Lucene search

K
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2003-389.NASL
HistoryJul 06, 2004 - 12:00 a.m.

RHEL 2.1 : kernel (RHSA-2003:389)

2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

Updated kernel packages are now available that fix a security vulnerability allowing local users to gain root privileges.

The Linux kernel handles the basic functions of the operating system.

A flaw in bounds checking in the do_brk() function in the Linux kernel versions 2.4.22 and previous can allow a local attacker to gain root privileges. This issue is known to be exploitable; an exploit has been seen in the wild that takes advantage of this vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0961 to this issue.

All users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these errata packages, which contain a backported security patch that corrects this vulnerability.

Users of Red Hat Enterprise Linux 3 should upgrade to the kernel packages provided by RHBA-2003:308 (released on 30 October 2003), which already contained a patch correcting this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2003:389. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(12438);
  script_version("1.32");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2003-0961");
  script_xref(name:"RHSA", value:"2003:389");

  script_name(english:"RHEL 2.1 : kernel (RHSA-2003:389)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages are now available that fix a security
vulnerability allowing local users to gain root privileges.

The Linux kernel handles the basic functions of the operating system.

A flaw in bounds checking in the do_brk() function in the Linux kernel
versions 2.4.22 and previous can allow a local attacker to gain root
privileges. This issue is known to be exploitable; an exploit has been
seen in the wild that takes advantage of this vulnerability. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0961 to this issue.

All users of Red Hat Enterprise Linux 2.1 are advised to upgrade to
these errata packages, which contain a backported security patch that
corrects this vulnerability.

Users of Red Hat Enterprise Linux 3 should upgrade to the kernel
packages provided by RHBA-2003:308 (released on 30 October 2003),
which already contained a patch correcting this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0961"
  );
  # http://rhn.redhat.com/errata/RHBA-2003-308.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHBA-2003:308"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2003:389"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-enterprise");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-summit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2003/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2003-0961");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2003:389");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2003:389";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-BOOT-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-debug-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-doc-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-enterprise-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-headers-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-smp-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kernel-source-2.4.9-e.30")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"kernel-summit-2.4.9-e.30")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-debug / kernel-doc / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxkernelp-cpe:/a:redhat:enterprise_linux:kernel
redhatenterprise_linuxkernel-bootp-cpe:/a:redhat:enterprise_linux:kernel-boot
redhatenterprise_linuxkernel-debugp-cpe:/a:redhat:enterprise_linux:kernel-debug
redhatenterprise_linuxkernel-docp-cpe:/a:redhat:enterprise_linux:kernel-doc
redhatenterprise_linuxkernel-enterprisep-cpe:/a:redhat:enterprise_linux:kernel-enterprise
redhatenterprise_linuxkernel-headersp-cpe:/a:redhat:enterprise_linux:kernel-headers
redhatenterprise_linuxkernel-smpp-cpe:/a:redhat:enterprise_linux:kernel-smp
redhatenterprise_linuxkernel-sourcep-cpe:/a:redhat:enterprise_linux:kernel-source
redhatenterprise_linuxkernel-summitp-cpe:/a:redhat:enterprise_linux:kernel-summit
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%