Oracle Enterprise Linux 5.4 kernel security and bug fix update

2009-09-08T00:00:00

Description

[2.6.18-164.el5] - [misc] information leak in sigaltstack (Vitaly Mayatskikh ) [515396] - [misc] execve: must clear current->clear_child_tid (Oleg Nesterov ) [515429] - [net] igb: set lan id prior to configuring phy (Stefan Assmann ) [508870] - [net] udp: socket NULL ptr dereference (Vitaly Mayatskikh ) [518043] {CVE-2009-2698} [2.6.18-163.el5] - [net] make sock_sendpage use kernel_sendpage (Danny Feng ) [516955] {CVE-2009-2692} [2.6.18-162.el5] - [x86_64] Intel IOMMU: Pass Through Support (Don Dutile ) [504363] [2.6.18-161.el5] - [dlm] free socket in error exit path (David Teigland ) [508829] - [net] tg3: fix concurrent migration of VM clients (John Feeney ) [511918] - [scsi] mptfusion: revert to pci_map (Tomas Henzl ) [514049] - [scsi] bnx2i: fix conn disconnection bugs (mchristi@redhat.com ) [513802] - [scsi] qla2xxx: unable to destroy npiv HBA ports (Marcus Barrow ) [514352] - [scsi] ALUA: send STPG if explicit and implicit (mchristi@redhat.com ) [482737] - [scsi] megaraid: fix the tape drive issue (Tomas Henzl ) [510665] - [scsi] cxgb3i: fix skb allocation (mchristi@redhat.com ) [514073] - [fs] __bio_clone: dont calculate hw/phys segment counts (Milan Broz ) [512387] - [fs] ecryptfs: check tag 11 packet data buffer size (Eric Sandeen ) [512863] {CVE-2009-2406} - [fs] ecryptfs: check tag 3 packet encrypted key size (Eric Sandeen ) [512887] {CVE-2009-2407} - [xen] amd iommu: crash with pass-through on large memory (Bhavna Sarathy ) [514910] [2.6.18-160.el5] - [scsi] mptsas: fix max_id initialization (mchristi@redhat.com ) [455678] - [ata] ahci: add IDs for Ibex Peak ahci controllers (David Milburn ) [513067] - [scsi] lpfc: update to 8.2.0.48.2p, fix multiple panics (Rob Evers ) [512266] - [gfs2] remove dcache entries for remote deleted inodes (Benjamin Marzinski ) [505548] - [alsa] add native support for IbexPeak audio (Jaroslav Kysela ) [509526] - [alsa] IbexPeak related patches for codec auto-config (Jaroslav Kysela ) [509526] - [scsi] cciss: call bus_unregister in cciss_remove_one (Rob Evers ) [513070] - [scsi] cciss: add driver sysfs entries (Rob Evers ) [513070] - [net] e1000e/igb: make sure wol can be configured (Andy Gospodarek ) [513032] - [fs] xfs: only compile for x86_64 (Eric Sandeen ) [512827] - [ahci] add SATA GEN3 related messages (David Milburn ) [512086] - [net] tun/tap: open /dev/net/tun and then poll() it fix (Danny Feng ) [512286] {CVE-2009-1897} - [net] mlx4_en: problem with LRO that segfaults KVM host (Doug Ledford ) [510789] - [openib] mthca: fix over sized kmalloc usage (Doug Ledford ) [508902] - [s390] zcrypt: request gets timed out under high load (Hans-Joachim Picht ) [511289] [2.6.18-159.el5] - [scsi] cciss: fix sysfs broken symlink regression (Rob Evers ) [510178] - [kabi] add consume_skb (Jon Masters ) [479200] - [net] ipv6: fix incorrect disable_ipv6 behavior (jolsa@redhat.com ) [512258] - [net] ipv6: fix BUG when disabled module is unloaded (jolsa@redhat.com ) [512258] - [net] ipv6: add 'disable' module parameter support (jolsa@redhat.com ) [512258] - Revert: [mm] fix swap race in fork-gup patch group (Larry Woodman ) [508919] - [scsi] mptfusion: fix OOPS in failover path (Rob Evers ) [504835] - [scsi] stex: minimize DMA coherent allocation (David Milburn ) [486466] - [misc] personality handling: fix PER_CLEAR_ON_SETID (Vitaly Mayatskikh ) [508842] - [misc] build with -fno-delete-null-pointer-checks (Eugene Teo ) [511181] - [scsi] qla2xxx: provide reset capability for EEH (Marcus Barrow ) [511141] - [scsi] bnx2i: fix host setup and libiscsi abort locking (mchristi@redhat.com ) [511096] - [xen] ia64: fix rmmod of PCI devices (Chris Lalancette ) [507520] - [pci] kvm: PCI FLR support for device assignment (Don Dutile ) [510805] - [gfs2] dont put unlikely reclaim glocks on reclaim list (Benjamin Marzinski ) [504335] [2.6.18-158.el5] - [s390] add missing kernel option CONFIG_SHARED_KERNEL (Hans-Joachim Picht ) [506947] - [gfs2] fix incorrent statfs_slow consistency check (Benjamin Marzinski ) [505171] - [net] be2net: fix msix performance regression (Andy Gospodarek ) [510008] - [gfs2] umount.gfs2 hangs eating CPU (Abhijith Das ) [508876] - [block] protect the per-gendisk partition array with rcu (Jeff Moyer ) [495866] - [net] igb: fix panic when assigning device to guest (Andy Gospodarek ) [507173] - [ia64] xen: dom0 get/set_address_size (Chris Lalancette ) [510069] - [x86] fix suspend/resume issue on SB800 chipset (Bhavna Sarathy ) [498135] - [scsi] cciss: fix spinlock (Tomas Henzl ) [509818] - [scsi] qla2xxx: NPIV broken for PPC, endian fix (Marcus Barrow ) [510268] - [scsi] qla2xxx: prevent hangs in extended error handling (Marcus Barrow ) [470510] - [mm] prevent softlockups in copy_hugetlb_page_range (Larry Woodman ) [508919] - [scsi] cxgb3i: fix vlan support (mchristi@redhat.com ) [508409] - [net] bnx2i: RHEL-5.4 code cleanups (mchristi@redhat.com ) [504181] - [x86_64] import asm/svm.h and asm/vmx.h (Eduardo Habkost ) [507483] - [x86_64] import asm/virtext.h (Eduardo Habkost ) [507483] - [x86_64] add MSR_VM_* defines (Eduardo Habkost ) [507483] - [x86_64] disable VMX and SVM on machine_crash_shutdown (Eduardo Habkost ) [507483] - [x86_64] add EFER_SVME define (Eduardo Habkost ) [507483] - [x86_64] define X86_CR4_VMXE (Eduardo Habkost ) [507483] - [net] qlge: rhel-5.4 cleanups (Marcus Barrow ) [509647] - [scsi] lpfc: fix ctx_idx increase and update version (Rob Evers ) [509010] - [scsi] lpfc: move pointer ref. inside alloc check in (Rob Evers ) [509010] - [scsi] lpfc: update to version 8.2.0.48 (Rob Evers ) [509010] - [mm] fix re-read performance regression (Josef Bacik ) [506511] - [net] ipsec: add missing braces to fix policy querying (Herbert Xu ) [462731] - [net] tg3: 5785F and 50160M support (Andy Gospodarek ) [506205] - [pci] intel-iommu: fix iommu address space allocation (Chris Wright ) [509207] - [xen] virtio: do not statically allocate root device (Mark McLoughlin ) [501468] - [xen] virtio: add PCI device release function (Mark McLoughlin ) [501468] - [misc] driver core: add root_device_register (Mark McLoughlin ) [501468] - [block] blktrace: fix recursive block remap tracepoint (Jason Baron ) [502573] - [scsi] qla2xxx: rhel-5.4 fixes and cleanups (Marcus Barrow ) [507246] - [xen] HV: remove high latency spin_lock (Chris Lalancette ) [459410] - [xen] ia64: add get/set_address_size support (Chris Lalancette ) [510069] [2.6.18-157.el5] - [mm] readv: sometimes returns less than it should (Amerigo Wang ) [500693] - [net] be2net: fix races in napi and interrupt handling (Andy Gospodarek ) [508839] - [net] be2net: fix deadlock with bonding (Andy Gospodarek ) [508871] - [xen] quiet printk on FV guest shutdown (Don Dutile ) [501474] - [fs] fuse: enable building the subsystem (Josef Bacik ) [457975] - [gfs2] fix panic in glock memory shrinker (Benjamin Marzinski ) [508806] - [net] rt2x00: use mac80211-provided workqueue (John W. Linville ) [506845] - [pci] quirk: disable MSI on VIA VT3364 chipsets (Dean Nelson ) [501374] - [net] undo vlan promiscuity count when unregistered (Neil Horman ) [481283] - [net] be2net: crash on PPC with LRO and jumbo frames (Andy Gospodarek ) [508404] - [net] RTNL: assertion failed due to bonding notify (Stanislaw Gruszka ) [508297] - [scsi] ibmvfc: process async events before cmd responses (AMEET M. PARANJAPE ) [508127] - [scsi] ibmvfc: fix endless PRLI loop in discovery (AMEET M. PARANJAPE ) [508127] - [scsi] ibmvfc: improve LOGO/PRLO ELS handling (AMEET M. PARANJAPE ) [508127] - [net] iucv: provide second per-cpu cmd parameter block (Hans-Joachim Picht ) [503240] - [net] sky2: /proc/net/dev statistics are broken (Flavio Leitner ) [507932] - [scsi] qla2xxx: prevent I/O stoppage (Marcus Barrow ) [507620] - [scsi] qla2xxx: updates 24xx firmware to 4.04.09 (Marcus Barrow ) [507398] - [scsi] qla2xxx: updates 25xx firmware to 4.04.09 (Marcus Barrow ) [507398] - [scsi] qla4xxx: extended sense data errors, cleanups (Marcus Barrow ) [506981] - [char] tty: prevent an O_NDELAY writer from blocking (Mauro Carvalho Chehab ) [506806] - [xen] allow msi reconfigure for pt_bind_irq (ddugger@redhat.com ) [507970] [2.6.18-156.el5] - [misc] kdump: make mcp55 chips work (Neil Horman ) [462519] - [ide] enable VX800 to use UDMA mode (John Feeney ) [504121] - [misc] wacom: reset state when tool is not in proximity (Aristeu Rozanski ) [499870] - [scsi] lpfc: update to version 8.2.0.46 (Rob Evers ) [506792] - [mm] prevent panic in copy_hugetlb_page_range (Larry Woodman ) [507860] - [gfs2] keep statfs info in sync on grows (Benjamin Marzinski ) [494885] - [gfs2] always queue work after after setting GLF_LOCK (Benjamin Marzinski ) [506140] - [scsi] cxgb3i: use kref to track ddp, support page sizes (mchristi@redhat.com ) [506151] - [security] drop mmap_min_addr to 4096 (Eric Paris ) [507017] - [misc] hrtimer: fix a soft lockup (Amerigo Wang ) [418071] {CVE-2007-5966} - [net] backport net_rx_action tracepoint (Neil Horman ) [506138] - [gfs2] fix truncate buffered/direct I/O issue (Steven Whitehouse ) [504676] - [xen] x86: fix IRQ problem on legacy hardware (ddugger@redhat.com ) [505491] - [xen] disable 2MB support on PAE kernels (Bhavna Sarathy ) [503737] [2.6.18-155.el5] - [mm] fix swap race condition in fork-gup-race patch (Andrea Arcangeli ) [506684] - [net] e1000e: stop unnecessary polling when using msi-x (Andy Gospodarek ) [506841] [2.6.18-154.el5] - [kABI] add smp_send_reschedule and get_user_pages_fast (Jon Masters ) [504038] - [scsi] lpfc: update to version 8.2.0.45 (Rob Evers ) [505445] - [fs] ext4: fix prealloc vs truncate corruption (Eric Sandeen ) [505601] - [net] r8169: fix crash when large packets are received (Ivan Vecera ) [504732] {CVE-2009-1389} - [pci] fix pcie save restore patch (Don Dutile ) [505541] - [scsi] ibmvscsi: add 16 byte CDB support (AMEET M. PARANJAPE ) [502944] - [infiniband] iw_cxgb3: add final fixups for 1.4.1 (Doug Ledford ) [504906] - [infiniband] mlx4_en: hand remove XRC support (Doug Ledford ) [506097] - [infiniband] cxgb3: update firmware from 7.1 to 7.4 (Doug Ledford ) [504955] - [infiniband] ofed: backports from ofed 1.4.1 final bits (Doug Ledford ) [506097] - [infiniband] RDS: Update to ofed 1.4.1 final bits (Doug Ledford ) [506097] - [infiniband] mthca: update to ofed 1.4.1 final bits (Doug Ledford ) [506097] - [net] cxgb3: support two new phys and page mapping fix (Doug Ledford ) [504955] - [infiniband] ipoib/sdp: update to ofed 1.4.1 final bits (Doug Ledford ) [506097] - [infiniband] OFED: back out XRC patch, not ready yet (Doug Ledford ) [506097] - [infiniband] mlx4_en: update to ofed 1.4.1 final bits (Doug Ledford ) [506097] - [infiniband] iw_nes: update to ofed 1.4.1 final bits (Doug Ledford ) [506097] - [infiniband] OFED: fix broken switch statement (Doug Ledford ) [506097] - [infiniband] OFED: removes this backport and all callers (Doug Ledford ) [506097] - [infiniband] iw_cxgb3: update to ofed 1.4.1 final bits (Doug Ledford ) [506097] - [infiniband] mlx4_ib: update to ofed 1.4.1 final bits (Doug Ledford ) [506097] - [infiniband] remove duplicate definition (Doug Ledford ) [500368] - [net] be2net: add intial support (Andy Gospodarek ) [490074] - [net] ixgbe: backport fixups and bugfixes for 82599 (Andy Gospodarek ) [505653] - [md] increase pg_init_in_progress only if work is queued (Jesse Larrew ) [489582] - [x86_64] AMD IOMMU: fix GLX issue in bare metal (Bhavna Sarathy ) [504010] - [scsi] libsas: use the supplied address for SATA devices (David Milburn ) [494658] - [x86_64] amd iommu: fix kdump unknown partition table (Bhavna Sarathy ) [504751] - [char] TPM: get_event_name stack corruption (Dean Nelson ) [503905] - [net] e1000e: update to upstream version 1.0.2-k2 (Andy Gospodarek ) [480241] - [crypto] add continuous test to hw rng in FIPS mode (Neil Horman ) [504218] - [net] ehea: fix invalid pointer access (AMEET M. PARANJAPE ) [504679] - [x86_64] amd iommu: fix spinlock imbalance (Bhavna Sarathy ) [501571] - [x86_64] iommu: protect against broken IVRS ACPI table (Bhavna Sarathy ) [501571] - [x86_64] amd iommu: fix flag masks (Bhavna Sarathy ) [501571] - [x86_64] iommu: fix the handling of device aliases (Bhavna Sarathy ) [501571] - [x86_64] amd iommu: fix an off-by-one error (Bhavna Sarathy ) [501571] - [xen] x86: give dom0 access to machine e820 map (ddugger@redhat.com ) [503818] - [pci] fix sr-iov regression with PCI device class (ddugger@redhat.com ) [503826] - [scsi] qla4xxx: extended sense data errors (Marcus Barrow ) [489389] - [scsi] qla4xxx: remove some dead code (Marcus Barrow ) [459449] - [net] qla2xxx, ql8xxx : support for 10 GigE (Marcus Barrow ) [479288] [2.6.18-153.el5] - [s390x] zfcpdump: move zfcpdump kernel removal to %post (Don Zickus ) [499629] - [x86_64] kvm: fix libvirt based device assignment issue (Bhavna Sarathy ) [504165] - [gfs2] get gfs2meta superblock correctly (Benjamin Marzinski ) [504086] - [ptrace] fix do_coredump vs ptrace_start() deadlock (Oleg Nesterov ) [504157] {CVE-2009-1388} - [scsi] ipr: fix PCI permanent error handler (AMEET M. PARANJAPE ) [503960] - [scsi] IPR: adapter taken offline after first EEH error (AMEET M. PARANJAPE ) [504675] - [scsi] lpfc: update to version 8.2.0.44 (Rob Evers ) [503248] - [net] skb_seq_read: wrong offset/len for page frag data (mchristi@redhat.com ) [501308] - [xen] netback: change back to a flipping interface (Chris Lalancette ) [479754] - [fs] autofs4: remove hashed check in validate_wait (Ian Kent ) [490078] - [ppc64] resolves issues with pcie-save-restore-state (AMEET M. PARANJAPE ) [504198] - [net] gso: stop fraglists from escaping (Herbert Xu ) [499347] - [tun] use non-linear packets where possible (Herbert Xu ) [503309] - [net] skb_copy_datagram_from_iovec (Herbert Xu ) [503309] - [net] tun: only wake up writers (Herbert Xu ) [503191] - Re-apply: [net] tun: add packet accounting (Don Zickus ) [495863] - [sched] fix cond_resched_softirq() offset (Jesse Larrew ) [496935] - [ata] sata_sx4: fixup interrupt and exception handling (David Milburn ) [503827] - Revert: [net] avoid extra wakeups in wait_for_packet (Don Zickus ) [497897] - [net] e1000: fix skb_over_panic (Neil Horman ) [503441] {CVE-2009-1385} [2.6.18-152.el5] - [x86_64] kvm: export symbols to allow building (john cooper ) [504038] - [misc] s390 zfcpdump: check for another image on removal (Hans-Joachim Picht ) [499629] - [net] ixgbe: fix MSI-X allocation on 8+ core systems (Andy Gospodarek ) [500857] - [s390] dasd: add EMC ioctl to the driver (Christoph Hellwig ) [461288] - [net] ixgbe: fix polling saturates CPU (Andy Gospodarek ) [503559] - [misc] core dump: wrong thread info in core dump file (Amerigo Wang ) [503553] - [crypto] testmgr: check all test vector lengths (Jarod Wilson ) [503091] - [net] igb and igbvf: return from napi poll correctly (Andy Gospodarek ) [503215] - [crypto] testmgr: dynamically allocate xbuf and axbuf (Jarod Wilson ) [503091] - [fs] vfs: skip I_CLEAR state inodes in drop_pagecache_sb (Eric Sandeen ) [500164] - Revert: [net] tun: add packet accounting (Herbert Xu ) [495863] - [net] netxen: add GRO Support (Herbert Xu ) [499347] - [nfs] v4: 'r'/'w' perms for user do not work on client (Peter Staubach ) [502244] - [x86] nmi: add Intel cpu 0x6f4 to perfctr1 workaround (Prarit Bhargava ) [500892] - [dm] raid45 target: kernel oops in constructor (Heinz Mauelshagen ) [503070] - [net] sky2: fix sky2 stats (Neil Horman ) [503080] - [acpi] check _PSS frequency to prevent cpufreq crash (Prarit Bhargava ) [500311] - [scsi] mvsas: sync w/ appropriate upstream changes (Rob Evers ) [485126] - [scsi] mvsas: comment cleanup (Rob Evers ) [485126] - [scsi] mvsas: correct bit-map implementation (Rob Evers ) [485126] - [scsi] mvsas: initial patch submission (Rob Evers ) [485126] - [net] add broadcom cnic driver (mchristi@redhat.com ) [441979] - [scsi] add bnx2i iscsi driver (mchristi@redhat.com ) [441979] - [scsi] add netlink msg to iscsi IF to support offload (mchristi@redhat.com ) [441979] - [misc] add UIO framework from upstream (mchristi@redhat.com ) [441979] - [net] add cnic support to bnx2 (mchristi@redhat.com ) [441979] - [powerpc] pass the PDN to check_msix_entries (AMEET M. PARANJAPE ) [502906] - [fs] proc: avoid info leaks to non-privileged processes (Amerigo Wang ) [499541] - [net] ixgbe: add GRO suppport (Herbert Xu ) [499347] - [net] igb: add GRO suppport (Herbert Xu ) [499347] - [net] cxgb3: add GRO suppport (Herbert Xu ) [499347] - [net] vlan: add GRO interfaces (Herbert Xu ) [499347] - [net] tcp6: add GRO support (Herbert Xu ) [499347] - [net] ipv6: add GRO support (Herbert Xu ) [499347] - [net] ethtool: add GGRO and SGRO ops (Herbert Xu ) [499347] - [net] tcp: add GRO support (Herbert Xu ) [499347] - [net] add skb_gro_receive (Herbert Xu ) [499347] - [net] ipv4: add GRO infrastructure (Herbert Xu ) [499347] - [net] add Generic Receive Offload infrastructure (Herbert Xu ) [499347] - [net] add frag_list support to GSO (Herbert Xu ) [499347] - [net] add frag_list support to skb_segment (Herbert Xu ) [499347] - [net] skbuff: add skb_release_head_state (Herbert Xu ) [499347] - [net] skbuff: merge code copy_skb_header and skb_clone (Herbert Xu ) [499347] - [netfilter] nf_conntrack: add __nf_copy to copy members (Herbert Xu ) [499347] - [net] skbuff: add skb_cow_head (Herbert Xu ) [499347] - [net] netpoll: backport netpoll_rx_on (Herbert Xu ) [499347] - [net] gro: Optimise Ethernet header comparison (Herbert Xu ) [499347] - [net] backport csum_replace4/csum_replace2 (Herbert Xu ) [499347] - [net] backport csum_unfold without sparse annotations (Herbert Xu ) [499347] - [net] sky2: fix eeprom reads (Neil Horman ) [501050] - [nfs] v4: client handling of MAY_EXEC in nfs_permission (Peter Staubach ) [500302] {CVE-2009-1630} - [net] forcedeth: restore power up snippet (Ivan Vecera ) [479740] - [md] dm: I/O failures when running dm-over-md with xen (Mikulas Patocka ) [223947] - [selinux] warn on nfs mounts with same SB but diff opts (Eric Paris ) [466701] [2.6.18-151.el5] - [alsa] hda: improve init for ALC262_HP_BPC model (Jaroslav Kysela ) [473949] - [ppc] LPAR hang on multipath device with FCS v2 (AMEET M. PARANJAPE ) [498927] - [fs] nfsd: fix setting the nfsv4 acls (Steve Dickson ) [403021] - [scsi] fnic: compile on x86 too (mchristi@redhat.com ) [501112] - [net] avoid extra wakeups in wait_for_packet (Neil Horman ) [497897] - [x86] xen: fix local denial of service (Chris Lalancette ) [500951] - [scsi] ibmvfc: wait on adapter init before starting scan (AMEET M. PARANJAPE ) [501560] - [net] bnx2x: update to 1.48.105 (Stanislaw Gruszka ) [475481] - [xen] add Credit Scheduler Fairness and hard virt (Justin M. Forbes ) [432700] - [xen] deadlock between libvirt and xentop (Miroslav Rezanina ) [499013] - [xen] sched: remove printk introduced with hard virt (Justin M. Forbes ) [501475] [2.6.18-150.el5] - [kabi] add cmirror symbols to kABI (Jon Masters ) [500745] - Revert: [sched] accurate task runtime accounting (Linda Wang ) [297731] {CVE-2007-3719} - [alsa] hda: add missing comma in ad1884_slave_vols (Jeff Burke ) [500626] - [x86] remove xtime_lock from time_cpufreq_notifier (Prarit Bhargava ) [501178] - [fs] cifs: fix pointer and checks in cifs_follow_symlink (Jeff Layton ) [496577] {CVE-2009-1633} - [fs] ext4: corruption fixes (Eric Sandeen ) [501082] - [lockdep] dont omit lock_set_subclass (Aristeu Rozanski ) [462248] - [ppc] cell: make ptcal more reliable (AMEET M. PARANJAPE ) [501356] - [x86] include asm-x86_64 in i686-devel package (Don Zickus ) [491775] - [misc] compile: add -fwrapv to gcc CFLAGS (Don Zickus ) [491266] - [trace] mm: eliminate extra mm tracepoint overhead (Larry Woodman ) [501013] - [dlm] use more NOFS allocation (Abhijith Das ) [460218] - [dlm] connect to nodes earlier (Abhijith Das ) [460218] - [wireless] mac80211: freeze when ath5k IF brought down (Michal Schmidt ) [499999] - [audit] watch: fix removal of AUDIT_DIR rule on rmdir (Alexander Viro ) [501321] - [trace] sunrpc: adding trace points to status routines v2 (Steve Dickson ) [499008] - [misc] random: make get_random_int more random (Amerigo Wang ) [499776] - [md] retry immediate in 2 seconds (Jesse Larrew ) [489582] - [scsi] retry for NOT_READY condition (Jesse Larrew ) [489582] - [md] handle multiple paths in pg_init (Jesse Larrew ) [489582] - [scsi] fix compilation error (Jesse Larrew ) [489582] - [scsi] add LSI storage IDs (Jesse Larrew ) [489582] - [scsi] handle quiescence in progress (Jesse Larrew ) [489582] - [scsi] retry IO on unit attention (Jesse Larrew ) [489582] - [scsi] handle unit attention in mode select (Jesse Larrew ) [489582] - [scsi] make the path state active by default (Jesse Larrew ) [471426] - [scsi] Retry mode select in rdac device handler (Jesse Larrew ) [489582] [2.6.18-149.el5] - [acpi] updated dock driver for RHEL-5.4 (Matthew Garrett ) [485181] - [infiniband] ib_core: use weak ordering for user memory (AMEET M. PARANJAPE ) [501004] - [mm] fork-o_direct-race v3 (aarcange@redhat.com ) [471613] - [nfs] make nfsv4recoverydir proc file readable (Evan McNabb ) [499840] - [pci] remove pci-stub driver from -xen kernels (Don Dutile ) [500568] - [pci] IOMMU phys_addr cleanup (Don Dutile ) [500901] - [pci] missed fix to pci_find_upstream_pcie_bridge (Don Dutile ) [500901] - [misc] IOMMU MSI header cleanup (Don Dutile ) [500901] - [scsi] megaraid: update megasas to 4.08-RH1 (Tomas Henzl ) [475574] - [fs] nfs: fix an f_mode/f_flags confusion in write.c (Jeff Layton ) [490181] - [fs] cifs: renaming dont try to unlink negative dentry (Jeff Layton ) [500839] - [fs] cifs: fix error handling in parse_DFS_referrals (Jeff Layton ) [496577] {CVE-2009-1633} - [scsi] aacraid: update to 1.1.5-2461 (Rob Evers ) [475559] - [md] dm raid45: dont clear the suspend flag on recovery (Heinz Mauelshagen ) [499406] - [net] cxgb3: update driver for RHEL-5.4 (mchristi@redhat.com ) [439518] - [scsi] add cxgb3i iscsi driver (mchristi@redhat.com ) [439518] - [scsi] port upstream offload code to RHEL-5.4 (mchristi@redhat.com ) [439518] - [scsi] force retry of IO when port/session is changing (mchristi@redhat.com ) [498281] - [net] igbvf: new driver, support 82576 virtual functions (Andy Gospodarek ) [480524] - [net] ehea: fix circular locking problem (AMEET M. PARANJAPE ) [493359] - [s390] appldata: vtimer bug with cpu hotplug (Hans-Joachim Picht ) [497207] [2.6.18-148.el5] - Revert: [mm] fork vs fast gup race fix (Andrea Arcangeli ) [471613] [2.6.18-147.el5] - Revert: [scsi] marvell sas: initial patch submission (Rob Evers ) [485126] - Revert: [scsi] marvell sas: correct bit-map implementation (Rob Evers ) [485126] - Revert: [scsi] marvell sas: comment cleanup (Rob Evers ) [485126] - [misc] FIPS: create checksum for verification at bootup (Don Zickus ) [444632] - [md] dm: raid45 target oops on mapping table reload (Heinz Mauelshagen ) [500387] - [md] dm: raid45 target doesnt create parity as expected (Heinz Mauelshagen ) [499406] - [net] igb: correctly free multiqueue netdevs (Andy Gospodarek ) [500446] - [misc] lockdep: fix large lock subgraph traversal (Aristeu Rozanski ) [462248] - [crypto] make tcrypt stay loaded on success (Jarod Wilson ) [499646] - [crypto] block use of non-fips algs in fips mode (Jarod Wilson ) [499646] - [crypto] mark algs allowed in fips mode (Jarod Wilson ) [499646] - [x86_64] 32-bit ptrace emulation mishandles 6th arg (Jiri Olsa ) [495125] - [fs] cifs: buffer overruns when converting strings (Jeff Layton ) [496577] - [scsi] lpfc: update from version 8.2.0.41 to 8.2.0.43 (Rob Evers ) [498524] - [cpufreq] xen: powernow identifies wrong number of procs (Miroslav Rezanina ) [456437] - [scsi] MPT fusion: remove annoying debug message v2 (Tomas Henzl ) [475455] - [scsi] MPT fusion: make driver legacy I/O port free v2 (Tomas Henzl ) [475451] - [scsi] MPT fusion: update version 3.04.07rh v2 (Tomas Henzl ) [475455] - [ia64] fix regression in nanosleep syscall (Prarit Bhargava ) [499289] - [md] s390: I/O stall when performing random CHPID off/on (Mikulas Patocka ) [500729] - [crypto] add hmac and hmac(sha512) test vectors (Jarod Wilson ) [499463] - [sched] accurate task runtime accounting (Peter Zijlstra ) [297731] {CVE-2007-3719} - [sched] rq clock (Peter Zijlstra ) [297731] {CVE-2007-3719} - [x86] scale cyc_2_nsec according to CPU frequency (Peter Zijlstra ) [297731] {CVE-2007-3719} - [i386] untangle xtime_lock vs update_process_times (Peter Zijlstra ) [297731] {CVE-2007-3719} - [x86_64] clean up time.c (Peter Zijlstra ) [297731] {CVE-2007-3719} - [net] tun: add packet accounting (Herbert Xu ) [495863] - [kabi] add pcie_set_readrq (Jon Masters ) [479200] - [kabi] add Kernel Virtual Machine kABI symbols (Jon Masters ) [466961] - [crypto] add ctr test vectors (Jarod Wilson ) [497888] - [crypto] print self-test success notices in fips mode (Jarod Wilson ) [497885] - [mm] fork vs fast gup race fix (Andrea Arcangeli ) [471613] - [mm] support for lockless get_user_pages (aarcange@redhat.com ) [474913] - Revert: [mm] fork vs gup race fix (aarcange@redhat.com ) [471613] - [net] r8169: reset IntrStatus after chip reset (Ivan Vecera ) [500740] - Revert: [net] forcedeth: power down phy when IF is down (Ivan Vecera ) [479740] - [misc] add AMD IOMMU support to KVM (Bhavna Sarathy ) [481026] - [misc] VT-d: backport of Intel VT-d support to RHEL5 (Don Dutile ) [480411] - [misc] VT-d: add clflush_cache_range function (Don Dutile ) [480411] - [misc] VT-d: add DMAR-related timeout definition (Don Dutile ) [480411] - [misc] VT-d: add DMAR ACPI table support (Don Dutile ) [480411] - [misc] VT-d: add pci_find_upstream_pcie_bridge (Don Dutile ) [480411] - [misc] VT-d: move common MSI defines to msi.h (Don Dutile ) [480411] - [trace] blk tracepoints (Arnaldo Carvalho de Melo ) [493454] - [pci] enable CONFIG_PCI_IOV (ddugger@redhat.com ) [493152] - [pci] save and restore PCIe 2.0 registers (ddugger@redhat.com ) [493152] - [pci] restore PCI-E capability registers after PM event (ddugger@redhat.com ) [493152] - [pci] add SR-IOV API for Physical Function driver (ddugger@redhat.com ) [493152] - [pci] centralize device setup code (ddugger@redhat.com ) [493152] - [pci] reserve bus range for SR-IOV device (ddugger@redhat.com ) [493152] - [pci] restore saved SR-IOV state (ddugger@redhat.com ) [493152] - [pci] initialize and release SR-IOV capability (ddugger@redhat.com ) [493152] - [pci] add a new function to map BAR offsets (ddugger@redhat.com ) [493152] - [pci] allow pci_alloc_child_bus to handle a NULL bridge (ddugger@redhat.com ) [493152] - [pci] enhance pci_ari_enabled (ddugger@redhat.com ) [493152] - [pci] fix ARI code to be compatible with mixed systems (ddugger@redhat.com ) [493152] - [pci] support PCIe ARI capability (ddugger@redhat.com ) [493152] - [pci] export __pci_read_base (ddugger@redhat.com ) [493152] - [pci] fix 64-vbit prefetchable memory resource BARs (ddugger@redhat.com ) [493152] - [pci] handle 64-bit resources better on 32-bit machines (ddugger@redhat.com ) [493152] - [pci] rewrite PCI BAR reading code (ddugger@redhat.com ) [493152] - [xen] add Credit Scheduler Fairness and hard virt (Justin M. Forbes ) [432700] - [xen] x86_64: add 1GB page table support (Bhavna Sarathy ) [251982] [2.6.18-146.el5] - [fs] vfs freeze: use vma->v_file to get to superblock (Eric Sandeen ) [476148] - [net] tg3: allow 5785 to work when running at 10Mbps (Andy Gospodarek ) [469772] - [net] af_iucv: race when queuing incoming iucv messages (Hans-Joachim Picht ) [499626] - [trace] sunrpc: adding trace points to status routines (Steve Dickson ) [499008] - [gfs2] fix glock ref count issue (Steven Whitehouse ) [485098] - [kabi] add acpi_bus_register_driver (Jon Masters ) [462911] - [kabi] add nobh_truncate_page and kernel_read (Jon Masters ) [497276] - [usb] support Huaweis mode switch in kernel (Pete Zaitcev ) [485182] - [scsi] ibmvscsi: LPAR hang on a multipath device (AMEET M. PARANJAPE ) [498927] - [wireless] mac80211: scanning related fixes (John W. Linville ) [498719] - [fs] ecryptfs: remove ecryptfs_unlink_sigs warnings (Eric Sandeen ) [499171] - [fs] ext4: re-fix warning on x86 build (Eric Sandeen ) [499202] - [ppc64] adjust oprofile_cpu_type detail (AMEET M. PARANJAPE ) [496709] - [nfs] SELinux can copy off the top of the stack (Eric Paris ) [493144] - [xen] x86: explicitly zero CR[1] in getvcpucontext (Miroslav Rezanina ) [494876] - [xen] x86: fix overflow in the hpet code (Rik van Riel ) [449346] - [xen] x86: fixes to the 'no missed-tick accounting' code (Rik van Riel ) [449346] - [xen] introduce 'no missed-tick accounting' (Rik van Riel ) [449346] - [xen] x86: misc fixes to the timer code (Rik van Riel ) [449346] - [xen] x86: initialize vlapic->timer_last_update (Rik van Riel ) [449346] [2.6.18-145.el5] - [ia64] xen: switch from flipping to copying interface (Chris Lalancette ) [479754] - [scsi] fnic: init retry counter (Mike Christie ) [484438] - [misc] add some long-missing capabilities to CAP_FS_MASK (Eric Paris ) [499076 497272] {CVE-2009-1072} - [crypto] add ansi_cprng test vectors (Jarod Wilson ) [497891] - [crypto] add rng self-test infra (Jarod Wilson ) [497891] - [md] bitmap merge feature (Doug Ledford ) [481226] - [md] fix lockup on read error (Doug Ledford ) [465781] - [md] dm-raid45: corrupt data and premature end of synch (Heinz Mauelshagen ) [480733 479383] - [fs] generic freeze ioctl interface (Eric Sandeen ) [476148] - [scsi] add mpt2sas driver (Tomas Henzl ) [475665] - [misc] kprobes: fix deadlock issue (John Villalovos ) [210555] - [block] disable iostat collection in gendisk (Jerome Marchand ) [484158] - [block] fix request flags (Jerome Marchand ) [484158] - [misc] fix blktrace api breakage (Hans-Joachim Picht ) [475334] - [fs] fuse: update for RHEL-5.4 (Josef Bacik ) [457975] [2.6.18-144.el5] - Revert: [scsi] MPT Fusion: update to version 3.04.07rh (Tomas Henzl ) [475455] - Revert: [scsi] make fusion MPT driver legacy I/O port free (Tomas Henzl ) [475451] - Revert: [scsi] MPT fusion: remove annoying debug message (Tomas Henzl ) [475455] - [openib] ehca: fix performance during creation of QPs (AMEET M. PARANJAPE ) [498527] - [scsi] qla4xxx: fix driver fault recovery (Marcus Barrow ) [497478] - [misc] make bus_find_device more robust, match upstream (Don Dutile ) [492488] - [md] dm snapshot: refactor __find_pending_exception (Mikulas Patocka ) [496100] - [md] race conditions in snapshots (Mikulas Patocka ) [496100] - [md] dm-raid1: switch read_record from kmalloc to slab (Mikulas Patocka ) [496101] - [md] dm-raid1/mpath: partially completed request crash (Mikulas Patocka ) [496101] - [md] snapshot: store damage (Mikulas Patocka ) [496102] - [scsi] cciss: change in discovering memory bar (Tomas Henzl ) [474392] - [scsi] cciss: version change for RHEL-5.4 (Tomas Henzl ) [474392] - [scsi] cciss: thread to detect config changes on MSA2012 (Tomas Henzl ) [474392] - [scsi] cciss: changes in config functions (Tomas Henzl ) [474392] - [openib] update all the backports for the code refresh (Doug Ledford ) [476301] - [openib] add support for XRC queues (Doug Ledford ) [476301] - [openib] RDS: add the RDS protocol (Doug Ledford ) [477065] - [openib] IPoIB: update to OFED 1.4.1-rc3 (Doug Ledford ) [434779 466086] - [openib] SRP: update to OFED 1.4.1-rc3 (Doug Ledford ) [476301] - [openib] SDP: update to OFED 1.4.1-rc3 (Doug Ledford ) [476301] - [openib] qlgc_vnic: update to OFED 1.4.1-rc3 (Doug Ledford ) [476301] - [openib] cxgb3: update driver to OFED 1.4.1-rc3 (Doug Ledford ) [476301] - [openib] iw_nes: update NES iWARP to OFED 1.4.1-rc3 (Doug Ledford ) [476301] - [openib] mthca: update driver to OFED 1.4.1-rc3 (Doug Ledford ) [476301] - [openib] ipath: update driver to OFED 1.4.1-rc3 (Doug Ledford ) [230035 480696] - [openib] ehca: update driver for RHEL-5.4 (Doug Ledford ) [466086] - [openib] core: disable lock dep annotation (Don Zickus ) [476301] - [openib] core: update core code to OFED 1.4.1-rc3 (Doug Ledford ) [476301] - [openib] rmda: update rdma headers to OFED 1.4.1-rc3 (Doug Ledford ) [476301] - [openib] mlx4: Update mlx4_ib and mlx4_core, add mlx4_en (Doug Ledford ) [456525 477065] - [openib] enable mlx4_en and rds, disable iw_c2 (Doug Ledford ) [476301] - [mm] add tracepoints (Larry Woodman ) [493444] [2.6.18-143.el5] - [net] bonding: ignore updelay param when no active slave (Jiri Pirko ) [495318] - [net] ipv6: fix incoming packet length check (Jiri Pirko ) [492972] - [misc] drivers fix dma_get_required_mask (Tomas Henzl ) [475455] - [gfs2] NFSv2 support (Steven Whitehouse ) [497954] - [ppc64] set error_state to pci_channel_io_normal (AMEET M. PARANJAPE ) [496872] - [mm] allow tuning of MAX_WRITEBACK_PAGES (Larry Woodman ) [479079] - [trace] add 'success' to sched_wakeup/sched_wakeup_new (Jason Baron ) [497414] - [scsi] update iscsi layer and drivers for RHEL-5.4 (mchristi@redhat.com ) [436791 484455] - [crypto] fips: panic box when module validation fails (Neil Horman ) [497228] - [scsi] st: option to use SILI in variable block reads (Tom Coughlan ) [457970] - [net] bonding: support for bonding of IPoIB interfaces (Andy Gospodarek ) [430758] - [net] bonding: update to upstream version 3.4.0 (Andy Gospodarek ) [462632] - [scsi] add md3000 and md3000i entries to rdac_dev_list (John Feeney ) [487293] - [trace] tracepoints for page cache (KII Keiichi ) [475719] - [trace] tracepoints for network socket (KII Keiichi ) [475719] - [scsi] stex: support promise 6Gb sas raid controller (David Milburn ) [492022] - [scsi] add ALUA scsi device handler (mchristi@redhat.com ) [482737] - [scsi] update fnic fcoe driver for RHEL-5.4 (mchristi@redhat.com ) [484438] - [scsi] update libfc/fcoe for RHEL-5.4 (mchristi@redhat.com ) [484438] - [video] efifb: driver update (Brian Maly ) [488820] - [fs] fix softlockup in posix_locks_deadlock (Josef Bacik ) [476659] - [fs] cifs: unicode alignment and buffer sizing problems (Jeff Layton ) [494280] {CVE-2009-1439} - [mm] vmscan: bail out of direct reclaim after max pages (Rik van Riel ) [495442] - [crypto] add self-tests for rfc4309 (Jarod Wilson ) [472386] - [crypto] handle ccm dec test vectors expected to fail (Jarod Wilson ) [472386] - [crypto] fix