-11-29 00:00:00
debian
debian
[SECURITY] [DSA 433-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel)
2004-02-04 06:53:24
[SECURITY] [DSA 433-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel)
2004-02-04 00:00:00
[SECURITY] [DSA-403-1] userland can access Linux kernel memory
2003-12-01 00:00:00
nessus
nessus
Debian DSA-403-1 : kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 - local root exploit
2004-09-29 00:00:00
Mandrake Linux Security Advisory : kernel (MDKSA-2003:110)
2004-07-31 00:00:00
Debian DSA-433-1 : kernel-patch-2.4.17-mips - integer overflow
2004-09-29 00:00:00
nvd
nvd
CVE-2003-0961
2003-12-15 05:00:00
redhat
redhat
(RHSA-2003:389) kernel security update
2003-12-01 00:00:00
(RHSA-2003:368) Updated IA64 kernel packages address security vulnerabilities, bugfixes
2003-12-19 00:00:00
slackware
slackware
minor advisory typo
2003-12-02 11:21:22
Kernel security update
2003-12-02 10:05:30
cert
cert
Linux kernel do_brk() function contains integer overflow
2003-12-02 00:00:00
cve
cve
CVE-2003-0961
2003-12-15 05:00:00
ubuntucve
ubuntucve
CVE-2003-0961
2003-12-15 00:00:00
cvelist
cvelist
CVE-2003-0961
2003-12-02 05:00:00
packetstorm
packetstorm
_BSSADV-0000.txt
2003-12-01 00:00:00
suse
suse
local root exploit in Linux Kernel
2003-12-04 15:40:06

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for REDHAT-RHSA-2003-389.NASL
openvas22osv10securityvulns3debian17nessus13nvd1redhat2slackware2cert1cve1ubuntucve1cvelist1packetstorm1suse1