7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.7%
New kernels are available for Slackware 9.1 and -current to fix a bounds-checking problem in the kernel’s mremap() call which could be used by a local attacker to gain root privileges. Please note that this is not the same issue as CAN-2003-0985 which was fixed in early January. The kernels in Slackware 8.1 and 9.0 that were updated in January are not vulnerable to this new issue because the patch from Solar Designer that was used to fix the CAN-2003-0985 bugs also happened to fix the problem that was discovered later. Sites running Slackware 9.1 or -current should upgrade to a new kernel. After installing the new kernel, be sure to run ‘lilo’.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Slackware Security Advisory 2004-049-01. The text
# itself is copyright (C) Slackware Linux, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(18789);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2004-0077");
script_xref(name:"SSA", value:"2004-049-01");
script_name(english:"Slackware 9.1 / current : Kernel security update (SSA:2004-049-01)");
script_summary(english:"Checks for updated packages in /var/log/packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Slackware host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"New kernels are available for Slackware 9.1 and -current to fix a
bounds-checking problem in the kernel's mremap() call which could be
used by a local attacker to gain root privileges. Please note that
this is not the same issue as CAN-2003-0985 which was fixed in early
January. The kernels in Slackware 8.1 and 9.0 that were updated in
January are not vulnerable to this new issue because the patch from
Solar Designer that was used to fix the CAN-2003-0985 bugs also
happened to fix the problem that was discovered later. Sites running
Slackware 9.1 or -current should upgrade to a new kernel. After
installing the new kernel, be sure to run 'lilo'."
);
# http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?ebf1ce63"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kernel-ide and / or kernel-source packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-ide");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
script_set_attribute(attribute:"patch_publication_date", value:"2004/02/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/02/18");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Slackware Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("slackware.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
flag = 0;
if (slackware_check(osver:"9.1", pkgname:"kernel-ide", pkgver:"2.4.24", pkgarch:"i486", pkgnum:"2")) flag++;
if (slackware_check(osver:"9.1", pkgname:"kernel-source", pkgver:"2.4.24", pkgarch:"noarch", pkgnum:"2")) flag++;
if (slackware_check(osver:"current", pkgname:"kernel-ide", pkgver:"2.4.24", pkgarch:"i486", pkgnum:"2")) flag++;
if (slackware_check(osver:"current", pkgname:"kernel-source", pkgver:"2.4.24", pkgarch:"noarch", pkgnum:"2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
slackware | slackware_linux | kernel-ide | p-cpe:/a:slackware:slackware_linux:kernel-ide |
slackware | slackware_linux | kernel-source | p-cpe:/a:slackware:slackware_linux:kernel-source |
slackware | slackware_linux | cpe:/o:slackware:slackware_linux | |
slackware | slackware_linux | 9.1 | cpe:/o:slackware:slackware_linux:9.1 |