Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20071022_KERNEL_ON_SL5_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

These new kernel packages contain fixes for the following security issues :

  • A flaw was found in the backported stack unwinder fixes in Red Hat Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could trigger this flaw and cause a denial of service. (CVE-2007-4574, Important)

  • A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.
    (CVE-2007-3848, Important)

  • A flaw was found in the Distributed Lock Manager (DLM) in the cluster manager. This allowed a remote user who is able to connect to the DLM port to cause a denial of service. (CVE-2007-3380, Important)

  • A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver which should otherwise be restricted to privileged users. (CVE-2007-4308, Moderate)

  • A flaw was found in the prio_tree handling of the hugetlb support that allowed a local user to cause a denial of service. This only affected kernels with hugetlb support. (CVE-2007-4133, Moderate)

  • A flaw was found in the eHCA driver on PowerPC architectures that allowed a local user to access 60k of physical address space. This address space could contain sensitive information. (CVE-2007-3850, Moderate)

  • A flaw was found in ptrace support that allowed a local user to cause a denial of service via a NULL pointer dereference. (CVE-2007-3731, Moderate)

  • A flaw was found in the usblcd driver that allowed a local user to cause a denial of service by writing data to the device node. To exploit this issue, write access to the device node was needed. (CVE-2007-3513, Moderate)

  • A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. If the root user raised the default wakeup threshold over the size of the output pool, this flaw could be exploited.
    (CVE-2007-3105, Low)

In addition to the security issues described above, several bug fixes preventing possible system crashes and data corruption were also included.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60272);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-3105", "CVE-2007-3380", "CVE-2007-3513", "CVE-2007-3731", "CVE-2007-3848", "CVE-2007-3850", "CVE-2007-4133", "CVE-2007-4308", "CVE-2007-4574");

  script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"These new kernel packages contain fixes for the following security
issues :

  - A flaw was found in the backported stack unwinder fixes
    in Red Hat Enterprise Linux 5. On AMD64 and Intel 64
    platforms, a local user could trigger this flaw and
    cause a denial of service. (CVE-2007-4574, Important)

  - A flaw was found in the handling of process death
    signals. This allowed a local user to send arbitrary
    signals to the suid-process executed by that user. A
    successful exploitation of this flaw depends on the
    structure of the suid-program and its signal handling.
    (CVE-2007-3848, Important)

  - A flaw was found in the Distributed Lock Manager (DLM)
    in the cluster manager. This allowed a remote user who
    is able to connect to the DLM port to cause a denial of
    service. (CVE-2007-3380, Important)

  - A flaw was found in the aacraid SCSI driver. This
    allowed a local user to make ioctl calls to the driver
    which should otherwise be restricted to privileged
    users. (CVE-2007-4308, Moderate)

  - A flaw was found in the prio_tree handling of the
    hugetlb support that allowed a local user to cause a
    denial of service. This only affected kernels with
    hugetlb support. (CVE-2007-4133, Moderate)

  - A flaw was found in the eHCA driver on PowerPC
    architectures that allowed a local user to access 60k of
    physical address space. This address space could contain
    sensitive information. (CVE-2007-3850, Moderate)

  - A flaw was found in ptrace support that allowed a local
    user to cause a denial of service via a NULL pointer
    dereference. (CVE-2007-3731, Moderate)

  - A flaw was found in the usblcd driver that allowed a
    local user to cause a denial of service by writing data
    to the device node. To exploit this issue, write access
    to the device node was needed. (CVE-2007-3513, Moderate)

  - A flaw was found in the random number generator
    implementation that allowed a local user to cause a
    denial of service or possibly gain privileges. If the
    root user raised the default wakeup threshold over the
    size of the output pool, this flaw could be exploited.
    (CVE-2007-3105, Low)

In addition to the security issues described above, several bug fixes
preventing possible system crashes and data corruption were also
included."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0710&L=scientific-linux-errata&T=0&P=1849
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6bb3949f"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_cwe_id(16, 20, 119, 200);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/10/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-8.1.15.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-8.1.15.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-8.1.15.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-8.1.15.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-8.1.15.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-8.1.15.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-fuse-2.6.18-8.1.15.el5-2.6.3-1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"x86_64", reference:"kernel-module-fuse-2.6.18-8.1.15.el5-2.6.3-1.SL")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-fuse-2.6.18-8.1.15.el5PAE-2.6.3-1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-fuse-2.6.18-8.1.15.el5xen-2.6.3-1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"x86_64", reference:"kernel-module-fuse-2.6.18-8.1.15.el5xen-2.6.3-1.SL")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-ipw3945-2.6.18-8.1.15.el5-1.2.0-1.sl5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-ipw3945-2.6.18-8.1.15.el5PAE-1.2.0-1.sl5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-ipw3945-2.6.18-8.1.15.el5xen-1.2.0-1.sl5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-madwifi-2.6.18-8.1.15.el5-0.9.3.1-11.sl5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-madwifi-2.6.18-8.1.15.el5PAE-0.9.3.1-11.sl5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-madwifi-2.6.18-8.1.15.el5xen-0.9.3.1-11.sl5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-madwifi-hal-2.6.18-8.1.15.el5-0.9.3.1-11.sl5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-madwifi-hal-2.6.18-8.1.15.el5PAE-0.9.3.1-11.sl5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-madwifi-hal-2.6.18-8.1.15.el5xen-0.9.3.1-11.sl5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-ndiswrapper-2.6.18-8.1.15.el5-1.41-1.SL")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-ndiswrapper-2.6.18-8.1.15.el5PAE-1.41-1.SL")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-ndiswrapper-2.6.18-8.1.15.el5xen-1.41-1.SL")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-openafs-2.6.18-8.1.15.el5-1.4.4-42.SL5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-openafs-2.6.18-8.1.15.el5PAE-1.4.4-42.SL5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-openafs-2.6.18-8.1.15.el5xen-1.4.4-42.SL5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-r1000-2.6.18-8.1.15.el5-1.05-1.sl")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-module-r1000-2.6.18-8.1.15.el5PAE-1.05-1.sl")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-module-r1000-2.6.18-8.1.15.el5xen-1.05-1.sl")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-8.1.15.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-8.1.15.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