rfc4309 deadlocks (Jarod Wilson ) [472386] - [scsi] marvell sas: comment cleanup (Rob Evers ) [485126] - [scsi] marvell sas: correct bit-map implementation (Rob Evers ) [485126] - [scsi] marvell sas: initial patch submission (Rob Evers ) [485126] - [acpi] CPU P-state limits ignored by OS (Stanislaw Gruszka ) [494288] - [net] provide a generic SIOETHTOOL ETHTOOL_GPERMADDR (Flavio Leitner ) [462352] - [scsi] lpfc: update to version 8.2.0.41 (Rob Evers ) [476738] - [scsi] lpfc: update to version 8.2.0.40 (Rob Evers ) [476738] - [scsi] lpfc: update to version 8.2.0.39 (Rob Evers ) [476738] - [scsi] lpfc: update to version 8.2.0.38 (Rob Evers ) [476738] [2.6.18-142.el5] - [net] ipv4: remove uneeded bh_lock/unlock from udp_rcv (Neil Horman ) [484590] - [net] ixgbe: update to upstream version 2.0.8-k2 (Andy Gospodarek ) [472547] - [net] igb: update to upstream version 1.3.16-k2 (Andy Gospodarek ) [484102 474881] - [mm] vmalloc: dont pass __GFP_ZERO to slab (Jiri Olsa ) [491685] - [agp] zero pages before sending to userspace (Jiri Olsa ) [497026] {CVE-2009-1192} - [net] e1000: enable TSO6 via ethtool with correct hw (Andy Gospodarek ) [449175] - [net] tg3: update to version 3.96 (Andy Gospodarek ) [481715 469772] - [x86] apic: rollover in calibrate_APIC_clock (Brian Maly ) [456938] - [alsa] handle subdevice_mask in snd_pci_quirk_lookup (Jaroslav Kysela ) [473949 483594] - [ia64] altix: performance degradation in PCI mode (George Beshers ) [497136] - [misc] I/O AT: config file changes (John Feeney ) [436048] - [misc] I/O AT: new ioat*.c (John Feeney ) [436048] - [misc] I/O AT: new dmaengine_v3.c (John Feeney ) [436048] - [misc] I/O AT: new include files (John Feeney ) [436048] - [misc] I/O AT: add drivers/dca (John Feeney ) [436048] - [misc] I/O AT: update network changes (John Feeney ) [436048] - [misc] I/O AT: update existing files (John Feeney ) [436048] - [misc] I/O AT: update include files (John Feeney ) [436048] - [mm] tweak vm diry_ratio to prevent stalls on some DBs (Larry Woodman ) [295291] - [nfs] setacl not working over NFS (Peter Staubach ) [496903] - [fs] ext4: update config options (Eric Sandeen ) [485315] - [fs] ext4: post-2.6.29 fixes (Eric Sandeen ) [485315] - [fs] backport patch for 2.6.29 ext4 (Eric Sandeen ) [485315] - [fs] rebase ext4 and jbd2 to 2.6.29 codebase (Eric Sandeen ) [485315 487933 487940 487944 487947] {CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748} - [fs] update write_cache_pages (Eric Sandeen ) [485315] - [fs] export set_task_ioprio (Eric Sandeen ) [485315] - [scsi] qla2xxx : updates and fixes from upstream, part 4 (Marcus Barrow ) [496126] - [scsi] MPT fusion: remove annoying debug message (Tomas Henzl ) [475455] - [scsi] make fusion MPT driver legacy I/O port free (Tomas Henzl ) [475451] - [scsi] MPT Fusion: update to version 3.04.07rh (Tomas Henzl ) [475455] - [x86] add MAP_STACK mmap flag (Larry Woodman ) [459321] - [scsi] sym53c8xx_2: fix up hotplug support (mchristi@redhat.com ) [461006] - [scsi] qla2xxx : updates and fixes from upstream, part 3 (Marcus Barrow ) [495094] - [scsi] qla2xxx : updates and fixes from upstream, part 2 (Marcus Barrow ) [495092] - [scsi] qla2xxx : updates and fixes from upstream, part 1 (Marcus Barrow ) [480204] - [nfs] memory leak when reading files wth option 'noac' (Peter Staubach ) [493045] - [x86] powernow-k8: export module parameters via sysfs (Prarit Bhargava ) [492010] - [misc] IO accounting: tgid accounting (Jerome Marchand ) [461636] - [misc] IO accounting: read accounting nfs fix (Jerome Marchand ) [461636] - [misc] IO accounting: read accounting (Jerome Marchand ) [461636] - [misc] IO accounting: write cancel accounting (Jerome Marchand ) [461636] - [misc] IO accounting: report in procfs (Jerome Marchand ) [461636] - [misc] IO accounting: account for direct-io (Jerome Marchand ) [461636] - [misc] IO accounting: set CONFIG_TASK_IO_ACCOUNTING (Jerome Marchand ) [461636] - [misc] IO accounting: write accounting (Jerome Marchand ) [461636] - [misc] IO accounting: core statistics (Jerome Marchand ) [461636] - [misc] IO accounting: read accounting cifs fix (Jerome Marchand ) [461636] - [misc] auxiliary signal structure: signal_struct_aux (Jerome Marchand ) [461636] - [misc] auxiliary signal structure: preparation (Jerome Marchand ) [461636] - [xen] x86: fix MSI eoi handling for HVM passthru (Gerd Hoffmann ) [477261] [2.6.18-141.el5] - [x86_64] more cpu_khz to tsc_khz conversions (Prarit Bhargava ) [483300] - [gfs2] unaligned access in gfs2_bitfit (Abhijith Das ) [485226] - [gfs2] remove scand & glockd kernel processes (Benjamin Marzinski ) [273001] - [x86] fix tick divider with clocksource=pit (Chris Lalancette ) [427588] - [fs] autofs4: fix incorect return in autofs4_mount_busy (Ian Kent ) [496766] - [x86] fix cpuid.4 instrumentation (Brian Maly ) [454981] - [md] dm-mpath: propagate ioctl error codes (Benjamin Marzinski ) [461469] - [fs] aio: race in aio_complete leads to process hang (Jeff Moyer ) [475814] - [s390] enable raw devices (Jeff Moyer ) [452534] - [net] bnx2: update to latest upstream - 1.9.3 (Ivan Vecera ) [475567 476897 489519] - [net] forcedeth: update to upstream version 0.62 (Ivan Vecera ) [479740] - [net] r8169: dont update stats counters when IF is down (Ivan Vecera ) [490162] - [net] r8169: fix RxMissed register access (Ivan Vecera ) [474334] - [x86] prevent boosting kprobes on exception address (Masami Hiramatsu ) [493088] - [gfs2] add fiemap support (Steven Whitehouse ) [476626] - [net] e1000e: fix false link detection (Michal Schmidt ) [492270] - [ppc] pseries: set error_state to pci_channel_io_normal (AMEET M. PARANJAPE ) [496872] - [nfs] large writes rejected when sec=krb5i/p specified (Peter Staubach ) [486756] - [wireless] iwlwifi: problems switching b/w WPA and WEP (John W. Linville ) [474699] - [net] ipv6: assume loopback address in link-local scope (Jiri Pirko ) [487233] - [fs] keep eventpoll from locking up the box (Josef Bacik ) [487585] - [ppc64] adjust oprofile_cpu_type (AMEET M. PARANJAPE ) [496709] - [fs] jbd: properly dispose of unmapped data buffers (Josef Bacik ) [479296] - [fs] ext3: dir_index: error out on corrupt dx dirs (Josef Bacik ) [454942] - [fs] ext3: dont resize if no reserved gdt blocks left (Josef Bacik ) [443541] - [agp] add pci ids for new video cards (John Villalovos ) [474513] - [ata] sata_mv: fix chip type for RocketRaid 1740/1742 (David Milburn ) [496338] - [misc] exit_notify: kill the wrong capable check (Oleg Nesterov ) [494271] {CVE-2009-1337} - [ipmi] fix platform crash on suspend/resume (peterm@redhat.com ) [475536] - [ipmi] fix some signedness issues (peterm@redhat.com ) [475536] - [ipmi] hold ATTN until upper layer is ready (peterm@redhat.com ) [475536] - [ipmi] allow shared interrupts (peterm@redhat.com ) [475536] - [scsi] add missing SDEV_DEL state if slave_alloc fails (Tomas Henzl ) [430170] - [net] eHEA: mutex_unlock missing in eHEA error path (AMEET M. PARANJAPE ) [482796] - [misc] xen: change PVFB not to select abs. pointer (Markus Armbruster ) [492866] - [pci] pci-stub module to reserve pci device (Mark McLoughlin ) [491842] - [pci] add remove_id sysfs entry (Mark McLoughlin ) [491842] - [pci] use proper call to driver_create_file (Mark McLoughlin ) [491842] - [pci] fix __pci_register_driver error handling (Mark McLoughlin ) [491842] - [misc] add /sys/bus/*/driver_probe (Mark McLoughlin ) [491842] - [misc] backport new ramdisk driver (Don Howard ) [480663] - [x86] general pci_scan_bus fix for baremetal and xen (Prarit Bhargava ) [494114] - [misc] add HP xw460c to bf sort pci list (Prarit Bhargava ) [490068] - [mm] enable dumping of hugepages into core dumps (Dave Anderson ) [470411] - [misc] hrtimer: check relative timeouts for overflow (AMEET M. PARANJAPE ) [492230] - [acpi] add T-state notification support (Luming Yu ) [487567] - [x86_64] copy_user_c can zero more data than needed (Vitaly Mayatskikh ) [490938] - [misc] hpilo: backport bugfixes and updates for RHEL-5.4 (tcamuso@redhat.com ) [488964] - [pci] do not clear PREFETCH register (Prarit Bhargava ) [486185] - [misc] waitpid reports stopped process more than once (Vitaly Mayatskikh ) [481199] - [scsi] ipr: enhance driver to support MSI-X interrupt (AMEET M. PARANJAPE ) [475717] - [specfile] add ability to build only debug kernel (Jeff Layton ) [469707] - [xen] clear X86_FEATURE_APIC in cpuid when apic disabled (ddugger@redhat.com ) [496873] - [xen] enable systems without APIC (ddugger@redhat.com ) [496873] - [xen] vt-d: workaround for Mobile Series 4 Chipset (ddugger@redhat.com ) [496873] - [xen] pci: fix definition of PCI_PM_CTRL_NO_SOFT_RESET (ddugger@redhat.com ) [496873] - [xen] utilise the GUEST_PAT and HOST_PAT vmcs area (ddugger@redhat.com ) [496873] - [xen] VT-d: enhance MTRR/PAT virtualization (ddugger@redhat.com ) [496873] - [xen] fix interrupt remapping on AMD systems (Bhavna Sarathy ) [477261] - [xen] enable AMD IOMMU Xen driver (Bhavna Sarathy ) [477261] - [xen] add AMD IOMMU Xen driver (Bhavna Sarathy ) [477261] - [xen] live migration failure due to fragmented memory (Jiri Denemark ) [469130] [2.6.18-140.el5] - [fs] xfs: add fiemap support (Josef Bacik ) [296951] - [net] add DSCP netfilter target (Thomas Graf ) [481652] - [gfs2] blocked after recovery (Abhijith Das ) [483541] - [net] remove misleading skb_truesize_check (Thomas Graf ) [474883] - [mm] 100% time spent under NUMA when zone_reclaim_mode=1 (Larry Woodman ) [457264] - [mm] msync does not sync data for a long time (Larry Woodman ) [479079] - [md] dm: fix OOps in mempool_free when device removed (Milan Broz ) [495230] - [net] bonding: clean up resources upon removing a bond (Masahiro Matsuya ) [463244] - [fs] nfs: convert to new aops (Jeff Layton ) [476224] - [fs] cifs: update CIFS for RHEL5.4 (Jeff Layton ) [465143] - [misc] types: add fmode_t typedef (Jeff Layton ) [465143] - [misc] keys: key facility changes for AF_RXRPC (Jeff Layton ) [465143] - [misc] xen: bump max_phys_cpus to 256 (Chris Lalancette ) [477206] - [misc] fork: CLONE_PARENT && parent_exec_id interaction (Don Howard ) [479964] - [wireless] iwlagn: make swcrypto/swcrypto50=1 default (John W. Linville ) [474699] - [wireless] mac80211: avoid null deref (John W. Linville ) [482990] - [net] fix out of bound access to hook_entries (Thomas Graf ) [484036] - [net] sctp: allow sctp_getladdrs to work for IPv6 (Neil Horman ) [492633] - [x86] xen: fix interaction between dom0 and NTP (Rik van Riel ) [494879] - [ata] sata_mv: fix 8-port timeouts on 508x/6081 chips (David Milburn ) [493451] - [net] fixed tcp_ack to properly clear ->icsk_probes_out (Jiri Olsa ) [494427] - [x86] xen: crash when specifying mem= (Chris Lalancette ) [240429] - [scsi] qla2xxx: reduce DID_BUS_BUSY failover errors (Marcus Barrow ) [244967] - [ata] libata: ahci enclosure management bios workaround (David Milburn ) [488471] - [scsi] aic7xxx: increase max IO size (mchristi@redhat.com ) [493448] - [nfs] v4: client crash on file lookup with long names (Sachin S. Prabhu ) [493942] - [mm] fix prepare_hugepage_range to check offset (Larry Woodman ) [488260] - [misc] make sure fiemap.h is installed in headers pkg (Josef Bacik ) [296951] - [fs] generic block based fiemap (Josef Bacik ) [296951] - [fs] add fiemap interface (Josef Bacik ) [296951] - [trace] use unregister return value (Jason Baron ) [465543] - [trace] change rcu_read_sched -> rcu_read (Jason Baron ) [465543] - [trace] introduce noupdate apis (Jason Baron ) [465543] - [trace] simplify rcu usage (Jason Baron ) [465543] - [trace] fix null pointer dereference (Jason Baron ) [465543] - [trace] tracepoints fix reentrancy (Jason Baron ) [465543] - [trace] make tracepoints use rcu sched (Jason Baron ) [465543] - [trace] use TABLE_SIZE macro (Jason Baron ) [465543] - [trace] remove kernel-trace.c (Jason Baron ) [465543] - [trace] remove prototype from tracepoint name (Jason Baron ) [465543] - [x86] use CPU feature bits to skip tsc_unstable checks (Chris Lalancette ) [463573] - [x86] vmware: disable softlock processing on tsc systems (Chris Lalancette ) [463573] - [x86] vmware lazy timer emulation (Chris Lalancette ) [463573] - [x86] xen: improve KVM timekeeping (Chris Lalancette ) [463573] - [x86_64] xen: implement a minimal TSC based clocksource (Chris Lalancette ) [463573] - [x86] use cpu_khz for loops_per_jiffy calculation (Chris Lalancette ) [463573] - [x86] vmware: look for DMI string in product serial key (Chris Lalancette ) [463573] - [x86] VMware: Fix vmware_get_tsc code (Chris Lalancette ) [463573] - [x86] xen: add X86_FEATURE_HYPERVISOR feature bit (Chris Lalancette ) [463573] - [x86] xen: changes timebase calibration on Vmware (Chris Lalancette ) [463573] - [x86] add a synthetic TSC_RELIABLE feature bit (Chris Lalancette ) [463573] - [x86] hypervisor: detection and get tsc_freq (Chris Lalancette ) [463573] - [x86] fdiv bug detection fix (Chris Lalancette ) [463573] - [misc] printk: add KERN_CONT (Chris Lalancette ) [463573] - [s390] add additional card IDs to CEX2C and CEX2A (Hans-Joachim Picht ) [488496] - [gfs2] merge upstream uevent patches into RHEL 5.4 (Steven Whitehouse ) [476707] - [xen] x86: GDT: replace single page with one page/CPU (Chris Lalancette ) [477206] - [xen] x86: VPID: free resources (ddugger@redhat.com ) [464821] - [xen] x86: VPID: implement feature (ddugger@redhat.com ) [464821] - [xen] fix 32-on-64 PV oops in xen_set_pud (Chris Lalancette ) [467698] [2.6.18-139.el5] - [pci] xen dom0: hook PCI probe and remove callbacks (ddugger@redhat.com ) [484227] - [misc] xen dom0: add hypercall for add/remove PCI device (ddugger@redhat.com ) [484227] - [pci] xen: dom0/domU MSI support using PHSYDEV_map_irq (ddugger@redhat.com ) [484227] - [mm] mmu_notifier: kabi workaround support (john cooper ) [485718] - [mm] mmu_notifier: set CONFIG_MMU_NOTIFIER to y (john cooper ) [485718] - [mm] mmu-notifier: optimized ability to admin host pages (john cooper ) [485718] - [mm] mmu-notifiers: add mm_take_all_locks operation (john cooper ) [485718] - [misc] introduce list_del_init_rcu (john cooper ) [485718] - [ppc] spufs: fix incorrect buffer offset in regs write (AMEET M. PARANJAPE ) [493426] - [ppc] spufs: check offset before calculating write size (AMEET M. PARANJAPE ) [493426] - [net] add dropmonitor protocol (Neil Horman ) [470539] - [ppc] reject discontiguous MSI-X requests (AMEET M. PARANJAPE ) [492580] - [ppc] implement a quota system for MSIs (AMEET M. PARANJAPE ) [492580] - [ppc] return req#msi(-x) if request is larger (AMEET M. PARANJAPE ) [492580] - [ppc] msi: return the number of MSIs we could allocate (AMEET M. PARANJAPE ) [492580] - [ppc] check for MSI-X also in rtas_msi_pci_irq_fixup() (AMEET M. PARANJAPE ) [492580] - [ppc] add support for ibm,req#msi-x (AMEET M. PARANJAPE ) [492580] - [ppc] fix MSI-X interrupt querying (AMEET M. PARANJAPE ) [492580] - [ppc] msi: return the number of MSI-X available (AMEET M. PARANJAPE ) [492580] - [trace] add include/trace dir to -devel (Jason Baron ) [489096] - [mm] xen: 'ptwr_emulate' messages when booting PV guest (Chris Lalancette ) [490567] - [fs] lockd: reference count leaks in async locking case (Jeff Layton ) [471254] - [s390] kernel: cpcmd with vmalloc addresses (Hans-Joachim Picht ) [487697] - [s390] af_iucv: error handling in iucv_callback_txdone (Hans-Joachim Picht ) [487697] - [s390] af_iucv: broken send_skb_q result in endless loop (Hans-Joachim Picht ) [487697] - [s390] af_iucv: free iucv path/socket in path_pending cb (Hans-Joachim Picht ) [487697] - [s390] af_iucv: avoid left over IUCV connections (Hans-Joachim Picht ) [487697] - [s390] af_iucv: new error return codes for connect (Hans-Joachim Picht ) [487697] - [s390] af_iucv: hang if recvmsg is used with MSG_PEEK (Hans-Joachim Picht ) [487703] - [net] ixgbe: stop double counting frames and bytes (Andy Gospodarek ) [487213] - [net] netfilter: x_tables: add connlimit match (Jiri Pirko ) [483588] - [nfs] only set file_lock.fl_lmops if stateowner is found (Jeff Layton ) [479323] - [dlm] init file_lock before copying conflicting lock (Jeff Layton ) [479323] - [nfs] nfsd: ensure nfsv4 calls the fs on LOCKT (Jeff Layton ) [479323] - [net] allow for on demand emergency route cache flushing (Neil Horman ) [461655] - [xen] x86: update the earlier APERF/MPERF patch (Chris Lalancette ) [493557] - [xen] fix evtchn exhaustion with 32-bit HVM guest (Chris Lalancette ) [489274] - [xen] ia64: fix HVM guest kexec (Chris Lalancette ) [418591] - [xen] ia64: fix whitespace error in vmx.h (Chris Lalancette ) [477098] - [xen] add hypercall for adding and removing PCI devices (ddugger@redhat.com ) [484227] - [xen] HVM MSI passthrough support (ddugger@redhat.com ) [484227] - [xen] VT-d2: enable interrupt remapping for MSI/MSI-x (ddugger@redhat.com ) [484227] - [xen] MSI support interface (ddugger@redhat.com ) [484227] - [xen] MSI supprt internal functions (ddugger@redhat.com ) [484227] - [xen] convert pirq to per-domain (ddugger@redhat.com ) [484227] - [xen] rename evtchn_lock to event_lock (ddugger@redhat.com ) [484227] - [xen] sync VT-d2 code with xen-unstable (ddugger@redhat.com ) [484227] - [xen] VT-d2: support interrupt remapping (ddugger@redhat.com ) [484227] - [xen] VT-d2: support queue invalidation (ddugger@redhat.com ) [484227] - [xen] x86: emulate accesses to PCI window regs cf8/cfc (ddugger@redhat.com ) [484227] - [xen] vtd: avoid redundant context mapping (ddugger@redhat.com ) [484227] - [xen] x86: fix EPT for VT-d (ddugger@redhat.com ) [484227] - [xen] x86: add domctl interfaces for VT-d (ddugger@redhat.com ) [484227] - [xen] x86: memory changes for VT-d (ddugger@redhat.com ) [484227] - [xen] x86: intercept I/O for assigned device (ddugger@redhat.com ) [484227] - [xen] x86: IRQ injection changes for VT-d (ddugger@redhat.com ) [484227] - [xen] add VT-d specific files (ddugger@redhat.com ) [484227] - [xen] some system changes for VT-d (ddugger@redhat.com ) [484227] - [xen] add VT-d public header files (ddugger@redhat.com ) [484227] - [xen] ia64: add pci definitions and access functions (ddugger@redhat.com ) [484227] [2.6.18-138.el5] - [nfs] remove bogus lock-if-signalled case (Bryn M. Reeves ) [456288] - [gfs2] fix uninterruptible quotad sleeping (Steven Whitehouse ) [492943] - [net] iptables NAT port randomisation (Thomas Graf ) [459943] - [gfs2] tar off gfs2 broken - truncated symbolic links (Steven Whitehouse ) [492911] - [net] skip redirect msg if target addr is not link-local (Thomas Graf ) [481209] - [scsi] lpfc: remove duplicate pci* functions from driver (Prarit Bhargava ) [442007] - [net] igb: make driver ioport free (Prarit Bhargava ) [442007] - [net] e1000: make driver ioport free (Prarit Bhargava ) [442007] - [net] e1000e: make driver ioport free (Prarit Bhargava ) [442007] - [pci] add pci*_selected_region/pci_enable_device_io|mem (Prarit Bhargava ) [442007] - [x86] NONSTOP_TSC in tsc clocksource (Luming Yu ) [474091] - [ppc] keyboard not recognized on bare metal (Justin Payne ) [455232] - [fs] writeback: fix persistent inode->dirtied_when val (Jeff Layton ) [489359] - [fs] xfs: misc upstream fixes (Eric Sandeen ) [470845] - [fs] xfs: fix compat ioctls (Eric Sandeen ) [470845] - [fs] xfs: new aops interface (Eric Sandeen ) [470845] - [fs] xfs: backport to rhel5.4 kernel (Eric Sandeen ) [470845] - [fs] xfs: update to 2.6.28.6 codebase (Eric Sandeen ) [470845] - [fs] d_obtain_alias helper (Eric Sandeen ) [470845] - [fs] d_add_ci helper (Eric Sandeen ) [470845] - [misc] completion helpers (Eric Sandeen ) [470845] - [fs] block_page_mkwrite helper (Eric Sandeen ) [470845] - [mm] generic_segment_checks helper (Eric Sandeen ) [470845] - [i2c] add support for SB800 SMBus (Bhavna Sarathy ) [488746] - [i2c] i2c-piix4: support for the Broadcom HT1100 chipset (Flavio Leitner ) [474240] - [s390] hvc_iucv: z/VM IUCV hypervisor console support (Hans-Joachim Picht ) [475551] - [s390] hvc_console: upgrade version of hvc_console (Hans-Joachim Picht ) [475551] - [s390] iucv: locking free version of iucv_message_ (Hans-Joachim Picht ) [475551] - [s390] set default preferred console device 'ttyS' (Hans-Joachim Picht ) [475551] - [s390] kernel: shutdown action 'dump_reipl' (Hans-Joachim Picht ) [474688] - [s390] splice: handle try_to_release_page failure (Hans-Joachim Picht ) [475334] - [s390] blktrace: add ioctls to SCSI generic devices (Hans-Joachim Picht ) [475334] - [s390] add FCP performance data collection (Hans-Joachim Picht ) [475334] - [s390] extra kernel parameters via VMPARM (Hans-Joachim Picht ) [475530] - [s390] kernel: extra kernel parameters via VMPARM (Hans-Joachim Picht ) [475530] - [s390] z90crypt: add ap adapter interrupt support (Hans-Joachim Picht ) [474700] - [s390] add Call Home data (Hans-Joachim Picht ) [475820] - [s390] kernel: processor degredation support (Hans-Joachim Picht ) [475820] - [s390] kernel: Shutdown Actions Interface (Hans-Joachim Picht ) [475563] - [s390] provide service levels of HW & Hypervisor (Hans-Joachim Picht ) [475570] - [s390] qeth: ipv6 support for hiper socket layer 3 (Hans-Joachim Picht ) [475572] - [s390] kernel: NSS Support (Hans-Joachim Picht ) [474646] - [acpi] donot evaluate _PPC until _PSS has been evaluated (Matthew Garrett ) [469105] - [net] iwlwifi: enable LEDS Kconfig options (John W. Linville ) [486030] - [spec] devel pkg: own the directories they write too (Don Zickus ) [481808] - [crypto] bugfixes to ansi_cprng for fips compliance (Neil Horman ) [481175 469437] - [scsi] qla2xxx: production FCoE firmware (Marcus Barrow ) [471900] - [scsi] qla2xxx: production FCoE support (Marcus Barrow ) [471900] - [fs] add compat_sys_ustat (Eric Sandeen ) [472426] - [x86_64] panic if AMD cpu_khz is wrong (Prarit Bhargava ) [472523] - [x86] fix calls to pci_scan_bus (Prarit Bhargava ) [470202] [2.6.18-137.el5] - [fs] HFS: mount memory leak (Dave Anderson ) [488048] - [docs] document netdev_budget (Stanislaw Gruszka ) [463249] - [net] netfilter: nfmark IPV6 routing in OUTPUT (Anton Arapov ) [470059] - [gfs2] use ->page_mkwrite for mmap() (Benjamin Marzinski ) [315191] - [fs] ecryptfs: fix memory leak into crypto headers (Eric Sandeen ) [491256] - [x86] add nonstop_tsc flag in /proc/cpuinfo (Luming Yu ) [474091] - [alsa] HDA: update for RHEL-5.4 (Jaroslav Kysela ) [483594] - [fs] autofs4: fix lookup deadlock (Ian Kent ) [490078] - [fs] autofs4: make autofs type usage explicit (Ian Kent ) [452120] - [fs] autofs4: add miscelaneous device for ioctls (Ian Kent ) [452120] - [fs] autofs4: devicer node ioctl docoumentation (Ian Kent ) [452120] - [fs] autofs4: track uid and gid of last mount requester (Ian Kent ) [452120] - [nfs] memory corruption in nfs3_xdr_setaclargs (Sachin S. Prabhu ) [479432] - [misc] cpuset: attach_task fixes (KII Keiichi ) [471634] - [s390] dasd: fix race in dasd timer handling (Hans-Joachim Picht ) [490128] - [x86] use [ml]fence to synchronize rdtsc (Chris Lalancette ) [448588] - [xen] silence MMCONFIG warnings (Chris Lalancette ) [462572] - [xen] fix occasional deadlocks in Xen netfront (Chris Lalancette ) [480939] - [xen] fix crash when modprobe xen-vnif in a KVM guest (Chris Lalancette ) [487691] - [xen] xen reports bogus LowTotal (Chris Lalancette ) [428892] - [xen] wait 5 minutes for device connection (Chris Lalancette ) [396621] - [xen] only recover connected devices on resume (Chris Lalancette ) [396621] - [xen] ia64: fix bad mpa messages (Chris Lalancette ) [288511] - [net] handle non-linear packets in skb_checksum_setup (Herbert Xu ) [477012] - [fs] fix __page_symlink to be kabi friendly (Josef Bacik ) [445433] - [fs] ext3: convert to new aops (Josef Bacik ) [445433] - [mm] make new aops kABI friendly (Josef Bacik ) [445433] - [fs] fix symlink allocation context (Josef Bacik ) [445433] - [mm] iov_iter_advance fix, dont go off the end (Josef Bacik ) [445433] - [mm] fix infinite loop with iov_iter_advance (Josef Bacik ) [445433] - [mm] restore the KERNEL_DS optimisations (Josef Bacik ) [445433] - [gfs2] remove generic aops stuff (Josef Bacik ) [445433] - [fs] new cont helpers (Josef Bacik ) [445433] - [mm] introduce new aops, write_begin and write_end (Josef Bacik ) [445433] - [fs] splice: dont do readpage (Josef Bacik ) [445433] - [fs] splice: dont steal pages (Josef Bacik ) [445433] - [gfs2] remove static iov iter stuff (Josef Bacik ) [445433] - [mm] iov_iter helper functions (Josef Bacik ) [445433] - [mm] fix pagecache write deadlocks (Josef Bacik ) [445433] - [mm] write iovec cleanup (Josef Bacik ) [445433] - [mm] fix other users of __grab_cache_page (Josef Bacik ) [445433] - [mm] cleanup page caching stuff (Josef Bacik ) [445433] - [mm] cleanup error handling (Josef Bacik ) [445433] - [mm] clean up buffered write code (Josef Bacik ) [445433] - [mm] revert deadlock on vectored write fix (Josef Bacik ) [445433] - [mm] kill the zero-length iovec segments handling (Josef Bacik ) [445433] - [mm] revert KERNEL_DS buffered write optimisation (Josef Bacik ) [445433] - [mm] clean up pagecache allocation (Josef Bacik ) [445433] - [x86] move pci_video_fixup to later in boot (Prarit Bhargava ) [467785] - [usb] net: dm9601: upstream fixes for 5.4 (Ivan Vecera ) [471800] - [xen] ia64: fix FP emulation in a PV domain (Chris Lalancette ) [477098] - [xen] ia64: make sure guest pages dont change (Chris Lalancette ) [477098] - [xen] improve handle_fpu_swa (Chris Lalancette ) [477098] - [xen] ia64: fix windows 2003 BSOD (Chris Lalancette ) [479923] - [xen] x86: fix dom0 panic when using dom0_max_vcpus (Chris Lalancette ) [485119] - [xen] x86: silence WRMSR warnings (Chris Lalancette ) [470035] [2.6.18-136.el5] - Revert: [x86_64] fix gettimeoday TSC overflow issue (Prarit Bhargava ) [467942] - [ptrace] audit_syscall_entry to use right syscall number (Jiri Pirko ) [488002] {CVE-2009-0834} - [md] dm: check log bitmap will fit within the log device (Milan Broz ) [471565] - [nfs] add 'lookupcache' mount option for nfs shares (Sachin S. Prabhu ) [489285] - [nfs] add fine grain control for lookup cache in nfs (Sachin S. Prabhu ) [489285] - [net] tulip: MTU problems with 802.1q tagged frames (Ivan Vecera ) [484796] - [net] rtnetlink: fix sending message when replace route (Jiri Pirko ) [462725] - [s390] sclp: handle zero-length event buffers (Hans-Joachim Picht ) [487695] - [s390] dasd: DASDFMT not operating like CPFMTXA (Hans-Joachim Picht ) [484836] - [xen] fix blkfront bug with overflowing ring (Chris Lalancette ) [460693] - [net] ipv6: disallow IPPROTO_IPV6-level IPV6_CHECKSUM (Jiri Pirko ) [486204] - [ide] fix interrupt flood at startup w/ESB2 (James Paradis ) [438979] - [s390] cio: Properly disable not operational subchannel (Hans-Joachim Picht ) [487701] - [misc] kernel-headers: add serial_reg.h (Don Zickus ) [463538] [2.6.18-135.el5] - [s390] iucv: failing cpu hot remove for inactive iucv (Hans-Joachim Picht ) [485412] - [s390] dasd: fix waitqueue for sleep_on_immediatly (Hans-Joachim Picht ) [480161] - [ide] increase timeouts in wait_drive_not_busy (Stanislaw Gruszka ) [464039] - [x86_64] mce: do not clear an unrecoverable error status (Aristeu Rozanski ) [489692] - [wireless] iwlwifi: booting with RF-kill switch enabled (John W. Linville ) [482990] - [net] put_cmsg: may cause application memory overflow (Jiri Pirko ) [488367] - [x86_64] fix gettimeoday TSC overflow issue (Prarit Bhargava ) [467942] - [net] ipv6: check hop limit setting in ancillary data (Jiri Pirko ) [487406] - [net] ipv6: check outgoing interface in all cases (Jiri Pirko ) [486215] - [acpi] disable GPEs at the start of resume (Matthew Garrett ) [456302] - [crypto] include crypto headers in kernel-devel (Neil Horman ) [470929] - [net] netxen: rebase for RHEL-5.4 (tcamuso@redhat.com ) [485381] - [misc] signal: modify locking to handle large loads (AMEET M. PARANJAPE ) [487376] - [kexec] add ability to dump log from vmcore file (Neil Horman ) [485308] - [fs] ext3: handle collisions in htree dirs (Eric Sandeen ) [465626] - [acpi] use vmalloc in acpi_system_read_dsdt (Prarit Bhargava ) [480142] - [misc] make ioctl.h compatible with userland (Jiri Pirko ) [473947] - [nfs] sunrpc: add sv_maxconn field to svc_serv (Jeff Layton ) [468092] - [nfs] lockd: set svc_serv->sv_maxconn to a better value (Jeff Layton ) [468092] - [mm] decrement reclaim_in_progress after an OOM kill (Larry Woodman ) [488955] - [misc] sysrq-t: display backtrace for runnable processes (Anton Arapov ) [456588] [2.6.18-134.el5] - [dlm] fix length calculation in compat code (David Teigland ) [487672] - [net] ehea: remove adapter from list in error path (AMEET M. PARANJAPE ) [488254] - [x86] reserve low 64k of memory to avoid BIOS corruption (Matthew Garrett ) [471851] - [nfs] fix hung clients from deadlock in flush_workqueue (David Jeffery ) [483627] - [net] fix a few udp counters (Neil Horman ) [483266] - [ia64] use current_kernel_time/xtime in hrtimer_start() (Prarit Bhargava ) [485323] - [sata] libata: ahci withdraw IGN_SERR_INTERNAL for SB800 (David Milburn ) [474301] - [ata] libata: iterate padded atapi scatterlist (David Milburn ) [446086] - [x86] TSC keeps running in C3+ (Luming Yu ) [474091] - [acpi] fix C-states less efficient on certain machines (Luming Yu ) [484174] - [net] ipv6: fix getsockopt for sticky options (Jiri Pirko ) [484105 483790] - [ppc64] cell spufs: update to the upstream for RHEL-5.4 (AMEET M. PARANJAPE ) [475620] - [ppc64] cell: fix npc setting for NOSCHED contexts (AMEET M. PARANJAPE ) [467344] - [ppc64] handle null iommu dma-window property correctly (AMEET M. PARANJAPE ) [393241] - [net] e1000, bnx2: enable entropy generation (Ivan Vecera ) [439898] - Revert: [xen] console: make LUKS passphrase readable (Bill Burns ) [475986] - [gfs2] add UUID to gfs2 super block (Steven Whitehouse ) [242696] - [x86] consistent time options for x86_64 and i386 (Prarit Bhargava ) [475374] - [xen] allow > 4GB EPT guests on i386 (Chris Lalancette ) [478522] - [xen] clear screen to make LUKS passphrase visible (Bill Burns ) [475986] [2.6.18-133.el5] - [net] fix oops when using openswan (Neil Horman ) [484590] - [net] bonding: fix arp_validate=3 slaves behaviour (Jiri Pirko ) [484304] - [serial] 8250: fix boot hang when using with SOL port (Mauro Carvalho Chehab ) [467124] - [usb] sb600/sb700: workaround for hang (Pete Zaitcev ) [471972] - [gfs2] make quota mount option consistent with gfs (Bob Peterson ) [486168] - [xen] pv-block: remove anaconda workaround (Don Dutile ) [477005] - [ppc64] power7: fix /proc/cpuinfo cpus info (AMEET M. PARANJAPE ) [486649] - [net] skfp_ioctl inverted logic flaw (Eugene Teo ) [486540] {CVE-2009-0675} - [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene Teo ) [486518] {CVE-2009-0676} - [net] enic: upstream update to version 1.0.0.933 (Andy Gospodarek ) [484824] - [mm] cow vs gup race fix (Andrea Arcangeli ) [471613] - [mm] fork vs gup race fix (Andrea Arcangeli ) [471613] - [gfs2] parsing of remount arguments incorrect (Bob Peterson ) [479401] - [ppc64] eeh: disable/enable LSI interrupts (AMEET M. PARANJAPE ) [475696] - [x86] limit max_cstate to use TSC on some platforms (Tony Camuso ) [470572] - [ptrace] correctly handle ptrace_update return value (Jerome Marchand ) [483814] - [dlm] fix plock notify callback to lockd (David Teigland ) [470074] - [input] wacom: 12x12 problem while using lens cursor (Aristeu Rozanski ) [484959] - [wireless] ath5k: update to F10 version (Michal Schmidt ) [479049] - [xen] disable suspend in kernel (Justin M. Forbes ) [430928] - [net] ipv6: update setsockopt to support RFC 3493 (Jiri Pirko ) [484971] - [net] ipv6: check length of userss optval in setsockopt (Jiri Pirko ) [484977] - [scsi] handle work queue and shost_data setup failures (mchristi@redhat.com ) [450862] - [net] skbuff: fix oops in skb_seq_read (mchristi@redhat.com ) [483285] - [net] sky2: update driver for RHEL-5.4 (Neil Horman ) [484712] - [net] ipv6: Hop-by-Hop options header returned bad value (Jiri Pirko ) [483793] - [pci] fix MSI descriptor leak during hot-unplug (James Paradis ) [484943] - [net] improve udp port randomization (Vitaly Mayatskikh ) [480951] - [misc] ia64, s390: add kernel version to panic output (Prarit Bhargava ) [484403] - [x86-64] fix int db_5.RHSA-2009-1243x80 -ENOSYS return (Vitaly Mayatskikh ) [481682] - [net] dont add NAT extension for confirmed conntracks (Herbert Xu ) [481076] - [xen] fbfront dirty race (Markus Armbruster ) [456893] - [net] ehea: improve behaviour in low mem conditions (AMEET M. PARANJAPE ) [483148] - [net] fix icmp_send and icmpv6_send host re-lookup code (Jiri Pirko ) [439670] - [scsi] ibmvscsi: N-Port-ID support on ppc64 (AMEET M. PARANJAPE ) [474701] - [xen] guest crash when host has >= 64G RAM (Rik van Riel ) [448115] - [ppc] cell: add support for power button on blades (AMEET M. PARANJAPE ) [475658] - [ppc64] serial_core: define FIXED_PORT flag (AMEET M. PARANJAPE ) [475621] - [s390] cio: I/O error after cable pulls 2 (Hans-Joachim Picht ) [479878] - [misc] ptrace, utrace: fix blocked signal injection (Jerome Marchand ) [451849] - [xen] irq: remove superfluous printk (Rik van Riel ) [456095] - [s390] qeth: print HiperSocket version on z9 and later (Hans-Joachim Picht ) [479881] - [s390] qeth: crash in case of layer mismatch for VSWITCH (Hans-Joachim Picht ) [476205] - [s390] qdio: only 1 buffer in INPUT_PROCESSING state (Hans-Joachim Picht ) [479867] - [s390] disable cpu topology support by default (Hans-Joachim Picht ) [475797] - [s390] qeth: unnecessary support ckeck in sysfs route6 (Hans-Joachim Picht ) [474469] - [s390] cio: ccwgroup online vs. ungroup race condition (Hans-Joachim Picht ) [479879] - [s390] dasd: dasd_device_from_cdev called from interrupt (Hans-Joachim Picht ) [474806] - [misc] minor signal handling vulnerability (Oleg Nesterov ) [479964] {CVE-2009-0028} [2.6.18-132.el5] - [firmware] dell_rbu: prevent oops (Don Howard ) [482942] - [fs] lockd: improve locking when exiting from a process (Peter Staubach ) [448929] - [misc] backport RUSAGE_THREAD support (Jerome Marchand ) [451063] - [gfs2] panic in debugfs_remove when unmounting (Abhijith Das ) [483617] - [nfs] memory corruption in nfs3_xdr_setaclargs (Sachin S. Prabhu ) [479432] - [nfs] fix hangs during heavy write workloads (Peter Staubach ) [469848] - [pci] msi: