Check for the Version of kernel
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_suse_2008_037.nasl 8050 2017-12-08 09:34:29Z santu $
#
# SuSE Update for kernel SUSE-SA:2008:037
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The openSUSE 11.0 kernel was updated to 2.6.25.11-0.1.
It fixes following security problems:
CVE-2008-2812: Various tty / serial devices did not check
function pointers for NULL before calling them, leading to potential
crashes or code execution. The devices affected are usually only
accessible by the root user though.
CVE-2008-2750: The pppol2tp_recvmsg function in drivers/net/pppol2tp.c
in the Linux kernel allows remote attackers to cause a denial of
service (kernel heap memory corruption and system crash) and possibly
have unspecified other impact via a crafted PPPOL2TP packet that
results in a large value for a certain length variable.
CVE-2008-3247: On x86_64 systems, a incorrect buffer size in LDT
handling might lead to local untrusted attackers causing a crash
of the machine or potentially execute code with kernel privileges.
This problem only affects the openSUSE 11.0 kernel, since the problem
was introduced in the 2.6.25 kernel.
The update also has lots of other bugfixes that are listed in the
RPM changelog.
We previously also released a 2.6.25.9-0.2 kernel but did not
separately announce it. That update fixed the following security
problems:
CVE-2008-2372: A resource starvation issue within mmap was fixed,
which could have been used by local attackers to hang the machine.
CVE-2008-2826: A integer overflow in SCTP was fixed, which might have
been used by remote attackers to crash the machine or potentially
execute code.";
tag_impact = "local privilege escalation";
tag_affected = "kernel on openSUSE 11.0";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_id(850021);
script_version("$Revision: 8050 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $");
script_tag(name:"creation_date", value:"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_xref(name: "SUSE-SA", value: "2008-037");
script_cve_id("CVE-2008-2372", "CVE-2008-2750", "CVE-2008-2812", "CVE-2008-2826", "CVE-2008-3247");
script_name( "SuSE Update for kernel SUSE-SA:2008:037");
script_summary("Check for the Version of kernel");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "openSUSE11.0")
{
if ((res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.25.11~0.1", rls:"openSUSE11.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~2.6.25.11~0.1", rls:"openSUSE11.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-pae", rpm:"kernel-pae~2.6.25.11~0.1", rls:"openSUSE11.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-rt", rpm:"kernel-rt~2.6.25.11~0.1", rls:"openSUSE11.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.6.25.11~0.1", rls:"openSUSE11.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~2.6.25.11~0.1", rls:"openSUSE11.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-vanilla", rpm:"kernel-vanilla~2.6.25.11~0.1", rls:"openSUSE11.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.25.11~0.1", rls:"openSUSE11.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}