Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2010-0076.NASL
HistoryFeb 03, 2010 - 12:00 a.m.

RHEL 4 : kernel (RHSA-2010:0076)

2010-02-0300:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Updated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

  • an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation.
    (CVE-2009-3080, Important)

  • a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service.
    (CVE-2009-4005, Important)

  • permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The ‘dbg_lvl’ and ‘poll_mode_io’ files on the sysfs file system (‘/sys/’) had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)

  • a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation in the Linux kernel. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running ‘ls’. (CVE-2009-4020, Low)

This update also fixes the following bugs :

  • if a process was using ptrace() to trace a multi-threaded process, and that multi-threaded process dumped its core, the process performing the trace could hang in wait4(). This issue could be triggered by running ‘strace -f’ on a multi-threaded process that was dumping its core, resulting in the strace command hanging. (BZ#555869)

  • a bug in the ptrace() implementation could have, in some cases, caused ptrace_detach() to create a zombie process if the process being traced was terminated with a SIGKILL signal. (BZ#555869)

  • the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the Realtek r8169 Ethernet driver. This update implements a better solution for that issue. Note: This is not a security regression. The original fix was complete. This update is adding the official upstream fix. (BZ#556406)

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2010:0076. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(44386);
  script_version("1.37");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-3080", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4020");
  script_bugtraq_id(37019, 37036, 37068);
  script_xref(name:"RHSA", value:"2010:0076");

  script_name(english:"RHEL 4 : kernel (RHSA-2010:0076)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix multiple security issues and three
bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* an array index error was found in the gdth driver in the Linux
kernel. A local user could send a specially crafted IOCTL request that
would cause a denial of service or, possibly, privilege escalation.
(CVE-2009-3080, Important)

* a flaw was found in the collect_rx_frame() function in the HiSax
ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this
flaw to send a specially crafted HDLC packet that could trigger a
buffer out of bounds, possibly resulting in a denial of service.
(CVE-2009-4005, Important)

* permission issues were found in the megaraid_sas driver (for SAS
based RAID controllers) in the Linux kernel. The 'dbg_lvl' and
'poll_mode_io' files on the sysfs file system ('/sys/') had
world-writable permissions. This could allow local, unprivileged users
to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939,
Moderate)

* a buffer overflow flaw was found in the hfs_bnode_read() function in
the HFS file system implementation in the Linux kernel. This could
lead to a denial of service if a user browsed a specially crafted HFS
file system, for example, by running 'ls'. (CVE-2009-4020, Low)

This update also fixes the following bugs :

* if a process was using ptrace() to trace a multi-threaded process,
and that multi-threaded process dumped its core, the process
performing the trace could hang in wait4(). This issue could be
triggered by running 'strace -f' on a multi-threaded process that was
dumping its core, resulting in the strace command hanging. (BZ#555869)

* a bug in the ptrace() implementation could have, in some cases,
caused ptrace_detach() to create a zombie process if the process being
traced was terminated with a SIGKILL signal. (BZ#555869)

* the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the
Realtek r8169 Ethernet driver. This update implements a better
solution for that issue. Note: This is not a security regression. The
original fix was complete. This update is adding the official upstream
fix. (BZ#556406)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-3080"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-3889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-3939"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-4005"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-4020"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2010:0076"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xenU-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/02/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2009-3080", "CVE-2009-3889", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4020");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2010:0076");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2010:0076";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL4", reference:"kernel-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", reference:"kernel-devel-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", reference:"kernel-doc-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-hugemem-devel-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-smp-devel-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"i686", reference:"kernel-xenU-devel-2.6.9-89.0.20.EL")) flag++;

  if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-89.0.20.EL")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linux4cpe:/o:redhat:enterprise_linux:4
redhatenterprise_linux4.8cpe:/o:redhat:enterprise_linux:4.8
redhatenterprise_linuxkernelp-cpe:/a:redhat:enterprise_linux:kernel
redhatenterprise_linuxkernel-develp-cpe:/a:redhat:enterprise_linux:kernel-devel
redhatenterprise_linuxkernel-docp-cpe:/a:redhat:enterprise_linux:kernel-doc
redhatenterprise_linuxkernel-hugememp-cpe:/a:redhat:enterprise_linux:kernel-hugemem
redhatenterprise_linuxkernel-hugemem-develp-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel
redhatenterprise_linuxkernel-largesmpp-cpe:/a:redhat:enterprise_linux:kernel-largesmp
redhatenterprise_linuxkernel-largesmp-develp-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel
redhatenterprise_linuxkernel-smpp-cpe:/a:redhat:enterprise_linux:kernel-smp
Rows per page:
1-10 of 131