set 'En' bit for devices on HT-based platform (Andy Gospodarek ) [290701] - [net] ipt_REJECT: properly handle IP options (Ivan Vecera ) [473504] - [ppc] cell: fix GDB watchpoints (AMEET M. PARANJAPE ) [480239] - [edac] add i5400 driver (Mauro Carvalho Chehab ) [462895] - [xen] fix disappearing PCI devices from PV guests (Bill Burns ) [233801] - [net] s2io: flush statistics when changing the MTU (AMEET M. PARANJAPE ) [459514] - [scsi] no-sense msgs, data corruption, but no i/o errors (Rob Evers ) [468088] - [powerpc] wait for a panic_timeout > 0 before reboot (AMEET M. PARANJAPE ) [446120] - [ppc64] cell: axon-msi: Retry on missing interrupt (AMEET M. PARANJAPE ) [472405] - [ppc] MSI interrupts are unreliable on IBM QS21 and QS22 (AMEET M. PARANJAPE ) [472405] - [crypto] des3_ede: permit weak keys unless REQ_WEAK_KEY (Jarod Wilson ) [474394] - [ata] JMB361 only has one port (Prarit Bhargava ) [476206] - [net] r8169: disable the ability to change MAC address (Ivan Vecera ) [475867] - [misc] futex.h: remove kernel bits for userspace header (Anton Arapov ) [475790] - [fs] inotify: send IN_ATTRIB event on link count changes (Eric Paris ) [471893] - [misc] ppc64: large sends fail with unix domain sockets (Larry Woodman ) [461312] - [audit] misc kernel fixups (Alexander Viro ) [475330] - [audit] records for descr created by pipe and socketpair (Alexander Viro ) [475278] - [audit] control character detection is off-by-one (Alexander Viro ) [475150] - [audit] fix kstrdup error check (Alexander Viro ) [475149] - [audit] assorted audit_filter_task panics on ctx == NULL (Alexander Viro ) [475147] - [audit] increase AUDIT_MAX_KEY_LEN (Alexander Viro ) [475145] - [nfs] race with nfs_access_cache_shrinker() and umount (Peter Staubach ) [469225] - [nfs] lockd: handle long grace periods correctly (Peter Staubach ) [474590] - [crypto] ansi_cprng: fix inverted DT increment routine (Jarod Wilson ) [471281] - [crypto] ansi_cprng: extra call to _get_more_prng_bytes (Jarod Wilson ) [471281] - [fs] proc: Proportional Set Size calculation and display (Larry Woodman ) [471969] - [video] avoid writing outside shadow.bytes array (Mauro Carvalho Chehab ) [471844] - [fs] need locking when reading /proc/ /oom_score (Larry Woodman ) [470459] - [x86] memmap=X does not yield new map (Prarit Bhargava ) [464500] - [s390] qeth: avoid problems after failing recovery (Hans-Joachim Picht ) [468019] - [s390] qeth: avoid skb_under_panic for bad inbound data (Hans-Joachim Picht ) [468075] - [s390] sclp: incorrect softirq disable/enable (Hans-Joachim Picht ) [468021] - [crypto] export DSA_verify as a gpl symbol (Jarod Wilson ) [470111] - [s390] lcs: output request completion with zero cpa val (Hans-Joachim Picht ) [463165] - [s390] dasd: oops when Hyper PAV alias is set online (Hans-Joachim Picht ) [458155] - [s390] ipl: file boot then boot from alt dev wont work (Hans-Joachim Picht ) [458115] - [s390] zfcp: remove messages flooding the kernel log (Hans-Joachim Picht ) [455260] - [snd] fix snd-sb16.ko compile (Prarit Bhargava ) [456698] [2.6.18-131.el5] - [scsi] libata: sas_ata fixup sas_sata_ops (David Milburn ) [483171] - [fs] ecryptfs: readlink flaw (Eric Sandeen ) [481607] {CVE-2009-0269} - [crypto] ccm: fix handling of null assoc data (Jarod Wilson ) [481031] - [misc] fix leap second hang (Prarit Bhargava ) [479765] - [qla2xxx] correct endianness during flash manipulation (Marcus Barrow ) [481691] - [net] gso: ensure that the packet is long enough (Jiri Pirko ) [479927] - [audit] remove bogus newlines in EXECVE audit records (Jiri Pirko ) [479412] - [ppc] dont reset affinity for secondary MPIC on boot (AMEET M. PARANJAPE ) [480801] - [nfs] knfsd: alloc readahead cache in individual chunks (Jeff Layton ) [459397] - [nfs] knfsd: read-ahead cache, export table corruption (Jeff Layton ) [459397] - [nfs] knfsd: replace kmalloc/memset with kcalloc (Jeff Layton ) [459397] - [nfs] knfsd: make readahead params cache SMP-friendly (Jeff Layton ) [459397] - [crypto] fix sha384 blocksize definition (Neil Horman ) [469167] [2.6.18-130.el5] - [security] keys: introduce missing kfree (Jiri Pirko ) [480598] {CVE-2009-0031} - [net] ixgbe: frame reception and ring parameter issues (Andy Gospodarek ) [475625] - [net] tcp-lp: prevent chance for oops (Ivan Vecera ) [478638] - [misc] fix memory leak during pipe failure (Benjamin Marzinski ) [478643] - [block] enforce a minimum SG_IO timeout (Eugene Teo ) [475406] {CVE-2008-5700} - [x86] pci domain: re-enable support on blacklisted boxes (Prarit Bhargava ) [474891] - [fs] link_path_walk sanity, stack usage optimization (Anton Arapov ) [470139] - [x86_64] incorrect cpu_khz calculation for AMD processor (Prarit Bhargava ) [467782] - [crypto] fips: panic kernel if we fail crypto self tests (Neil Horman ) [462909] - [genkey] increase signing key length to 1024 bits (Neil Horman ) [413241] - [x86] kdump: lockup when crashing with console_sem held (Neil Horman ) [456934] - [fs] ext[234]: directory corruption DoS (Eugene Teo ) [459604] {CVE-2008-3528} [2.6.18-129.el5] - [gfs2] mount attempt hangs if no more journals available (Bob Peterson ) [475312] - [sched] fix clock_gettime monotonicity (Peter Zijlstra ) [477763] - [nfs] create rpc clients with proper auth flavor (Jeff Layton ) [465456] - [nfs] handle attribute timeout and u32 jiffies wrap (Jeff Layton ) [460133] - [net] deadlock in Hierarchical token bucket scheduler (Neil Horman ) [474797] - [net] sctp: overflow with bad stream ID in FWD-TSN chunk (Eugene Teo ) [478805] {CVE-2009-0065} - [md] fix oops with device-mapper mirror target (Heinz Mauelshagen ) [472558] - [openib] restore traffic in connected mode on HCA (AMEET M. PARANJAPE ) [477000] - [net] add preemption point in qdisc_run (Jiri Pirko ) [471398] {CVE-2008-5713} - [wireless] iwl: fix BUG_ON in driver (Neil Horman ) [477671] - [x86_64] copy_user_c assembler can leave garbage in rsi (Larry Woodman ) [456682] - [misc] setpgid returns ESRCH in some situations (Oleg Nesterov ) [472433] - [s390] zfcp: fix hexdump data in s390dbf traces (Hans-Joachim Picht ) [470618] - [fs] hfsplus: fix buffer overflow with a corrupted image (Anton Arapov ) [469638] {CVE-2008-4933} - [fs] hfsplus: check read_mapping_page return value (Anton Arapov ) [469645] {CVE-2008-4934} - [fs] hfs: fix namelength memory corruption (Anton Arapov ) [470773] {CVE-2008-5025} - [net] netlink: fix overrun in attribute iteration (Eugene Teo ) [462283]

{"id": "ELSA-2009-1243", "type": "oraclelinux", "bulletinFamily": "unix", "title": "Oracle Enterprise Linux 5.4 kernel security and bug fix update", "description": "[2.6.18-164.el5]\n- [misc] information leak in sigaltstack (Vitaly Mayatskikh ) [515396]\n- [misc] execve: must clear current->clear_child_tid (Oleg Nesterov ) [515429]\n- [net] igb: set lan id prior to configuring phy (Stefan Assmann ) [508870]\n- [net] udp: socket NULL ptr dereference (Vitaly Mayatskikh ) [518043] {CVE-2009-2698}\n[2.6.18-163.el5]\n- [net] make sock_sendpage use kernel_sendpage (Danny Feng ) [516955] {CVE-2009-2692}\n[2.6.18-162.el5]\n- [x86_64] Intel IOMMU: Pass Through Support (Don Dutile ) [504363]\n[2.6.18-161.el5]\n- [dlm] free socket in error exit path (David Teigland ) [508829]\n- [net] tg3: fix concurrent migration of VM clients (John Feeney ) [511918]\n- [scsi] mptfusion: revert to pci_map (Tomas Henzl ) [514049]\n- [scsi] bnx2i: fix conn disconnection bugs (mchristi@redhat.com ) [513802]\n- [scsi] qla2xxx: unable to destroy npiv HBA ports (Marcus Barrow ) [514352]\n- [scsi] ALUA: send STPG if explicit and implicit (mchristi@redhat.com ) [482737]\n- [scsi] megaraid: fix the tape drive issue (Tomas Henzl ) [510665]\n- [scsi] cxgb3i: fix skb allocation (mchristi@redhat.com ) [514073]\n- [fs] __bio_clone: dont calculate hw/phys segment counts (Milan Broz ) [512387]\n- [fs] ecryptfs: check tag 11 packet data buffer size (Eric Sandeen ) [512863] {CVE-2009-2406}\n- [fs] ecryptfs: check tag 3 packet encrypted key size (Eric Sandeen ) [512887] {CVE-2009-2407}\n- [xen] amd iommu: crash with pass-through on large memory (Bhavna Sarathy ) [514910]\n[2.6.18-160.el5]\n- [scsi] mptsas: fix max_id initialization (mchristi@redhat.com ) [455678]\n- [ata] ahci: add IDs for Ibex Peak ahci controllers (David Milburn ) [513067]\n- [scsi] lpfc: update to 8.2.0.48.2p, fix multiple panics (Rob Evers ) [512266]\n- [gfs2] remove dcache entries for remote deleted inodes (Benjamin Marzinski ) [505548]\n- [alsa] add native support for IbexPeak audio (Jaroslav Kysela ) [509526]\n- [alsa] IbexPeak related patches for codec auto-config (Jaroslav Kysela ) [509526]\n- [scsi] cciss: call bus_unregister in cciss_remove_one (Rob Evers ) [513070]\n- [scsi] cciss: add driver sysfs entries (Rob Evers ) [513070]\n- [net] e1000e/igb: make sure wol can be configured (Andy Gospodarek ) [513032]\n- [fs] xfs: only compile for x86_64 (Eric Sandeen ) [512827]\n- [ahci] add SATA GEN3 related messages (David Milburn ) [512086]\n- [net] tun/tap: open /dev/net/tun and then poll() it fix (Danny Feng ) [512286] {CVE-2009-1897}\n- [net] mlx4_en: problem with LRO that segfaults KVM host (Doug Ledford ) [510789]\n- [openib] mthca: fix over sized kmalloc usage (Doug Ledford ) [508902]\n- [s390] zcrypt: request gets timed out under high load (Hans-Joachim Picht ) [511289]\n[2.6.18-159.el5]\n- [scsi] cciss: fix sysfs broken symlink regression (Rob Evers ) [510178]\n- [kabi] add consume_skb (Jon Masters ) [479200]\n- [net] ipv6: fix incorrect disable_ipv6 behavior (jolsa@redhat.com ) [512258]\n- [net] ipv6: fix BUG when disabled module is unloaded (jolsa@redhat.com ) [512258]\n- [net] ipv6: add 'disable' module parameter support (jolsa@redhat.com ) [512258]\n- Revert: [mm] fix swap race in fork-gup patch group (Larry Woodman ) [508919]\n- [scsi] mptfusion: fix OOPS in failover path (Rob Evers ) [504835]\n- [scsi] stex: minimize DMA coherent allocation (David Milburn ) [486466]\n- [misc] personality handling: fix PER_CLEAR_ON_SETID (Vitaly Mayatskikh ) [508842]\n- [misc] build with -fno-delete-null-pointer-checks (Eugene Teo ) [511181]\n- [scsi] qla2xxx: provide reset capability for EEH (Marcus Barrow ) [511141]\n- [scsi] bnx2i: fix host setup and libiscsi abort locking (mchristi@redhat.com ) [511096]\n- [xen] ia64: fix rmmod of PCI devices (Chris Lalancette ) [507520]\n- [pci] kvm: PCI FLR support for device assignment (Don Dutile ) [510805]\n- [gfs2] dont put unlikely reclaim glocks on reclaim list (Benjamin Marzinski ) [504335]\n[2.6.18-158.el5]\n- [s390] add missing kernel option CONFIG_SHARED_KERNEL (Hans-Joachim Picht ) [506947]\n- [gfs2] fix incorrent statfs_slow consistency check (Benjamin Marzinski ) [505171]\n- [net] be2net: fix msix performance regression (Andy Gospodarek ) [510008]\n- [gfs2] umount.gfs2 hangs eating CPU (Abhijith Das ) [508876]\n- [block] protect the per-gendisk partition array with rcu (Jeff Moyer ) [495866]\n- [net] igb: fix panic when assigning device to guest (Andy Gospodarek ) [507173]\n- [ia64] xen: dom0 get/set_address_size (Chris Lalancette ) [510069]\n- [x86] fix suspend/resume issue on SB800 chipset (Bhavna Sarathy ) [498135]\n- [scsi] cciss: fix spinlock (Tomas Henzl ) [509818]\n- [scsi] qla2xxx: NPIV broken for PPC, endian fix (Marcus Barrow ) [510268]\n- [scsi] qla2xxx: prevent hangs in extended error handling (Marcus Barrow ) [470510]\n- [mm] prevent softlockups in copy_hugetlb_page_range (Larry Woodman ) [508919]\n- [scsi] cxgb3i: fix vlan support (mchristi@redhat.com ) [508409]\n- [net] bnx2i: RHEL-5.4 code cleanups (mchristi@redhat.com ) [504181]\n- [x86_64] import asm/svm.h and asm/vmx.h (Eduardo Habkost ) [507483]\n- [x86_64] import asm/virtext.h (Eduardo Habkost ) [507483]\n- [x86_64] add MSR_VM_* defines (Eduardo Habkost ) [507483]\n- [x86_64] disable VMX and SVM on machine_crash_shutdown (Eduardo Habkost ) [507483]\n- [x86_64] add EFER_SVME define (Eduardo Habkost ) [507483]\n- [x86_64] define X86_CR4_VMXE (Eduardo Habkost ) [507483]\n- [net] qlge: rhel-5.4 cleanups (Marcus Barrow ) [509647]\n- [scsi] lpfc: fix ctx_idx increase and update version (Rob Evers ) [509010]\n- [scsi] lpfc: move pointer ref. inside alloc check in (Rob Evers ) [509010]\n- [scsi] lpfc: update to version 8.2.0.48 (Rob Evers ) [509010]\n- [mm] fix re-read performance regression (Josef Bacik ) [506511]\n- [net] ipsec: add missing braces to fix policy querying (Herbert Xu ) [462731]\n- [net] tg3: 5785F and 50160M support (Andy Gospodarek ) [506205]\n- [pci] intel-iommu: fix iommu address space allocation (Chris Wright ) [509207]\n- [xen] virtio: do not statically allocate root device (Mark McLoughlin ) [501468]\n- [xen] virtio: add PCI device release function (Mark McLoughlin ) [501468]\n- [misc] driver core: add root_device_register (Mark McLoughlin ) [501468]\n- [block] blktrace: fix recursive block remap tracepoint (Jason Baron ) [502573]\n- [scsi] qla2xxx: rhel-5.4 fixes and cleanups (Marcus Barrow ) [507246]\n- [xen] HV: remove high latency spin_lock (Chris Lalancette ) [459410]\n- [xen] ia64: add get/set_address_size support (Chris Lalancette ) [510069]\n[2.6.18-157.el5]\n- [mm] readv: sometimes returns less than it should (Amerigo Wang ) [500693]\n- [net] be2net: fix races in napi and interrupt handling (Andy Gospodarek ) [508839]\n- [net] be2net: fix deadlock with bonding (Andy Gospodarek ) [508871]\n- [xen] quiet printk on FV guest shutdown (Don Dutile ) [501474]\n- [fs] fuse: enable building the subsystem (Josef Bacik ) [457975]\n- [gfs2] fix panic in glock memory shrinker (Benjamin Marzinski ) [508806]\n- [net] rt2x00: use mac80211-provided workqueue (John W. Linville ) [506845]\n- [pci] quirk: disable MSI on VIA VT3364 chipsets (Dean Nelson ) [501374]\n- [net] undo vlan promiscuity count when unregistered (Neil Horman ) [481283]\n- [net] be2net: crash on PPC with LRO and jumbo frames (Andy Gospodarek ) [508404]\n- [net] RTNL: assertion failed due to bonding notify (Stanislaw Gruszka ) [508297]\n- [scsi] ibmvfc: process async events before cmd responses (AMEET M. PARANJAPE ) [508127]\n- [scsi] ibmvfc: fix endless PRLI loop in discovery (AMEET M. PARANJAPE ) [508127]\n- [scsi] ibmvfc: improve LOGO/PRLO ELS handling (AMEET M. PARANJAPE ) [508127]\n- [net] iucv: provide second per-cpu cmd parameter block (Hans-Joachim Picht ) [503240]\n- [net] sky2: /proc/net/dev statistics are broken (Flavio Leitner ) [507932]\n- [scsi] qla2xxx: prevent I/O stoppage (Marcus Barrow ) [507620]\n- [scsi] qla2xxx: updates 24xx firmware to 4.04.09 (Marcus Barrow ) [507398]\n- [scsi] qla2xxx: updates 25xx firmware to 4.04.09 (Marcus Barrow ) [507398]\n- [scsi] qla4xxx: extended sense data errors, cleanups (Marcus Barrow ) [506981]\n- [char] tty: prevent an O_NDELAY writer from blocking (Mauro Carvalho Chehab ) [506806]\n- [xen] allow msi reconfigure for pt_bind_irq (ddugger@redhat.com ) [507970]\n[2.6.18-156.el5]\n- [misc] kdump: make mcp55 chips work (Neil Horman ) [462519]\n- [ide] enable VX800 to use UDMA mode (John Feeney ) [504121]\n- [misc] wacom: reset state when tool is not in proximity (Aristeu Rozanski ) [499870]\n- [scsi] lpfc: update to version 8.2.0.46 (Rob Evers ) [506792]\n- [mm] prevent panic in copy_hugetlb_page_range (Larry Woodman ) [507860]\n- [gfs2] keep statfs info in sync on grows (Benjamin Marzinski ) [494885]\n- [gfs2] always queue work after after setting GLF_LOCK (Benjamin Marzinski ) [506140]\n- [scsi] cxgb3i: use kref to track ddp, support page sizes (mchristi@redhat.com ) [506151]\n- [security] drop mmap_min_addr to 4096 (Eric Paris ) [507017]\n- [misc] hrtimer: fix a soft lockup (Amerigo Wang ) [418071] {CVE-2007-5966}\n- [net] backport net_rx_action tracepoint (Neil Horman ) [506138]\n- [gfs2] fix truncate buffered/direct I/O issue (Steven Whitehouse ) [504676]\n- [xen] x86: fix IRQ problem on legacy hardware (ddugger@redhat.com ) [505491]\n- [xen] disable 2MB support on PAE kernels (Bhavna Sarathy ) [503737]\n[2.6.18-155.el5]\n- [mm] fix swap race condition in fork-gup-race patch (Andrea Arcangeli ) [506684]\n- [net] e1000e: stop unnecessary polling when using msi-x (Andy Gospodarek ) [506841]\n[2.6.18-154.el5]\n- [kABI] add smp_send_reschedule and get_user_pages_fast (Jon Masters ) [504038]\n- [scsi] lpfc: update to version 8.2.0.45 (Rob Evers ) [505445]\n- [fs] ext4: fix prealloc vs truncate corruption (Eric Sandeen ) [505601]\n- [net] r8169: fix crash when large packets are received (Ivan Vecera ) [504732] {CVE-2009-1389}\n- [pci] fix pcie save restore patch (Don Dutile ) [505541]\n- [scsi] ibmvscsi: add 16 byte CDB support (AMEET M. PARANJAPE ) [502944]\n- [infiniband] iw_cxgb3: add final fixups for 1.4.1 (Doug Ledford ) [504906]\n- [infiniband] mlx4_en: hand remove XRC support (Doug Ledford ) [506097]\n- [infiniband] cxgb3: update firmware from 7.1 to 7.4 (Doug Ledford ) [504955]\n- [infiniband] ofed: backports from ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] RDS: Update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] mthca: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [net] cxgb3: support two new phys and page mapping fix (Doug Ledford ) [504955]\n- [infiniband] ipoib/sdp: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] OFED: back out XRC patch, not ready yet (Doug Ledford ) [506097]\n- [infiniband] mlx4_en: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] iw_nes: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] OFED: fix broken switch statement (Doug Ledford ) [506097]\n- [infiniband] OFED: removes this backport and all callers (Doug Ledford ) [506097]\n- [infiniband] iw_cxgb3: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] mlx4_ib: update to ofed 1.4.1 final bits (Doug Ledford ) [506097]\n- [infiniband] remove duplicate definition (Doug Ledford ) [500368]\n- [net] be2net: add intial support (Andy Gospodarek ) [490074]\n- [net] ixgbe: backport fixups and bugfixes for 82599 (Andy Gospodarek ) [505653]\n- [md] increase pg_init_in_progress only if work is queued (Jesse Larrew ) [489582]\n- [x86_64] AMD IOMMU: fix GLX issue in bare metal (Bhavna Sarathy ) [504010]\n- [scsi] libsas: use the supplied address for SATA devices (David Milburn ) [494658]\n- [x86_64] amd iommu: fix kdump unknown partition table (Bhavna Sarathy ) [504751]\n- [char] TPM: get_event_name stack corruption (Dean Nelson ) [503905]\n- [net] e1000e: update to upstream version 1.0.2-k2 (Andy Gospodarek ) [480241]\n- [crypto] add continuous test to hw rng in FIPS mode (Neil Horman ) [504218]\n- [net] ehea: fix invalid pointer access (AMEET M. PARANJAPE ) [504679]\n- [x86_64] amd iommu: fix spinlock imbalance (Bhavna Sarathy ) [501571]\n- [x86_64] iommu: protect against broken IVRS ACPI table (Bhavna Sarathy ) [501571]\n- [x86_64] amd iommu: fix flag masks (Bhavna Sarathy ) [501571]\n- [x86_64] iommu: fix the handling of device aliases (Bhavna Sarathy ) [501571]\n- [x86_64] amd iommu: fix an off-by-one error (Bhavna Sarathy ) [501571]\n- [xen] x86: give dom0 access to machine e820 map (ddugger@redhat.com ) [503818]\n- [pci] fix sr-iov regression with PCI device class (ddugger@redhat.com ) [503826]\n- [scsi] qla4xxx: extended sense data errors (Marcus Barrow ) [489389]\n- [scsi] qla4xxx: remove some dead code (Marcus Barrow ) [459449]\n- [net] qla2xxx, ql8xxx : support for 10 GigE (Marcus Barrow ) [479288]\n[2.6.18-153.el5]\n- [s390x] zfcpdump: move zfcpdump kernel removal to %post (Don Zickus ) [499629]\n- [x86_64] kvm: fix libvirt based device assignment issue (Bhavna Sarathy ) [504165]\n- [gfs2] get gfs2meta superblock correctly (Benjamin Marzinski ) [504086]\n- [ptrace] fix do_coredump vs ptrace_start() deadlock (Oleg Nesterov ) [504157] {CVE-2009-1388}\n- [scsi] ipr: fix PCI permanent error handler (AMEET M. PARANJAPE ) [503960]\n- [scsi] IPR: adapter taken offline after first EEH error (AMEET M. PARANJAPE ) [504675]\n- [scsi] lpfc: update to version 8.2.0.44 (Rob Evers ) [503248]\n- [net] skb_seq_read: wrong offset/len for page frag data (mchristi@redhat.com ) [501308]\n- [xen] netback: change back to a flipping interface (Chris Lalancette ) [479754]\n- [fs] autofs4: remove hashed check in validate_wait (Ian Kent ) [490078]\n- [ppc64] resolves issues with pcie-save-restore-state (AMEET M. PARANJAPE ) [504198]\n- [net] gso: stop fraglists from escaping (Herbert Xu ) [499347]\n- [tun] use non-linear packets where possible (Herbert Xu ) [503309]\n- [net] skb_copy_datagram_from_iovec (Herbert Xu ) [503309]\n- [net] tun: only wake up writers (Herbert Xu ) [503191]\n- Re-apply: [net] tun: add packet accounting (Don Zickus ) [495863]\n- [sched] fix cond_resched_softirq() offset (Jesse Larrew ) [496935]\n- [ata] sata_sx4: fixup interrupt and exception handling (David Milburn ) [503827]\n- Revert: [net] avoid extra wakeups in wait_for_packet (Don Zickus ) [497897]\n- [net] e1000: fix skb_over_panic (Neil Horman ) [503441] {CVE-2009-1385}\n[2.6.18-152.el5]\n- [x86_64] kvm: export symbols to allow building (john cooper ) [504038]\n- [misc] s390 zfcpdump: check for another image on removal (Hans-Joachim Picht ) [499629]\n- [net] ixgbe: fix MSI-X allocation on 8+ core systems (Andy Gospodarek ) [500857]\n- [s390] dasd: add EMC ioctl to the driver (Christoph Hellwig ) [461288]\n- [net] ixgbe: fix polling saturates CPU (Andy Gospodarek ) [503559]\n- [misc] core dump: wrong thread info in core dump file (Amerigo Wang ) [503553]\n- [crypto] testmgr: check all test vector lengths (Jarod Wilson ) [503091]\n- [net] igb and igbvf: return from napi poll correctly (Andy Gospodarek ) [503215]\n- [crypto] testmgr: dynamically allocate xbuf and axbuf (Jarod Wilson ) [503091]\n- [fs] vfs: skip I_CLEAR state inodes in drop_pagecache_sb (Eric Sandeen ) [500164]\n- Revert: [net] tun: add packet accounting (Herbert Xu ) [495863]\n- [net] netxen: add GRO Support (Herbert Xu ) [499347]\n- [nfs] v4: 'r'/'w' perms for user do not work on client (Peter Staubach ) [502244]\n- [x86] nmi: add Intel cpu 0x6f4 to perfctr1 workaround (Prarit Bhargava ) [500892]\n- [dm] raid45 target: kernel oops in constructor (Heinz Mauelshagen ) [503070]\n- [net] sky2: fix sky2 stats (Neil Horman ) [503080]\n- [acpi] check _PSS frequency to prevent cpufreq crash (Prarit Bhargava ) [500311]\n- [scsi] mvsas: sync w/ appropriate upstream changes (Rob Evers ) [485126]\n- [scsi] mvsas: comment cleanup (Rob Evers ) [485126]\n- [scsi] mvsas: correct bit-map implementation (Rob Evers ) [485126]\n- [scsi] mvsas: initial patch submission (Rob Evers ) [485126]\n- [net] add broadcom cnic driver (mchristi@redhat.com ) [441979]\n- [scsi] add bnx2i iscsi driver (mchristi@redhat.com ) [441979]\n- [scsi] add netlink msg to iscsi IF to support offload (mchristi@redhat.com ) [441979]\n- [misc] add UIO framework from upstream (mchristi@redhat.com ) [441979]\n- [net] add cnic support to bnx2 (mchristi@redhat.com ) [441979]\n- [powerpc] pass the PDN to check_msix_entries (AMEET M. PARANJAPE ) [502906]\n- [fs] proc: avoid info leaks to non-privileged processes (Amerigo Wang ) [499541]\n- [net] ixgbe: add GRO suppport (Herbert Xu ) [499347]\n- [net] igb: add GRO suppport (Herbert Xu ) [499347]\n- [net] cxgb3: add GRO suppport (Herbert Xu ) [499347]\n- [net] vlan: add GRO interfaces (Herbert Xu ) [499347]\n- [net] tcp6: add GRO support (Herbert Xu ) [499347]\n- [net] ipv6: add GRO support (Herbert Xu ) [499347]\n- [net] ethtool: add GGRO and SGRO ops (Herbert Xu ) [499347]\n- [net] tcp: add GRO support (Herbert Xu ) [499347]\n- [net] add skb_gro_receive (Herbert Xu ) [499347]\n- [net] ipv4: add GRO infrastructure (Herbert Xu ) [499347]\n- [net] add Generic Receive Offload infrastructure (Herbert Xu ) [499347]\n- [net] add frag_list support to GSO (Herbert Xu ) [499347]\n- [net] add frag_list support to skb_segment (Herbert Xu ) [499347]\n- [net] skbuff: add skb_release_head_state (Herbert Xu ) [499347]\n- [net] skbuff: merge code copy_skb_header and skb_clone (Herbert Xu ) [499347]\n- [netfilter] nf_conntrack: add __nf_copy to copy members (Herbert Xu ) [499347]\n- [net] skbuff: add skb_cow_head (Herbert Xu ) [499347]\n- [net] netpoll: backport netpoll_rx_on (Herbert Xu ) [499347]\n- [net] gro: Optimise Ethernet header comparison (Herbert Xu ) [499347]\n- [net] backport csum_replace4/csum_replace2 (Herbert Xu ) [499347]\n- [net] backport csum_unfold without sparse annotations (Herbert Xu ) [499347]\n- [net] sky2: fix eeprom reads (Neil Horman ) [501050]\n- [nfs] v4: client handling of MAY_EXEC in nfs_permission (Peter Staubach ) [500302] {CVE-2009-1630}\n- [net] forcedeth: restore power up snippet (Ivan Vecera ) [479740]\n- [md] dm: I/O failures when running dm-over-md with xen (Mikulas Patocka ) [223947]\n- [selinux] warn on nfs mounts with same SB but diff opts (Eric Paris ) [466701]\n[2.6.18-151.el5]\n- [alsa] hda: improve init for ALC262_HP_BPC model (Jaroslav Kysela ) [473949]\n- [ppc] LPAR hang on multipath device with FCS v2 (AMEET M. PARANJAPE ) [498927]\n- [fs] nfsd: fix setting the nfsv4 acls (Steve Dickson ) [403021]\n- [scsi] fnic: compile on x86 too (mchristi@redhat.com ) [501112]\n- [net] avoid extra wakeups in wait_for_packet (Neil Horman ) [497897]\n- [x86] xen: fix local denial of service (Chris Lalancette ) [500951]\n- [scsi] ibmvfc: wait on adapter init before starting scan (AMEET M. PARANJAPE ) [501560]\n- [net] bnx2x: update to 1.48.105 (Stanislaw Gruszka ) [475481]\n- [xen] add Credit Scheduler Fairness and hard virt (Justin M. Forbes ) [432700]\n- [xen] deadlock between libvirt and xentop (Miroslav Rezanina ) [499013]\n- [xen] sched: remove printk introduced with hard virt (Justin M. Forbes ) [501475]\n[2.6.18-150.el5]\n- [kabi] add cmirror symbols to kABI (Jon Masters ) [500745]\n- Revert: [sched] accurate task runtime accounting (Linda Wang ) [297731] {CVE-2007-3719}\n- [alsa] hda: add missing comma in ad1884_slave_vols (Jeff Burke ) [500626]\n- [x86] remove xtime_lock from time_cpufreq_notifier (Prarit Bhargava ) [501178]\n- [fs] cifs: fix pointer and checks in cifs_follow_symlink (Jeff Layton ) [496577] {CVE-2009-1633}\n- [fs] ext4: corruption fixes (Eric Sandeen ) [501082]\n- [lockdep] dont omit lock_set_subclass (Aristeu Rozanski ) [462248]\n- [ppc] cell: make ptcal more reliable (AMEET M. PARANJAPE ) [501356]\n- [x86] include asm-x86_64 in i686-devel package (Don Zickus ) [491775]\n- [misc] compile: add -fwrapv to gcc CFLAGS (Don Zickus ) [491266]\n- [trace] mm: eliminate extra mm tracepoint overhead (Larry Woodman ) [501013]\n- [dlm] use more NOFS allocation (Abhijith Das ) [460218]\n- [dlm] connect to nodes earlier (Abhijith Das ) [460218]\n- [wireless] mac80211: freeze when ath5k IF brought down (Michal Schmidt ) [499999]\n- [audit] watch: fix removal of AUDIT_DIR rule on rmdir (Alexander Viro ) [501321]\n- [trace] sunrpc: adding trace points to status routines v2 (Steve Dickson ) [499008]\n- [misc] random: make get_random_int more random (Amerigo Wang ) [499776]\n- [md] retry immediate in 2 seconds (Jesse Larrew ) [489582]\n- [scsi] retry for NOT_READY condition (Jesse Larrew ) [489582]\n- [md] handle multiple paths in pg_init (Jesse Larrew ) [489582]\n- [scsi] fix compilation error (Jesse Larrew ) [489582]\n- [scsi] add LSI storage IDs (Jesse Larrew ) [489582]\n- [scsi] handle quiescence in progress (Jesse Larrew ) [489582]\n- [scsi] retry IO on unit attention (Jesse Larrew ) [489582]\n- [scsi] handle unit attention in mode select (Jesse Larrew ) [489582]\n- [scsi] make the path state active by default (Jesse Larrew ) [471426]\n- [scsi] Retry mode select in rdac device handler (Jesse Larrew ) [489582]\n[2.6.18-149.el5]\n- [acpi] updated dock driver for RHEL-5.4 (Matthew Garrett ) [485181]\n- [infiniband] ib_core: use weak ordering for user memory (AMEET M. PARANJAPE ) [501004]\n- [mm] fork-o_direct-race v3 (aarcange@redhat.com ) [471613]\n- [nfs] make nfsv4recoverydir proc file readable (Evan McNabb ) [499840]\n- [pci] remove pci-stub driver from -xen kernels (Don Dutile ) [500568]\n- [pci] IOMMU phys_addr cleanup (Don Dutile ) [500901]\n- [pci] missed fix to pci_find_upstream_pcie_bridge (Don Dutile ) [500901]\n- [misc] IOMMU MSI header cleanup (Don Dutile ) [500901]\n- [scsi] megaraid: update megasas to 4.08-RH1 (Tomas Henzl ) [475574]\n- [fs] nfs: fix an f_mode/f_flags confusion in write.c (Jeff Layton ) [490181]\n- [fs] cifs: renaming dont try to unlink negative dentry (Jeff Layton ) [500839]\n- [fs] cifs: fix error handling in parse_DFS_referrals (Jeff Layton ) [496577] {CVE-2009-1633}\n- [scsi] aacraid: update to 1.1.5-2461 (Rob Evers ) [475559]\n- [md] dm raid45: dont clear the suspend flag on recovery (Heinz Mauelshagen ) [499406]\n- [net] cxgb3: update driver for RHEL-5.4 (mchristi@redhat.com ) [439518]\n- [scsi] add cxgb3i iscsi driver (mchristi@redhat.com ) [439518]\n- [scsi] port upstream offload code to RHEL-5.4 (mchristi@redhat.com ) [439518]\n- [scsi] force retry of IO when port/session is changing (mchristi@redhat.com ) [498281]\n- [net] igbvf: new driver, support 82576 virtual functions (Andy Gospodarek ) [480524]\n- [net] ehea: fix circular locking problem (AMEET M. PARANJAPE ) [493359]\n- [s390] appldata: vtimer bug with cpu hotplug (Hans-Joachim Picht ) [497207]\n[2.6.18-148.el5]\n- Revert: [mm] fork vs fast gup race fix (Andrea Arcangeli ) [471613]\n[2.6.18-147.el5]\n- Revert: [scsi] marvell sas: initial patch submission (Rob Evers ) [485126]\n- Revert: [scsi] marvell sas: correct bit-map implementation (Rob Evers ) [485126]\n- Revert: [scsi] marvell sas: comment cleanup (Rob Evers ) [485126]\n- [misc] FIPS: create checksum for verification at bootup (Don Zickus ) [444632]\n- [md] dm: raid45 target oops on mapping table reload (Heinz Mauelshagen ) [500387]\n- [md] dm: raid45 target doesnt create parity as expected (Heinz Mauelshagen ) [499406]\n- [net] igb: correctly free multiqueue netdevs (Andy Gospodarek ) [500446]\n- [misc] lockdep: fix large lock subgraph traversal (Aristeu Rozanski ) [462248]\n- [crypto] make tcrypt stay loaded on success (Jarod Wilson ) [499646]\n- [crypto] block use of non-fips algs in fips mode (Jarod Wilson ) [499646]\n- [crypto] mark algs allowed in fips mode (Jarod Wilson ) [499646]\n- [x86_64] 32-bit ptrace emulation mishandles 6th arg (Jiri Olsa ) [495125]\n- [fs] cifs: buffer overruns when converting strings (Jeff Layton ) [496577]\n- [scsi] lpfc: update from version 8.2.0.41 to 8.2.0.43 (Rob Evers ) [498524]\n- [cpufreq] xen: powernow identifies wrong number of procs (Miroslav Rezanina ) [456437]\n- [scsi] MPT fusion: remove annoying debug message v2 (Tomas Henzl ) [475455]\n- [scsi] MPT fusion: make driver legacy I/O port free v2 (Tomas Henzl ) [475451]\n- [scsi] MPT fusion: update version 3.04.07rh v2 (Tomas Henzl ) [475455]\n- [ia64] fix regression in nanosleep syscall (Prarit Bhargava ) [499289]\n- [md] s390: I/O stall when performing random CHPID off/on (Mikulas Patocka ) [500729]\n- [crypto] add hmac and hmac(sha512) test vectors (Jarod Wilson ) [499463]\n- [sched] accurate task runtime accounting (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [sched] rq clock (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [x86] scale cyc_2_nsec according to CPU frequency (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [i386] untangle xtime_lock vs update_process_times (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [x86_64] clean up time.c (Peter Zijlstra ) [297731] {CVE-2007-3719}\n- [net] tun: add packet accounting (Herbert Xu ) [495863]\n- [kabi] add pcie_set_readrq (Jon Masters ) [479200]\n- [kabi] add Kernel Virtual Machine kABI symbols (Jon Masters ) [466961]\n- [crypto] add ctr test vectors (Jarod Wilson ) [497888]\n- [crypto] print self-test success notices in fips mode (Jarod Wilson ) [497885]\n- [mm] fork vs fast gup race fix (Andrea Arcangeli ) [471613]\n- [mm] support for lockless get_user_pages (aarcange@redhat.com ) [474913]\n- Revert: [mm] fork vs gup race fix (aarcange@redhat.com ) [471613]\n- [net] r8169: reset IntrStatus after chip reset (Ivan Vecera ) [500740]\n- Revert: [net] forcedeth: power down phy when IF is down (Ivan Vecera ) [479740]\n- [misc] add AMD IOMMU support to KVM (Bhavna Sarathy ) [481026]\n- [misc] VT-d: backport of Intel VT-d support to RHEL5 (Don Dutile ) [480411]\n- [misc] VT-d: add clflush_cache_range function (Don Dutile ) [480411]\n- [misc] VT-d: add DMAR-related timeout definition (Don Dutile ) [480411]\n- [misc] VT-d: add DMAR ACPI table support (Don Dutile ) [480411]\n- [misc] VT-d: add pci_find_upstream_pcie_bridge (Don Dutile ) [480411]\n- [misc] VT-d: move common MSI defines to msi.h (Don Dutile ) [480411]\n- [trace] blk tracepoints (Arnaldo Carvalho de Melo ) [493454]\n- [pci] enable CONFIG_PCI_IOV (ddugger@redhat.com ) [493152]\n- [pci] save and restore PCIe 2.0 registers (ddugger@redhat.com ) [493152]\n- [pci] restore PCI-E capability registers after PM event (ddugger@redhat.com ) [493152]\n- [pci] add SR-IOV API for Physical Function driver (ddugger@redhat.com ) [493152]\n- [pci] centralize device setup code (ddugger@redhat.com ) [493152]\n- [pci] reserve bus range for SR-IOV device (ddugger@redhat.com ) [493152]\n- [pci] restore saved SR-IOV state (ddugger@redhat.com ) [493152]\n- [pci] initialize and release SR-IOV capability (ddugger@redhat.com ) [493152]\n- [pci] add a new function to map BAR offsets (ddugger@redhat.com ) [493152]\n- [pci] allow pci_alloc_child_bus to handle a NULL bridge (ddugger@redhat.com ) [493152]\n- [pci] enhance pci_ari_enabled (ddugger@redhat.com ) [493152]\n- [pci] fix ARI code to be compatible with mixed systems (ddugger@redhat.com ) [493152]\n- [pci] support PCIe ARI capability (ddugger@redhat.com ) [493152]\n- [pci] export __pci_read_base (ddugger@redhat.com ) [493152]\n- [pci] fix 64-vbit prefetchable memory resource BARs (ddugger@redhat.com ) [493152]\n- [pci] handle 64-bit resources better on 32-bit machines (ddugger@redhat.com ) [493152]\n- [pci] rewrite PCI BAR reading code (ddugger@redhat.com ) [493152]\n- [xen] add Credit Scheduler Fairness and hard virt (Justin M. Forbes ) [432700]\n- [xen] x86_64: add 1GB page table support (Bhavna Sarathy ) [251982]\n[2.6.18-146.el5]\n- [fs] vfs freeze: use vma->v_file to get to superblock (Eric Sandeen ) [476148]\n- [net] tg3: allow 