Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2004-549.NASL
HistoryDec 13, 2004 - 12:00 a.m.

RHEL 3 : kernel (RHSA-2004:549)

2004-12-1300:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.215 Low

EPSS

Percentile

96.5%

JSON

Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available.

The Linux kernel handles the basic functions of the operating system.

This update includes fixes for several security issues :

A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1068 to this issue.

Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use thse flaws to gain read access to executable-only binaries or possibly gain privileges. (CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073)

A flaw when setting up TSS limits was discovered that affects AMD AMD64 and Intel EM64T architecture kernels prior to 2.4.23. A local user could use this flaw to cause a denial of service (crash) or possibly gain privileges. (CVE-2004-0812)

An integer overflow flaw was discovered in the ubsec_keysetup function in the Broadcom 5820 cryptonet driver. On systems using this driver, a local user could cause a denial of service (crash) or possibly gain elevated privileges. (CVE-2004-0619)

Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CVE-2004-0883, CVE-2004-0949)

SGI discovered a bug in the elf loader that affects kernels prior to 2.4.25 which could be triggered by a malformed binary. On architectures other than x86, a local user could create a malicious binary which could cause a denial of service (crash). (CVE-2004-0136)

Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CVE-2004-0685)

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2004:549. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15944);
  script_version("1.32");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2004-0136", "CVE-2004-0138", "CVE-2004-0619", "CVE-2004-0685", "CVE-2004-0812", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1191");
  script_xref(name:"RHSA", value:"2004:549");

  script_name(english:"RHEL 3 : kernel (RHSA-2004:549)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

The Linux kernel handles the basic functions of the operating system.

This update includes fixes for several security issues :

A missing serialization flaw in unix_dgram_recvmsg was discovered that
affects kernels prior to 2.4.28. A local user could potentially make
use of a race condition in order to gain privileges. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1068 to this issue.

Paul Starzetz of iSEC discovered various flaws in the ELF binary
loader affecting kernels prior to 2.4.28. A local user could use thse
flaws to gain read access to executable-only binaries or possibly gain
privileges. (CVE-2004-1070, CVE-2004-1071, CVE-2004-1072,
CVE-2004-1073)

A flaw when setting up TSS limits was discovered that affects AMD
AMD64 and Intel EM64T architecture kernels prior to 2.4.23. A local
user could use this flaw to cause a denial of service (crash) or
possibly gain privileges. (CVE-2004-0812)

An integer overflow flaw was discovered in the ubsec_keysetup function
in the Broadcom 5820 cryptonet driver. On systems using this driver, a
local user could cause a denial of service (crash) or possibly gain
elevated privileges. (CVE-2004-0619)

Stefan Esser discovered various flaws including buffer overflows in
the smbfs driver affecting kernels prior to 2.4.28. A local user may
be able to cause a denial of service (crash) or possibly gain
privileges. In order to exploit these flaws the user would require
control of a connected Samba server. (CVE-2004-0883, CVE-2004-0949)

SGI discovered a bug in the elf loader that affects kernels prior to
2.4.25 which could be triggered by a malformed binary. On
architectures other than x86, a local user could create a malicious
binary which could cause a denial of service (crash). (CVE-2004-0136)

Conectiva discovered flaws in certain USB drivers affecting kernels
prior to 2.4.27 which used the copy_to_user function on uninitialized
structures. These flaws could allow local users to read small amounts
of kernel memory. (CVE-2004-0685)

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0619"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0685"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0812"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0883"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1068"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1070"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1071"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1072"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-1073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2004:549"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/12/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CAN-2004-0136", "CAN-2004-0619", "CAN-2004-0685", "CAN-2004-0812", "CAN-2004-0883", "CAN-2004-0949", "CAN-2004-1068", "CAN-2004-1070", "CAN-2004-1071", "CAN-2004-1072", "CAN-2004-1073", "CVE-2004-0138", "CVE-2004-0619", "CVE-2004-0685", "CVE-2004-0812", "CVE-2004-0883", "CVE-2004-0949", "CVE-2004-1068", "CVE-2004-1070", "CVE-2004-1071", "CVE-2004-1072", "CVE-2004-1073", "CVE-2004-1191");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2004:549");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2004:549";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL3", reference:"kernel-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-doc-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-unsupported-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-unsupported-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-source-2.4.21-20.0.1.EL")) flag++;
  if (rpm_check(release:"RHEL3", reference:"kernel-unsupported-2.4.21-20.0.1.EL")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxkernelp-cpe:/a:redhat:enterprise_linux:kernel
redhatenterprise_linuxkernel-bootp-cpe:/a:redhat:enterprise_linux:kernel-boot
redhatenterprise_linuxkernel-docp-cpe:/a:redhat:enterprise_linux:kernel-doc
redhatenterprise_linuxkernel-hugememp-cpe:/a:redhat:enterprise_linux:kernel-hugemem
redhatenterprise_linuxkernel-hugemem-unsupportedp-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported
redhatenterprise_linuxkernel-smpp-cpe:/a:redhat:enterprise_linux:kernel-smp
redhatenterprise_linuxkernel-smp-unsupportedp-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported
redhatenterprise_linuxkernel-sourcep-cpe:/a:redhat:enterprise_linux:kernel-source
redhatenterprise_linuxkernel-unsupportedp-cpe:/a:redhat:enterprise_linux:kernel-unsupported
redhatenterprise_linux3cpe:/o:redhat:enterprise_linux:3