nessus 39
redhat 5
centos 4
oraclelinux 5
openvas 65
ubuntu 8
osv 8
suse 5
prion 9
securityvulns 10
veracode 9
debian 9
cve 9
seebug 1
ubuntucve 9
fedora 2
vmware 2
nessus
nessus
RHEL 5 : kernel (RHSA-2007:0940)
2007-10-25 00:00:00
Oracle Linux 5 : kernel (ELSA-2007-0940)
2013-07-12 00:00:00
CentOS 5 : kernel (CESA-2007:0940)
2010-01-06 00:00:00
redhat
redhat
(RHSA-2007:0940) Important: kernel security update
2007-10-22 00:00:00
(RHSA-2007:0939) Important: kernel security update
2007-11-01 00:00:00
(RHSA-2007:1049) Important: kernel security and bug fix update
2007-12-03 00:00:00
centos
centos
kernel security update
2007-10-23 22:22:36
kernel security update
2007-11-03 02:32:41
kernel security update
2007-12-03 19:44:42
oraclelinux
oraclelinux
Important:kernel security update
2007-10-23 00:00:00
Important: kernel security update
2007-09-30 00:00:00
Important: kernel security update
2007-11-02 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0940)
2015-10-08 00:00:00
Oracle: Security Advisory (ELSA-2007-0936)
2015-10-08 00:00:00
Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-509-1
2009-03-23 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2007-08-30 00:00:00
Linux kernel vulnerabilities
2007-08-31 00:00:00
Linux kernel vulnerabilities
2007-08-31 00:00:00
osv
osv
linux-2.6
2007-08-31 00:00:00
kernel-image-2.6.8 - several issues
2008-02-22 00:00:00
linux-2.6 - several vulnerabilities
2007-08-15 00:00:00
suse
suse
remote denial of service in kernel
2008-03-28 14:11:32
remote denial of service in kernel
2007-09-06 17:18:55
local privilege escalation in kernel
2007-10-12 16:04:36
prion
prion
Design/Logic Flaw
2007-10-23 10:46:00
Path traversal
2007-08-13 21:17:00
Code injection
2007-10-04 23:17:00
securityvulns
securityvulns
Linux aacraid driver IOCTL privilege escalation
2007-08-31 00:00:00
Linux kernel multiple security vulnerabilities
2007-07-19 00:00:00
[SECURITY] [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-08-17 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:21:22
Denial Of Service (DoS)
2020-04-10 00:21:23
Privilege Escalation
2020-04-10 00:21:25
debian
debian
[SECURITY] [DSA 1363-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-08-31 23:33:55
[SECURITY] [DSA 1504-1] New Linux kernel 2.6.8 packages fix several issues
2008-02-22 21:27:33
[SECURITY] [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities
2007-08-16 01:00:53
cve
cve
CVE-2007-4308
2007-08-13 21:17:00
CVE-2007-4133
2007-10-04 23:17:00
CVE-2007-3380
2007-07-20 23:30:00
seebug
seebug
Linux Kernel PTraceη©ΊζŒ‡ι’ˆεΌ•η”¨ζœ¬εœ°ζ‹’η»ζœεŠ‘ζΌζ΄ž
2007-10-03 00:00:00
ubuntucve
ubuntucve
CVE-2007-4308
2007-08-13 00:00:00
CVE-2007-3380
2007-07-20 00:00:00
CVE-2007-4574
2007-10-23 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: kernel-2.6.22.4-65.fc7
2007-08-24 05:44:00
[SECURITY] Fedora Core 6 Update: kernel-2.6.22.4-45.fc6
2007-09-04 21:38:29
vmware
vmware
Updated aacraid driver and Samba and Python service console updates
2008-02-04 00:00:00
Updated aacraid driver and Samba and Python service console updates
2008-02-04 00:00:00
JSON
Related for SL_20071022_KERNEL_ON_SL5_X.NASL
nessus39redhat5centos4oraclelinux5openvas65ubuntu8osv8suse5prion9securityvulns10veracode9debian9cve9seebug1ubuntucve9fedora2vmware2