Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2004-255.NASL
HistoryJul 06, 2004 - 12:00 a.m.

RHEL 3 : kernel (RHSA-2004:255)

2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

Updated kernel packages for Red Hat Enterprise Linux 3 that fix security vulnerabilities are now available.

The Linux kernel handles the basic functions of the operating system.

A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64 that allowed local users to cause a denial of service (system crash) by triggering a signal handler with a certain sequence of fsave and frstor instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0554 to this issue.

Another flaw was discovered in an error path supporting the clone() system call that allowed local users to cause a denial of service (memory leak) by passing invalid arguments to clone() running in an infinite loop of a user’s program. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0427 to this issue.

Enhancements were committed to the 2.6 kernel by Al Viro which enabled the Sparse source code checking tool to check for a certain class of kernel bugs. A subset of these fixes also applies to various drivers in the 2.4 kernel. Although the majority of these resides in drivers unsupported in Red Hat Enterprise Linux 3, the flaws could lead to privilege escalation or access to kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0495 to these issues.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. These packages contain backported patches to correct these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2004:255. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(12508);
  script_version("1.30");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2004-0427", "CVE-2004-0495", "CVE-2004-0554");
  script_xref(name:"RHSA", value:"2004:255");

  script_name(english:"RHEL 3 : kernel (RHSA-2004:255)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages for Red Hat Enterprise Linux 3 that fix
security vulnerabilities are now available.

The Linux kernel handles the basic functions of the operating system.

A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and
x86_64 that allowed local users to cause a denial of service (system
crash) by triggering a signal handler with a certain sequence of fsave
and frstor instructions. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0554 to this
issue.

Another flaw was discovered in an error path supporting the clone()
system call that allowed local users to cause a denial of service
(memory leak) by passing invalid arguments to clone() running in an
infinite loop of a user's program. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0427
to this issue.

Enhancements were committed to the 2.6 kernel by Al Viro which enabled
the Sparse source code checking tool to check for a certain class of
kernel bugs. A subset of these fixes also applies to various drivers
in the 2.4 kernel. Although the majority of these resides in drivers
unsupported in Red Hat Enterprise Linux 3, the flaws could lead to
privilege escalation or access to kernel memory. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0495 to these issues.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum. These packages contain
backported patches to correct these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0495"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0554"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2004:255"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CAN-2004-0427", "CAN-2004-0554", "CVE-2004-0427", "CVE-2004-0495", "CVE-2004-0554");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2004:255");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2004:255";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL3", reference:"kernel-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-doc-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-unsupported-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-unsupported-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-source-2.4.21-15.0.2.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-unsupported-2.4.21-15.0.2.EL")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxkernelp-cpe:/a:redhat:enterprise_linux:kernel
redhatenterprise_linuxkernel-bootp-cpe:/a:redhat:enterprise_linux:kernel-boot
redhatenterprise_linuxkernel-docp-cpe:/a:redhat:enterprise_linux:kernel-doc
redhatenterprise_linuxkernel-hugememp-cpe:/a:redhat:enterprise_linux:kernel-hugemem
redhatenterprise_linuxkernel-hugemem-unsupportedp-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported
redhatenterprise_linuxkernel-smpp-cpe:/a:redhat:enterprise_linux:kernel-smp
redhatenterprise_linuxkernel-smp-unsupportedp-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported
redhatenterprise_linuxkernel-sourcep-cpe:/a:redhat:enterprise_linux:kernel-source
redhatenterprise_linuxkernel-unsupportedp-cpe:/a:redhat:enterprise_linux:kernel-unsupported
redhatenterprise_linux3cpe:/o:redhat:enterprise_linux:3

Related

redhat 3
nessus 15
cert 1
ubuntucve 3
cve 4
openvas 11
slackware 1
gentoo 1
securityvulns 2
suse 3
osv 4
debian 5
redhat
redhat
(RHSA-2004:255) kernel security update
2004-06-17 00:00:00
(RHSA-2004:260) kernel security update
2004-06-18 00:00:00
(RHSA-2004:327) kernel security update
2004-08-18 00:00:00
nessus
nessus
RHEL 2.1 : kernel (RHSA-2004:260)
2004-07-06 00:00:00
Fedora Core 1 : kernel-2.4.22-1.2194.nptl (2004-186)
2004-07-23 00:00:00
SuSE-SA:2004:017: kernel
2004-07-25 00:00:00
cert
cert
Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
2004-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2004-0495
2004-08-06 00:00:00
CVE-2004-0554
2004-08-06 00:00:00
CVE-2004-0427
2004-07-07 00:00:00
cve
cve
CVE-2004-0495
2004-08-06 04:00:00
CVE-2004-0554
2004-08-06 04:00:00
CVE-2004-0427
2004-07-07 04:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2004-167-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2004-167-01 kernel DoS
2012-09-11 00:00:00
Gentoo Security Advisory GLSA 200407-02 (Kernel)
2008-09-24 00:00:00
slackware
slackware
kernel DoS
2004-06-15 10:53:26
gentoo
gentoo
Linux Kernel: Multiple vulnerabilities
2004-07-03 00:00:00
securityvulns
securityvulns
SUSE Security Announcement: kernel &#40;SuSE-SA:2004:017&#41;
2004-06-18 00:00:00
SUSE Security Announcement: kernel &#40;SUSE-SA:2004:020&#41;
2004-07-03 00:00:00
suse
suse
local denial-of-service attack in kernel
2004-06-16 14:13:55
local privilege escalation in kernel
2004-07-02 16:38:51
privilege escalation, local DoS in Linux Kernel
2004-05-04 00:48:08
osv
osv
kernel-source-2.4.18 - several
2006-05-20 00:00:00
kernel-source-2.4.19 - several vulnerabilities
2006-05-21 00:00:00
kernel-source-2.4.17 - several vulnerabilities
2006-05-29 00:00:00
debian
debian
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities
2006-05-21 02:53:34
[SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities
2006-05-29 19:29:19
[SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities
2006-05-20 08:20:15
JSON
Related for REDHAT-RHSA-2004-255.NASL
redhat3nessus15cert1ubuntucve3cve4openvas11slackware1gentoo1securityvulns2suse3osv4debian5