References

Related

redhat 8
nessus 22
suse 2
securityvulns 5
ubuntu 3
openvas 24
osv 6
debian 7
nvd 14
cve 14
cvelist 14
ubuntucve 7
checkpoint_advisories 1
cert 2
prion 1
gentoo 1
centos 3
redhat
redhat
(RHSA-2004:549) kernel security update
2004-12-02 00:00:00
(RHSA-2004:505) Updated kernel packages fix security vulnerability
2004-12-13 00:00:00
(RHSA-2004:504) Updated Itanium kernel packages resolve security issues
2004-12-13 00:00:00
nessus
nessus
RHEL 2.1 : kernel (RHSA-2004:505)
2004-12-14 00:00:00
RHEL 2.1 / 3 : openmotif (RHSA-2004:537)
2004-12-13 00:00:00
Mandrake Linux Security Advisory : kernel (MDKSA-2005:022)
2005-01-26 00:00:00
suse
suse
local and remote denial of service in kernel
2004-12-01 14:31:07
local privilege escalation in kernel
2004-12-21 19:35:11
securityvulns
securityvulns
Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
2004-11-18 00:00:00
[ GLSA 200408-24 ] Linux Kernel: Multiple information leaks
2004-08-30 00:00:00
Linux kernel privilege escalation
2007-02-18 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2005-01-14 00:00:00
Linux kernel vulnerabilities
2004-11-19 00:00:00
Linux kernel vulnerabilities
2004-12-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-30-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-60-0)
2022-08-26 00:00:00
Debian: Security Advisory (DSA-1069-1)
2023-03-08 00:00:00
osv
osv
kernel-source-2.4.19 - several vulnerabilities
2006-05-21 00:00:00
kernel-source-2.4.18 - several
2006-05-20 00:00:00
kernel-source-2.4.17 - several vulnerabilities
2006-05-29 00:00:00
debian
debian
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities
2006-05-21 02:53:34
[SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities
2006-05-29 19:29:19
[SECURITY] [DSA 1070-1] New Linux kernel 2.4.19 packages fix several vulnerabilities
2006-05-21 06:24:21
nvd
nvd
CVE-2004-0619
2004-12-06 05:00:00
CVE-2004-0685
2004-12-23 05:00:00
CVE-2004-0883
2005-01-10 05:00:00
cve
cve
CVE-2004-0883
2005-01-10 05:00:00
CVE-2004-1191
2005-01-10 05:00:00
CVE-2004-0685
2004-12-23 05:00:00
cvelist
cvelist
CVE-2004-0685
2004-10-26 04:00:00
CVE-2004-0883
2004-12-01 05:00:00
CVE-2004-0619
2004-06-30 04:00:00
ubuntucve
ubuntucve
CVE-2004-0685
2004-12-23 00:00:00
CVE-2004-1191
2005-01-10 00:00:00
CVE-2004-0883
2005-01-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Linux Kernel SMB Filesystem smb_receive Transaction2 - Ver2 (CVE-2004-0949)
2014-12-28 00:00:00
cert
cert
SMB filesystem read system call vulnerable to buffer overflow
2005-02-02 00:00:00
Linux kernel USB drivers do not initialize kernel memory properly
2004-10-22 00:00:00
prion
prion
Design/Logic Flaw
2007-02-15 18:28:00
gentoo
gentoo
Linux Kernel: Multiple information leaks
2004-08-25 00:00:00
centos
centos
kernel security update
2005-04-29 05:42:41
kernel security update
2006-02-02 22:07:50
kernel security update
2005-04-22 21:54:37

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.215 Low

EPSS

Percentile

96.5%

JSON
Related for REDHAT-RHSA-2004-549.NASL
redhat8nessus22suse2securityvulns5ubuntu3openvas24osv6debian7nvd14cve14cvelist14ubuntucve7checkpoint_advisories1cert2prion1gentoo1centos3