CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.8%
Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update addresses the following security issues :
Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data.
(CVE-2008-0598, Important)
a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)
missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions.
(CVE-2008-3525, Important)
the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information.
(CVE-2008-4210, Important)
a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate)
multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)
a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)
This update also fixes the following bugs :
the incorrect kunmap function was used in nfs_xdr_readlinkres.
kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system’s PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.
mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.
lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware®.
All Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2008:0973. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(35190);
script_version("1.35");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210");
script_bugtraq_id(26605, 29235, 29942, 30076, 30647, 31368);
script_xref(name:"RHSA", value:"2008:0973");
script_name(english:"RHEL 3 : kernel (RHSA-2008:0973)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 3.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update addresses the following security issues :
* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and
64-bit emulation. This could allow a local, unprivileged user to
prepare and run a specially crafted binary which would use this
deficiency to leak uninitialized and potentially sensitive data.
(CVE-2008-0598, Important)
* a possible kernel memory leak was found in the Linux kernel Simple
Internet Transition (SIT) INET6 implementation. This could allow a
local, unprivileged user to cause a denial of service. (CVE-2008-2136,
Important)
* missing capability checks were found in the SBNI WAN driver which
could allow a local user to bypass intended capability restrictions.
(CVE-2008-3525, Important)
* the do_truncate() and generic_file_splice_write() functions did not
clear the setuid and setgid bits. This could allow a local,
unprivileged user to obtain access to privileged information.
(CVE-2008-4210, Important)
* a buffer overflow flaw was found in Integrated Services Digital
Network (ISDN) subsystem. A local, unprivileged user could use this
flaw to cause a denial of service. (CVE-2007-6063, Moderate)
* multiple NULL pointer dereferences were found in various Linux
kernel network drivers. These drivers were missing checks for terminal
validity, which could allow privilege escalation. (CVE-2008-2812,
Moderate)
* a deficiency was found in the Linux kernel virtual filesystem (VFS)
implementation. This could allow a local, unprivileged user to attempt
file creation within deleted directories, possibly causing a denial of
service. (CVE-2008-3275, Moderate)
This update also fixes the following bugs :
* the incorrect kunmap function was used in nfs_xdr_readlinkres.
kunmap() was used where kunmap_atomic() should have been. As a
consequence, if an NFSv2 or NFSv3 server exported a volume containing
a symlink which included a path equal to or longer than the local
system's PATH_MAX, accessing the link caused a kernel oops. This has
been corrected in this update.
* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it
as a pointer. This caused a kernel panic in mptctl_gettargetinfo in
some circumstances. A check has been added which prevents this.
* lost tick compensation code in the timer interrupt routine triggered
without apparent cause. When running as a fully-virtualized client,
this spurious triggering caused the 64-bit version of Red Hat
Enterprise Linux 3 to present highly inaccurate times. With this
update the lost tick compensation code is turned off when the
operating system is running as a fully-virtualized client under Xen or
VMware(r).
All Red Hat Enterprise Linux 3 users should install this updated
kernel which addresses these vulnerabilities and fixes these bugs."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2007-6063"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2008-0598"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2008-2136"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2008-2812"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2008-3275"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2008-3525"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2008-4210"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2008:0973"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_cwe_id(20, 119, 200, 264, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/20");
script_set_attribute(attribute:"patch_publication_date", value:"2008/12/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/17");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
rm_kb_item(name:"Host/uptrack-uname-r");
cve_list = make_list("CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210");
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2008:0973");
}
else
{
__rpm_report = ksplice_reporting_text();
}
}
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2008:0973";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL3", reference:"kernel-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", reference:"kernel-doc-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-unsupported-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-unsupported-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", reference:"kernel-source-2.4.21-58.EL")) flag++;
if (rpm_check(release:"RHEL3", reference:"kernel-unsupported-2.4.21-58.EL")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc");
}
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
access.redhat.com/errata/RHSA-2008:0973
access.redhat.com/security/cve/cve-2007-6063
access.redhat.com/security/cve/cve-2008-0598
access.redhat.com/security/cve/cve-2008-2136
access.redhat.com/security/cve/cve-2008-2812
access.redhat.com/security/cve/cve-2008-3275
access.redhat.com/security/cve/cve-2008-3525
access.redhat.com/security/cve/cve-2008-4210
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.8%