Related

openvas 61
nessus 54
centos 4
redhat 10
oraclelinux 5
suse 10
securityvulns 4
ubuntucve 8
veracode 5
cve 8
prion 8
seebug 5
f5 2
debian 2
osv 2
debiancve 1
ubuntu 1
fedora 5
vmware 4
openvas
openvas
RedHat Update for kernel RHSA-2010:0076-01
2010-02-08 00:00:00
RedHat Update for kernel RHSA-2010:0076-01
2010-02-08 00:00:00
Mandriva Update for kernel MDVSA-2010:034-1 (kernel)
2010-02-19 00:00:00
nessus
nessus
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
2012-08-01 00:00:00
CentOS 4 : kernel (CESA-2010:0076)
2010-02-05 00:00:00
Oracle Linux 4 : kernel (ELSA-2010-0076)
2013-07-12 00:00:00
centos
centos
kernel security update
2010-02-04 12:33:45
kernel security update
2010-01-20 18:10:39
kernel security update
2010-01-14 23:48:52
redhat
redhat
(RHSA-2010:0076) Important: kernel security and bug fix update
2010-02-02 00:00:00
(RHSA-2009:1635) Important: kernel-rt security, bug fix, and enhancement update
2009-12-03 00:00:00
(RHSA-2010:0046) Important: kernel security and bug fix update
2010-01-19 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2010-02-03 00:00:00
kernel security and bug fix update
2010-01-20 00:00:00
kernel security update
2010-01-08 00:00:00
suse
suse
remote code execution in kernel
2010-01-15 15:06:43
remote denial of service in kernel
2009-12-14 18:08:07
remote denial of service in kernel
2009-12-22 18:28:49
securityvulns
securityvulns
[ MDVSA-2010:030 ] kernel
2010-02-04 00:00:00
Linux kernel multiple security vulnerabilities
2010-02-04 00:00:00
[PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem
2012-05-24 00:00:00
ubuntucve
ubuntucve
CVE-2009-3939
2009-11-16 00:00:00
CVE-2009-4005
2009-11-19 00:00:00
CVE-2009-3889
2009-11-16 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:39:27
Privilege Escalation
2020-04-10 00:39:25
Buffer Overflows
2020-04-10 00:39:28
cve
cve
CVE-2009-4005
2009-11-20 02:30:00
CVE-2009-3939
2009-11-16 19:30:00
CVE-2009-3889
2009-11-16 19:30:00
prion
prion
Design/Logic Flaw
2009-11-16 19:30:00
Buffer overflow
2009-11-20 02:30:00
Design/Logic Flaw
2009-11-16 19:30:00
seebug
seebug
Linux Kernel collect_rx_frame函数本地权限提升漏洞
2009-11-23 00:00:00
Linux Kernel megaraid_sas驱动不安全文件权限漏洞
2009-11-16 00:00:00
Linux Kernel HFS子系统栈溢出漏洞
2009-12-12 00:00:00
f5
f5
SOL16479 - Linux kernel vulnerability CVE-2009-4537
2015-04-22 00:00:00
K16479 : Linux kernel vulnerability CVE-2009-4537
2015-07-23 00:00:00
debian
debian
[SECURITY] [DSA 2003-1] New Linux 2.6.18 packages fix several vulnerabilities
2010-02-23 04:56:17
[SECURITY] [DSA 2004-1] New Linux 2.6.24 packages fix several vulnerabilities
2010-03-01 03:53:30
osv
osv
linux-2.6 - several vulnerabilities
2010-02-22 00:00:00
linux-2.6.24 - several vulnerabilities
2010-02-27 00:00:00
debiancve
debiancve
CVE-2012-2319
2012-05-17 11:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2009-12-05 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: kernel-2.6.32.12-115.fc12
2010-05-18 21:59:07
[SECURITY] Fedora 12 Update: kernel-2.6.32.14-127.fc12
2010-06-14 17:13:44
[SECURITY] Fedora 10 Update: kernel-2.6.27.41-170.2.117.fc10
2009-12-11 18:26:18
vmware
vmware
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
2011-06-02 00:00:00
JSON
Related for REDHAT-RHSA-2010-0076.NASL
openvas61nessus54centos4redhat10oraclelinux5suse10securityvulns4ubuntucve8veracode5cve8prion8seebug5f52debian2osv2debiancve1ubuntu1fedora5vmware4