5785 to work when running at 10Mbps (Andy Gospodarek ) [469772]\n- [net] af_iucv: race when queuing incoming iucv messages (Hans-Joachim Picht ) [499626]\n- [trace] sunrpc: adding trace points to status routines (Steve Dickson ) [499008]\n- [gfs2] fix glock ref count issue (Steven Whitehouse ) [485098]\n- [kabi] add acpi_bus_register_driver (Jon Masters ) [462911]\n- [kabi] add nobh_truncate_page and kernel_read (Jon Masters ) [497276]\n- [usb] support Huaweis mode switch in kernel (Pete Zaitcev ) [485182]\n- [scsi] ibmvscsi: LPAR hang on a multipath device (AMEET M. PARANJAPE ) [498927]\n- [wireless] mac80211: scanning related fixes (John W. Linville ) [498719]\n- [fs] ecryptfs: remove ecryptfs_unlink_sigs warnings (Eric Sandeen ) [499171]\n- [fs] ext4: re-fix warning on x86 build (Eric Sandeen ) [499202]\n- [ppc64] adjust oprofile_cpu_type detail (AMEET M. PARANJAPE ) [496709]\n- [nfs] SELinux can copy off the top of the stack (Eric Paris ) [493144]\n- [xen] x86: explicitly zero CR[1] in getvcpucontext (Miroslav Rezanina ) [494876]\n- [xen] x86: fix overflow in the hpet code (Rik van Riel ) [449346]\n- [xen] x86: fixes to the 'no missed-tick accounting' code (Rik van Riel ) [449346]\n- [xen] introduce 'no missed-tick accounting' (Rik van Riel ) [449346]\n- [xen] x86: misc fixes to the timer code (Rik van Riel ) [449346]\n- [xen] x86: initialize vlapic->timer_last_update (Rik van Riel ) [449346]\n[2.6.18-145.el5]\n- [ia64] xen: switch from flipping to copying interface (Chris Lalancette ) [479754]\n- [scsi] fnic: init retry counter (Mike Christie ) [484438]\n- [misc] add some long-missing capabilities to CAP_FS_MASK (Eric Paris ) [499076 497272] {CVE-2009-1072}\n- [crypto] add ansi_cprng test vectors (Jarod Wilson ) [497891]\n- [crypto] add rng self-test infra (Jarod Wilson ) [497891]\n- [md] bitmap merge feature (Doug Ledford ) [481226]\n- [md] fix lockup on read error (Doug Ledford ) [465781]\n- [md] dm-raid45: corrupt data and premature end of synch (Heinz Mauelshagen ) [480733 479383]\n- [fs] generic freeze ioctl interface (Eric Sandeen ) [476148]\n- [scsi] add mpt2sas driver (Tomas Henzl ) [475665]\n- [misc] kprobes: fix deadlock issue (John Villalovos ) [210555]\n- [block] disable iostat collection in gendisk (Jerome Marchand ) [484158]\n- [block] fix request flags (Jerome Marchand ) [484158]\n- [misc] fix blktrace api breakage (Hans-Joachim Picht ) [475334]\n- [fs] fuse: update for RHEL-5.4 (Josef Bacik ) [457975]\n[2.6.18-144.el5]\n- Revert: [scsi] MPT Fusion: update to version 3.04.07rh (Tomas Henzl ) [475455]\n- Revert: [scsi] make fusion MPT driver legacy I/O port free (Tomas Henzl ) [475451]\n- Revert: [scsi] MPT fusion: remove annoying debug message (Tomas Henzl ) [475455]\n- [openib] ehca: fix performance during creation of QPs (AMEET M. PARANJAPE ) [498527]\n- [scsi] qla4xxx: fix driver fault recovery (Marcus Barrow ) [497478]\n- [misc] make bus_find_device more robust, match upstream (Don Dutile ) [492488]\n- [md] dm snapshot: refactor __find_pending_exception (Mikulas Patocka ) [496100]\n- [md] race conditions in snapshots (Mikulas Patocka ) [496100]\n- [md] dm-raid1: switch read_record from kmalloc to slab (Mikulas Patocka ) [496101]\n- [md] dm-raid1/mpath: partially completed request crash (Mikulas Patocka ) [496101]\n- [md] snapshot: store damage (Mikulas Patocka ) [496102]\n- [scsi] cciss: change in discovering memory bar (Tomas Henzl ) [474392]\n- [scsi] cciss: version change for RHEL-5.4 (Tomas Henzl ) [474392]\n- [scsi] cciss: thread to detect config changes on MSA2012 (Tomas Henzl ) [474392]\n- [scsi] cciss: changes in config functions (Tomas Henzl ) [474392]\n- [openib] update all the backports for the code refresh (Doug Ledford ) [476301]\n- [openib] add support for XRC queues (Doug Ledford ) [476301]\n- [openib] RDS: add the RDS protocol (Doug Ledford ) [477065]\n- [openib] IPoIB: update to OFED 1.4.1-rc3 (Doug Ledford ) [434779 466086]\n- [openib] SRP: update to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] SDP: update to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] qlgc_vnic: update to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] cxgb3: update driver to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] iw_nes: update NES iWARP to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] mthca: update driver to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] ipath: update driver to OFED 1.4.1-rc3 (Doug Ledford ) [230035 480696]\n- [openib] ehca: update driver for RHEL-5.4 (Doug Ledford ) [466086]\n- [openib] core: disable lock dep annotation (Don Zickus ) [476301]\n- [openib] core: update core code to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] rmda: update rdma headers to OFED 1.4.1-rc3 (Doug Ledford ) [476301]\n- [openib] mlx4: Update mlx4_ib and mlx4_core, add mlx4_en (Doug Ledford ) [456525 477065]\n- [openib] enable mlx4_en and rds, disable iw_c2 (Doug Ledford ) [476301]\n- [mm] add tracepoints (Larry Woodman ) [493444]\n[2.6.18-143.el5]\n- [net] bonding: ignore updelay param when no active slave (Jiri Pirko ) [495318]\n- [net] ipv6: fix incoming packet length check (Jiri Pirko ) [492972]\n- [misc] drivers fix dma_get_required_mask (Tomas Henzl ) [475455]\n- [gfs2] NFSv2 support (Steven Whitehouse ) [497954]\n- [ppc64] set error_state to pci_channel_io_normal (AMEET M. PARANJAPE ) [496872]\n- [mm] allow tuning of MAX_WRITEBACK_PAGES (Larry Woodman ) [479079]\n- [trace] add 'success' to sched_wakeup/sched_wakeup_new (Jason Baron ) [497414]\n- [scsi] update iscsi layer and drivers for RHEL-5.4 (mchristi@redhat.com ) [436791 484455]\n- [crypto] fips: panic box when module validation fails (Neil Horman ) [497228]\n- [scsi] st: option to use SILI in variable block reads (Tom Coughlan ) [457970]\n- [net] bonding: support for bonding of IPoIB interfaces (Andy Gospodarek ) [430758]\n- [net] bonding: update to upstream version 3.4.0 (Andy Gospodarek ) [462632]\n- [scsi] add md3000 and md3000i entries to rdac_dev_list (John Feeney ) [487293]\n- [trace] tracepoints for page cache (KII Keiichi ) [475719]\n- [trace] tracepoints for network socket (KII Keiichi ) [475719]\n- [scsi] stex: support promise 6Gb sas raid controller (David Milburn ) [492022]\n- [scsi] add ALUA scsi device handler (mchristi@redhat.com ) [482737]\n- [scsi] update fnic fcoe driver for RHEL-5.4 (mchristi@redhat.com ) [484438]\n- [scsi] update libfc/fcoe for RHEL-5.4 (mchristi@redhat.com ) [484438]\n- [video] efifb: driver update (Brian Maly ) [488820]\n- [fs] fix softlockup in posix_locks_deadlock (Josef Bacik ) [476659]\n- [fs] cifs: unicode alignment and buffer sizing problems (Jeff Layton ) [494280] {CVE-2009-1439}\n- [mm] vmscan: bail out of direct reclaim after max pages (Rik van Riel ) [495442]\n- [crypto] add self-tests for rfc4309 (Jarod Wilson ) [472386]\n- [crypto] handle ccm dec test vectors expected to fail (Jarod Wilson ) [472386]\n- [crypto] fix rfc4309 deadlocks (Jarod Wilson ) [472386]\n- [scsi] marvell sas: comment cleanup (Rob Evers ) [485126]\n- [scsi] marvell sas: correct bit-map implementation (Rob Evers ) [485126]\n- [scsi] marvell sas: initial patch submission (Rob Evers ) [485126]\n- [acpi] CPU P-state limits ignored by OS (Stanislaw Gruszka ) [494288]\n- [net] provide a generic SIOETHTOOL ETHTOOL_GPERMADDR (Flavio Leitner ) [462352]\n- [scsi] lpfc: update to version 8.2.0.41 (Rob Evers ) [476738]\n- [scsi] lpfc: update to version 8.2.0.40 (Rob Evers ) [476738]\n- [scsi] lpfc: update to version 8.2.0.39 (Rob Evers ) [476738]\n- [scsi] lpfc: update to version 8.2.0.38 (Rob Evers ) [476738]\n[2.6.18-142.el5]\n- [net] ipv4: remove uneeded bh_lock/unlock from udp_rcv (Neil Horman ) [484590]\n- [net] ixgbe: update to upstream version 2.0.8-k2 (Andy Gospodarek ) [472547]\n- [net] igb: update to upstream version 1.3.16-k2 (Andy Gospodarek ) [484102 474881]\n- [mm] vmalloc: dont pass __GFP_ZERO to slab (Jiri Olsa ) [491685]\n- [agp] zero pages before sending to userspace (Jiri Olsa ) [497026] {CVE-2009-1192}\n- [net] e1000: enable TSO6 via ethtool with correct hw (Andy Gospodarek ) [449175]\n- [net] tg3: update to version 3.96 (Andy Gospodarek ) [481715 469772]\n- [x86] apic: rollover in calibrate_APIC_clock (Brian Maly ) [456938]\n- [alsa] handle subdevice_mask in snd_pci_quirk_lookup (Jaroslav Kysela ) [473949 483594]\n- [ia64] altix: performance degradation in PCI mode (George Beshers ) [497136]\n- [misc] I/O AT: config file changes (John Feeney ) [436048]\n- [misc] I/O AT: new ioat*.c (John Feeney ) [436048]\n- [misc] I/O AT: new dmaengine_v3.c (John Feeney ) [436048]\n- [misc] I/O AT: new include files (John Feeney ) [436048]\n- [misc] I/O AT: add drivers/dca (John Feeney ) [436048]\n- [misc] I/O AT: update network changes (John Feeney ) [436048]\n- [misc] I/O AT: update existing files (John Feeney ) [436048]\n- [misc] I/O AT: update include files (John Feeney ) [436048]\n- [mm] tweak vm diry_ratio to prevent stalls on some DBs (Larry Woodman ) [295291]\n- [nfs] setacl not working over NFS (Peter Staubach ) [496903]\n- [fs] ext4: update config options (Eric Sandeen ) [485315]\n- [fs] ext4: post-2.6.29 fixes (Eric Sandeen ) [485315]\n- [fs] backport patch for 2.6.29 ext4 (Eric Sandeen ) [485315]\n- [fs] rebase ext4 and jbd2 to 2.6.29 codebase (Eric Sandeen ) [485315 487933 487940 487944 487947] {CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748}\n- [fs] update write_cache_pages (Eric Sandeen ) [485315]\n- [fs] export set_task_ioprio (Eric Sandeen ) [485315]\n- [scsi] qla2xxx : updates and fixes from upstream, part 4 (Marcus Barrow ) [496126]\n- [scsi] MPT fusion: remove annoying debug message (Tomas Henzl ) [475455]\n- [scsi] make fusion MPT driver legacy I/O port free (Tomas Henzl ) [475451]\n- [scsi] MPT Fusion: update to version 3.04.07rh (Tomas Henzl ) [475455]\n- [x86] add MAP_STACK mmap flag (Larry Woodman ) [459321]\n- [scsi] sym53c8xx_2: fix up hotplug support (mchristi@redhat.com ) [461006]\n- [scsi] qla2xxx : updates and fixes from upstream, part 3 (Marcus Barrow ) [495094]\n- [scsi] qla2xxx : updates and fixes from upstream, part 2 (Marcus Barrow ) [495092]\n- [scsi] qla2xxx : updates and fixes from upstream, part 1 (Marcus Barrow ) [480204]\n- [nfs] memory leak when reading files wth option 'noac' (Peter Staubach ) [493045]\n- [x86] powernow-k8: export module parameters via sysfs (Prarit Bhargava ) [492010]\n- [misc] IO accounting: tgid accounting (Jerome Marchand ) [461636]\n- [misc] IO accounting: read accounting nfs fix (Jerome Marchand ) [461636]\n- [misc] IO accounting: read accounting (Jerome Marchand ) [461636]\n- [misc] IO accounting: write cancel accounting (Jerome Marchand ) [461636]\n- [misc] IO accounting: report in procfs (Jerome Marchand ) [461636]\n- [misc] IO accounting: account for direct-io (Jerome Marchand ) [461636]\n- [misc] IO accounting: set CONFIG_TASK_IO_ACCOUNTING (Jerome Marchand ) [461636]\n- [misc] IO accounting: write accounting (Jerome Marchand ) [461636]\n- [misc] IO accounting: core statistics (Jerome Marchand ) [461636]\n- [misc] IO accounting: read accounting cifs fix (Jerome Marchand ) [461636]\n- [misc] auxiliary signal structure: signal_struct_aux (Jerome Marchand ) [461636]\n- [misc] auxiliary signal structure: preparation (Jerome Marchand ) [461636]\n- [xen] x86: fix MSI eoi handling for HVM passthru (Gerd Hoffmann ) [477261]\n[2.6.18-141.el5]\n- [x86_64] more cpu_khz to tsc_khz conversions (Prarit Bhargava ) [483300]\n- [gfs2] unaligned access in gfs2_bitfit (Abhijith Das ) [485226]\n- [gfs2] remove scand & glockd kernel processes (Benjamin Marzinski ) [273001]\n- [x86] fix tick divider with clocksource=pit (Chris Lalancette ) [427588]\n- [fs] autofs4: fix incorect return in autofs4_mount_busy (Ian Kent ) [496766]\n- [x86] fix cpuid.4 instrumentation (Brian Maly ) [454981]\n- [md] dm-mpath: propagate ioctl error codes (Benjamin Marzinski ) [461469]\n- [fs] aio: race in aio_complete leads to process hang (Jeff Moyer ) [475814]\n- [s390] enable raw devices (Jeff Moyer ) [452534]\n- [net] bnx2: update to latest upstream - 1.9.3 (Ivan Vecera ) [475567 476897 489519]\n- [net] forcedeth: update to upstream version 0.62 (Ivan Vecera ) [479740]\n- [net] r8169: dont update stats counters when IF is down (Ivan Vecera ) [490162]\n- [net] r8169: fix RxMissed register access (Ivan Vecera ) [474334]\n- [x86] prevent boosting kprobes on exception address (Masami Hiramatsu ) [493088]\n- [gfs2] add fiemap support (Steven Whitehouse ) [476626]\n- [net] e1000e: fix false link detection (Michal Schmidt ) [492270]\n- [ppc] pseries: set error_state to pci_channel_io_normal (AMEET M. PARANJAPE ) [496872]\n- [nfs] large writes rejected when sec=krb5i/p specified (Peter Staubach ) [486756]\n- [wireless] iwlwifi: problems switching b/w WPA and WEP (John W. Linville ) [474699]\n- [net] ipv6: assume loopback address in link-local scope (Jiri Pirko ) [487233]\n- [fs] keep eventpoll from locking up the box (Josef Bacik ) [487585]\n- [ppc64] adjust oprofile_cpu_type (AMEET M. PARANJAPE ) [496709]\n- [fs] jbd: properly dispose of unmapped data buffers (Josef Bacik ) [479296]\n- [fs] ext3: dir_index: error out on corrupt dx dirs (Josef Bacik ) [454942]\n- [fs] ext3: dont resize if no reserved gdt blocks left (Josef Bacik ) [443541]\n- [agp] add pci ids for new video cards (John Villalovos ) [474513]\n- [ata] sata_mv: fix chip type for RocketRaid 1740/1742 (David Milburn ) [496338]\n- [misc] exit_notify: kill the wrong capable check (Oleg Nesterov ) [494271] {CVE-2009-1337}\n- [ipmi] fix platform crash on suspend/resume (peterm@redhat.com ) [475536]\n- [ipmi] fix some signedness issues (peterm@redhat.com ) [475536]\n- [ipmi] hold ATTN until upper layer is ready (peterm@redhat.com ) [475536]\n- [ipmi] allow shared interrupts (peterm@redhat.com ) [475536]\n- [scsi] add missing SDEV_DEL state if slave_alloc fails (Tomas Henzl ) [430170]\n- [net] eHEA: mutex_unlock missing in eHEA error path (AMEET M. PARANJAPE ) [482796]\n- [misc] xen: change PVFB not to select abs. pointer (Markus Armbruster ) [492866]\n- [pci] pci-stub module to reserve pci device (Mark McLoughlin ) [491842]\n- [pci] add remove_id sysfs entry (Mark McLoughlin ) [491842]\n- [pci] use proper call to driver_create_file (Mark McLoughlin ) [491842]\n- [pci] fix __pci_register_driver error handling (Mark McLoughlin ) [491842]\n- [misc] add /sys/bus/*/driver_probe (Mark McLoughlin ) [491842]\n- [misc] backport new ramdisk driver (Don Howard ) [480663]\n- [x86] general pci_scan_bus fix for baremetal and xen (Prarit Bhargava ) [494114]\n- [misc] add HP xw460c to bf sort pci list (Prarit Bhargava ) [490068]\n- [mm] enable dumping of hugepages into core dumps (Dave Anderson ) [470411]\n- [misc] hrtimer: check relative timeouts for overflow (AMEET M. PARANJAPE ) [492230]\n- [acpi] add T-state notification support (Luming Yu ) [487567]\n- [x86_64] copy_user_c can zero more data than needed (Vitaly Mayatskikh ) [490938]\n- [misc] hpilo: backport bugfixes and updates for RHEL-5.4 (tcamuso@redhat.com ) [488964]\n- [pci] do not clear PREFETCH register (Prarit Bhargava ) [486185]\n- [misc] waitpid reports stopped process more than once (Vitaly Mayatskikh ) [481199]\n- [scsi] ipr: enhance driver to support MSI-X interrupt (AMEET M. PARANJAPE ) [475717]\n- [specfile] add ability to build only debug kernel (Jeff Layton ) [469707]\n- [xen] clear X86_FEATURE_APIC in cpuid when apic disabled (ddugger@redhat.com ) [496873]\n- [xen] enable systems without APIC (ddugger@redhat.com ) [496873]\n- [xen] vt-d: workaround for Mobile Series 4 Chipset (ddugger@redhat.com ) [496873]\n- [xen] pci: fix definition of PCI_PM_CTRL_NO_SOFT_RESET (ddugger@redhat.com ) [496873]\n- [xen] utilise the GUEST_PAT and HOST_PAT vmcs area (ddugger@redhat.com ) [496873]\n- [xen] VT-d: enhance MTRR/PAT virtualization (ddugger@redhat.com ) [496873]\n- [xen] fix interrupt remapping on AMD systems (Bhavna Sarathy ) [477261]\n- [xen] enable AMD IOMMU Xen driver (Bhavna Sarathy ) [477261]\n- [xen] add AMD IOMMU Xen driver (Bhavna Sarathy ) [477261]\n- [xen] live migration failure due to fragmented memory (Jiri Denemark ) [469130]\n[2.6.18-140.el5]\n- [fs] xfs: add fiemap support (Josef Bacik ) [296951]\n- [net] add DSCP netfilter target (Thomas Graf ) [481652]\n- [gfs2] blocked after recovery (Abhijith Das ) [483541]\n- [net] remove misleading skb_truesize_check (Thomas Graf ) [474883]\n- [mm] 100% time spent under NUMA when zone_reclaim_mode=1 (Larry Woodman ) [457264]\n- [mm] msync does not sync data for a long time (Larry Woodman ) [479079]\n- [md] dm: fix OOps in mempool_free when device removed (Milan Broz ) [495230]\n- [net] bonding: clean up resources upon removing a bond (Masahiro Matsuya ) [463244]\n- [fs] nfs: convert to new aops (Jeff Layton ) [476224]\n- [fs] cifs: update CIFS for RHEL5.4 (Jeff Layton ) [465143]\n- [misc] types: add fmode_t typedef (Jeff Layton ) [465143]\n- [misc] keys: key facility changes for AF_RXRPC (Jeff Layton ) [465143]\n- [misc] xen: bump max_phys_cpus to 256 (Chris Lalancette ) [477206]\n- [misc] fork: CLONE_PARENT && parent_exec_id interaction (Don Howard ) [479964]\n- [wireless] iwlagn: make swcrypto/swcrypto50=1 default (John W. Linville ) [474699]\n- [wireless] mac80211: avoid null deref (John W. Linville ) [482990]\n- [net] fix out of bound access to hook_entries (Thomas Graf ) [484036]\n- [net] sctp: allow sctp_getladdrs to work for IPv6 (Neil Horman ) [492633]\n- [x86] xen: fix interaction between dom0 and NTP (Rik van Riel ) [494879]\n- [ata] sata_mv: fix 8-port timeouts on 508x/6081 chips (David Milburn ) [493451]\n- [net] fixed tcp_ack to properly clear ->icsk_probes_out (Jiri Olsa ) [494427]\n- [x86] xen: crash when specifying mem= (Chris Lalancette ) [240429]\n- [scsi] qla2xxx: reduce DID_BUS_BUSY failover errors (Marcus Barrow ) [244967]\n- [ata] libata: ahci enclosure management bios workaround (David Milburn ) [488471]\n- [scsi] aic7xxx: increase max IO size (mchristi@redhat.com ) [493448]\n- [nfs] v4: client crash on file lookup with long names (Sachin S. Prabhu ) [493942]\n- [mm] fix prepare_hugepage_range to check offset (Larry Woodman ) [488260]\n- [misc] make sure fiemap.h is installed in headers pkg (Josef Bacik ) [296951]\n- [fs] generic block based fiemap (Josef Bacik ) [296951]\n- [fs] add fiemap interface (Josef Bacik ) [296951]\n- [trace] use unregister return value (Jason Baron ) [465543]\n- [trace] change rcu_read_sched -> rcu_read (Jason Baron ) [465543]\n- [trace] introduce noupdate apis (Jason Baron ) [465543]\n- [trace] simplify rcu usage (Jason Baron ) [465543]\n- [trace] fix null pointer dereference (Jason Baron ) [465543]\n- [trace] tracepoints fix reentrancy (Jason Baron ) [465543]\n- [trace] make tracepoints use rcu sched (Jason Baron ) [465543]\n- [trace] use TABLE_SIZE macro (Jason Baron ) [465543]\n- [trace] remove kernel-trace.c (Jason Baron ) [465543]\n- [trace] remove prototype from tracepoint name (Jason Baron ) [465543]\n- [x86] use CPU feature bits to skip tsc_unstable checks (Chris Lalancette ) [463573]\n- [x86] vmware: disable softlock processing on tsc systems (Chris Lalancette ) [463573]\n- [x86] vmware lazy timer emulation (Chris Lalancette ) [463573]\n- [x86] xen: improve KVM timekeeping (Chris Lalancette ) [463573]\n- [x86_64] xen: implement a minimal TSC based clocksource (Chris Lalancette ) [463573]\n- [x86] use cpu_khz for loops_per_jiffy calculation (Chris Lalancette ) [463573]\n- [x86] vmware: look for DMI string in product serial key (Chris Lalancette ) [463573]\n- [x86] VMware: Fix vmware_get_tsc code (Chris Lalancette ) [463573]\n- [x86] xen: add X86_FEATURE_HYPERVISOR feature bit (Chris Lalancette ) [463573]\n- [x86] xen: changes timebase calibration on Vmware (Chris Lalancette ) [463573]\n- [x86] add a synthetic TSC_RELIABLE feature bit (Chris Lalancette ) [463573]\n- [x86] hypervisor: detection and get tsc_freq (Chris Lalancette ) [463573]\n- [x86] fdiv bug detection fix (Chris Lalancette ) [463573]\n- [misc] printk: add KERN_CONT (Chris Lalancette ) [463573]\n- [s390] add additional card IDs to CEX2C and CEX2A (Hans-Joachim Picht ) [488496]\n- [gfs2] merge upstream uevent patches into RHEL 5.4 (Steven Whitehouse ) [476707]\n- [xen] x86: GDT: replace single page with one page/CPU (Chris Lalancette ) [477206]\n- [xen] x86: VPID: free resources (ddugger@redhat.com ) [464821]\n- [xen] x86: VPID: implement feature (ddugger@redhat.com ) [464821]\n- [xen] fix 32-on-64 PV oops in xen_set_pud (Chris Lalancette ) [467698]\n[2.6.18-139.el5]\n- [pci] xen dom0: hook PCI probe and remove callbacks (ddugger@redhat.com ) [484227]\n- [misc] xen dom0: add hypercall for add/remove PCI device (ddugger@redhat.com ) [484227]\n- [pci] xen: dom0/domU MSI support using PHSYDEV_map_irq (ddugger@redhat.com ) [484227]\n- [mm] mmu_notifier: kabi workaround support (john cooper ) [485718]\n- [mm] mmu_notifier: set CONFIG_MMU_NOTIFIER to y (john cooper ) [485718]\n- [mm] mmu-notifier: optimized ability to admin host pages (john cooper ) [485718]\n- [mm] mmu-notifiers: add mm_take_all_locks operation (john cooper ) [485718]\n- [misc] introduce list_del_init_rcu (john cooper ) [485718]\n- [ppc] spufs: fix incorrect buffer offset in regs write (AMEET M. PARANJAPE ) [493426]\n- [ppc] spufs: check offset before calculating write size (AMEET M. PARANJAPE ) [493426]\n- [net] add dropmonitor protocol (Neil Horman ) [470539]\n- [ppc] reject discontiguous MSI-X requests (AMEET M. PARANJAPE ) [492580]\n- [ppc] implement a quota system for MSIs (AMEET M. PARANJAPE ) [492580]\n- [ppc] return req#msi(-x) if request is larger (AMEET M. PARANJAPE ) [492580]\n- [ppc] msi: return the number of MSIs we could allocate (AMEET M. PARANJAPE ) [492580]\n- [ppc] check for MSI-X also in rtas_msi_pci_irq_fixup() (AMEET M. PARANJAPE ) [492580]\n- [ppc] add support for ibm,req#msi-x (AMEET M. PARANJAPE ) [492580]\n- [ppc] fix MSI-X interrupt querying (AMEET M. PARANJAPE ) [492580]\n- [ppc] msi: return the number of MSI-X available (AMEET M. PARANJAPE ) [492580]\n- [trace] add include/trace dir to -devel (Jason Baron ) [489096]\n- [mm] xen: 'ptwr_emulate' messages when booting PV guest (Chris Lalancette ) [490567]\n- [fs] lockd: reference count leaks in async locking case (Jeff Layton ) [471254]\n- [s390] kernel: cpcmd with vmalloc addresses (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: error handling in iucv_callback_txdone (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: broken send_skb_q result in endless loop (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: free iucv path/socket in path_pending cb (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: avoid left over IUCV connections (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: new error return codes for connect (Hans-Joachim Picht ) [487697]\n- [s390] af_iucv: hang if recvmsg is used with MSG_PEEK (Hans-Joachim Picht ) [487703]\n- [net] ixgbe: stop double counting frames and bytes (Andy Gospodarek ) [487213]\n- [net] netfilter: x_tables: add connlimit match (Jiri Pirko ) [483588]\n- [nfs] only set file_lock.fl_lmops if stateowner is found (Jeff Layton ) [479323]\n- [dlm] init file_lock before copying conflicting lock (Jeff Layton ) [479323]\n- [nfs] nfsd: ensure nfsv4 calls the fs on LOCKT (Jeff Layton ) [479323]\n- [net] allow for on demand emergency route cache flushing (Neil Horman ) [461655]\n- [xen] x86: update the earlier APERF/MPERF patch (Chris Lalancette ) [493557]\n- [xen] fix evtchn exhaustion with 32-bit HVM guest (Chris Lalancette ) [489274]\n- [xen] ia64: fix HVM guest kexec (Chris Lalancette ) [418591]\n- [xen] ia64: fix whitespace error in vmx.h (Chris Lalancette ) [477098]\n- [xen] add hypercall for adding and removing PCI devices (ddugger@redhat.com ) [484227]\n- [xen] HVM MSI passthrough support (ddugger@redhat.com ) [484227]\n- [xen] VT-d2: enable interrupt remapping for MSI/MSI-x (ddugger@redhat.com ) [484227]\n- [xen] MSI support interface (ddugger@redhat.com ) [484227]\n- [xen] MSI supprt internal functions (ddugger@redhat.com ) [484227]\n- [xen] convert pirq to per-domain (ddugger@redhat.com ) [484227]\n- [xen] rename evtchn_lock to event_lock (ddugger@redhat.com ) [484227]\n- [xen] sync VT-d2 code with xen-unstable (ddugger@redhat.com ) [484227]\n- [xen] VT-d2: support interrupt remapping (ddugger@redhat.com ) [484227]\n- [xen] VT-d2: support queue invalidation (ddugger@redhat.com ) [484227]\n- [xen] x86: emulate accesses to PCI window regs cf8/cfc (ddugger@redhat.com ) [484227]\n- [xen] vtd: avoid redundant context mapping (ddugger@redhat.com ) [484227]\n- [xen] x86: fix EPT for VT-d (ddugger@redhat.com ) [484227]\n- [xen] x86: add domctl interfaces for VT-d (ddugger@redhat.com ) [484227]\n- [xen] x86: memory changes for VT-d (ddugger@redhat.com ) [484227]\n- [xen] x86: intercept I/O for assigned device (ddugger@redhat.com ) [484227]\n- [xen] x86: IRQ injection changes for VT-d (ddugger@redhat.com ) [484227]\n- [xen] add VT-d specific files (ddugger@redhat.com ) [484227]\n- [xen] some system changes for VT-d (ddugger@redhat.com ) [484227]\n- [xen] add VT-d public header files (ddugger@redhat.com ) [484227]\n- [xen] ia64: add pci definitions and access functions (ddugger@redhat.com ) [484227]\n[2.6.18-138.el5]\n- [nfs] remove bogus lock-if-signalled case (Bryn M. Reeves ) [456288]\n- [gfs2] fix uninterruptible quotad sleeping (Steven Whitehouse ) [492943]\n- [net] iptables NAT port randomisation (Thomas Graf ) [459943]\n- [gfs2] tar off gfs2 broken - truncated symbolic links (Steven Whitehouse ) [492911]\n- [net] skip redirect msg if target addr is not link-local (Thomas Graf ) [481209]\n- [scsi] lpfc: remove duplicate pci* functions from driver (Prarit Bhargava ) [442007]\n- [net] igb: make driver ioport free (Prarit Bhargava ) [442007]\n- [net] e1000: make driver ioport free (Prarit Bhargava ) [442007]\n- [net] e1000e: make driver ioport free (Prarit Bhargava ) [442007]\n- [pci] add pci*_selected_region/pci_enable_device_io|mem (Prarit Bhargava ) [442007]\n- [x86] NONSTOP_TSC in tsc clocksource (Luming Yu ) [474091]\n- [ppc] keyboard not recognized on bare metal (Justin Payne ) [455232]\n- [fs] writeback: fix persistent inode->dirtied_when val (Jeff Layton ) [489359]\n- [fs] xfs: misc upstream fixes (Eric Sandeen ) [470845]\n- [fs] xfs: fix compat ioctls (Eric Sandeen ) [470845]\n- [fs] xfs: new aops interface (Eric Sandeen ) [470845]\n- [fs] xfs: backport to rhel5.4 kernel (Eric Sandeen ) [470845]\n- [fs] xfs: update to 2.6.28.6 codebase (Eric Sandeen ) [470845]\n- [fs] d_obtain_alias helper (Eric Sandeen ) [470845]\n- [fs] d_add_ci helper (Eric Sandeen ) [470845]\n- [misc] completion helpers (Eric Sandeen ) [470845]\n- [fs] block_page_mkwrite helper (Eric Sandeen ) [470845]\n- [mm] generic_segment_checks helper (Eric Sandeen ) [470845]\n- [i2c] add support for SB800 SMBus (Bhavna Sarathy ) [488746]\n- [i2c] i2c-piix4: support for the Broadcom HT1100 chipset (Flavio Leitner ) [474240]\n- [s390] hvc_iucv: z/VM IUCV hypervisor console support (Hans-Joachim Picht ) [475551]\n- [s390] hvc_console: upgrade version of hvc_console (Hans-Joachim Picht ) [475551]\n- [s390] iucv: locking free version of iucv_message_ (Hans-Joachim Picht ) [475551]\n- [s390] set default preferred console device 'ttyS' (Hans-Joachim Picht ) [475551]\n- [s390] kernel: shutdown action 'dump_reipl' (Hans-Joachim Picht ) [474688]\n- [s390] splice: handle try_to_release_page failure (Hans-Joachim Picht ) [475334]\n- [s390] blktrace: add ioctls to SCSI generic devices (Hans-Joachim Picht ) [475334]\n- [s390] add FCP performance data collection (Hans-Joachim Picht ) [475334]\n- [s390] extra kernel parameters via VMPARM (Hans-Joachim Picht ) [475530]\n- [s390] kernel: extra kernel parameters via VMPARM (Hans-Joachim Picht ) [475530]\n- [s390] z90crypt: add ap adapter interrupt support (Hans-Joachim Picht ) [474700]\n- [s390] add Call Home data (Hans-Joachim Picht ) [475820]\n- [s390] kernel: processor degredation support (Hans-Joachim Picht ) [475820]\n- [s390] kernel: Shutdown Actions Interface (Hans-Joachim Picht ) [475563]\n- [s390] provide service levels of HW & Hypervisor (Hans-Joachim Picht ) [475570]\n- [s390] qeth: ipv6 support for hiper socket layer 3 (Hans-Joachim Picht ) [475572]\n- [s390] kernel: NSS Support (Hans-Joachim Picht ) [474646]\n- [acpi] donot evaluate _PPC until _PSS has been evaluated (Matthew Garrett ) [469105]\n- [net] iwlwifi: enable LEDS Kconfig options (John W. Linville ) [486030]\n- [spec] devel pkg: own the directories they write too (Don Zickus ) [481808]\n- [crypto] bugfixes to ansi_cprng for fips compliance (Neil Horman ) [481175 469437]\n- [scsi] qla2xxx: production FCoE firmware (Marcus Barrow ) [471900]\n- [scsi] qla2xxx: production FCoE support (Marcus Barrow ) [471900]\n- [fs] add compat_sys_ustat (Eric Sandeen ) [472426]\n- [x86_64] panic if AMD cpu_khz is wrong (Prarit Bhargava ) [472523]\n- [x86] fix calls to pci_scan_bus (Prarit Bhargava ) [470202]\n[2.6.18-137.el5]\n- [fs] HFS: mount memory leak (Dave Anderson ) [488048]\n- [docs] document netdev_budget (Stanislaw Gruszka ) [463249]\n- [net] netfilter: nfmark IPV6 routing in OUTPUT (Anton Arapov ) [470059]\n- [gfs2] use ->page_mkwrite for mmap() (Benjamin Marzinski ) [315191]\n- [fs] ecryptfs: fix memory leak into crypto headers (Eric Sandeen ) [491256]\n- [x86] add nonstop_tsc flag in /proc/cpuinfo (Luming Yu ) [474091]\n- [alsa] HDA: update for RHEL-5.4 (Jaroslav Kysela ) [483594]\n- [fs] autofs4: fix lookup deadlock (Ian Kent ) [490078]\n- [fs] autofs4: make autofs type usage explicit (Ian Kent ) [452120]\n- [fs] autofs4: add miscelaneous device for ioctls (Ian Kent ) [452120]\n- [fs] autofs4: devicer node ioctl docoumentation (Ian Kent ) [452120]\n- [fs] autofs4: track uid and gid of last mount requester (Ian Kent ) [452120]\n- [nfs] memory corruption in nfs3_xdr_setaclargs (Sachin S. Prabhu ) [479432]\n- [misc] cpuset: attach_task fixes (KII Keiichi ) [471634]\n- [s390] dasd: fix race in dasd timer handling (Hans-Joachim Picht ) [490128]\n- [x86] use [ml]fence to synchronize rdtsc (Chris Lalancette ) [448588]\n- [xen] silence MMCONFIG warnings (Chris Lalancette ) [462572]\n- [xen] fix occasional deadlocks in Xen netfront (Chris Lalancette ) [480939]\n- [xen] fix crash when modprobe xen-vnif in a KVM guest (Chris Lalancette ) [487691]\n- [xen] xen reports bogus LowTotal (Chris Lalancette ) [428892]\n- [xen] wait 5 minutes for device connection (Chris Lalancette ) [396621]\n- [xen] only recover connected devices on resume (Chris Lalancette ) [396621]\n- [xen] ia64: fix bad mpa messages (Chris Lalancette ) [288511]\n- [net] handle non-linear packets in skb_checksum_setup (Herbert Xu ) [477012]\n- [fs] fix __page_symlink to be kabi friendly (Josef Bacik ) [445433]\n- [fs] ext3: convert to new aops (Josef Bacik ) [445433]\n- [mm] make new aops kABI friendly (Josef Bacik ) [445433]\n- [fs] fix symlink allocation context (Josef Bacik ) [445433]\n- [mm] iov_iter_advance fix, dont go off the end (Josef Bacik ) [445433]\n- [mm] fix infinite loop with iov_iter_advance (Josef Bacik ) [445433]\n- [mm] restore the KERNEL_DS optimisations (Josef Bacik ) [445433]\n- [gfs2] remove generic aops stuff (Josef Bacik ) [445433]\n- [fs] new cont helpers (Josef Bacik ) [445433]\n- [mm] introduce new aops, write_begin and write_end (Josef Bacik ) [445433]\n- [fs] splice: dont do readpage (Josef Bacik ) [445433]\n- [fs] splice: dont steal pages (Josef Bacik ) [445433]\n- [gfs2] remove static iov iter stuff (Josef Bacik ) [445433]\n- [mm] iov_iter helper functions (Josef Bacik ) [445433]\n- [mm] fix pagecache write deadlocks (Josef Bacik ) [445433]\n- [mm] write iovec cleanup (Josef Bacik ) [445433]\n- [mm] fix other users of __grab_cache_page (Josef Bacik ) [445433]\n- [mm] cleanup page caching stuff (Josef Bacik ) [445433]\n- [mm] cleanup error handling (Josef Bacik ) [445433]\n- [mm] clean up buffered write code (Josef Bacik ) [445433]\n- [mm] revert deadlock on vectored write fix (Josef Bacik ) [445433]\n- [mm] kill the zero-length iovec segments handling (Josef Bacik ) [445433]\n- [mm] revert KERNEL_DS buffered write optimisation (Josef Bacik ) [445433]\n- [mm] clean up pagecache allocation (Josef Bacik ) [445433]\n- [x86] move pci_video_fixup to later in boot (Prarit Bhargava ) [467785]\n- [usb] net: dm9601: upstream fixes for 5.4 (Ivan Vecera ) [471800]\n- [xen] ia64: fix FP emulation in a PV domain (Chris Lalancette ) [477098]\n- [xen] ia64: make sure guest pages dont change (Chris Lalancette ) [477098]\n- [xen] improve handle_fpu_swa (Chris Lalancette ) [477098]\n- [xen] ia64: fix windows 2003 BSOD (Chris Lalancette ) [479923]\n- [xen] x86: fix dom0 panic when using dom0_max_vcpus (Chris Lalancette ) [485119]\n- [xen] x86: silence WRMSR warnings (Chris Lalancette ) [470035]\n[2.6.18-136.el5]\n- Revert: [x86_64] fix gettimeoday TSC overflow issue (Prarit Bhargava ) [467942]\n- [ptrace] audit_syscall_entry to use right syscall number (Jiri Pirko ) [488002] {CVE-2009-0834}\n- [md] dm: check log bitmap will fit within the log device (Milan Broz ) [471565]\n- [nfs] add 'lookupcache' mount option for nfs shares (Sachin S. Prabhu ) [489285]\n- [nfs] add fine grain control for lookup cache in nfs (Sachin S. Prabhu ) [489285]\n- [net] tulip: MTU problems with 802.1q tagged frames (Ivan Vecera ) [484796]\n- [net] rtnetlink: fix sending message when replace route (Jiri Pirko ) [462725]\n- [s390] sclp: handle zero-length event buffers (Hans-Joachim Picht ) [487695]\n- [s390] dasd: DASDFMT not operating like CPFMTXA (Hans-Joachim Picht ) [484836]\n- [xen] fix blkfront bug with overflowing ring (Chris Lalancette ) [460693]\n- [net] ipv6: disallow IPPROTO_IPV6-level IPV6_CHECKSUM (Jiri Pirko ) [486204]\n- [ide] fix interrupt flood at startup w/ESB2 (James Paradis ) [438979]\n- [s390] cio: Properly disable not operational subchannel (Hans-Joachim Picht ) [487701]\n- [misc] kernel-headers: add serial_reg.h (Don Zickus ) [463538]\n[2.6.18-135.el5]\n- [s390] iucv: failing cpu hot remove for inactive iucv (Hans-Joachim Picht ) [485412]\n- [s390] dasd: fix waitqueue for sleep_on_immediatly (Hans-Joachim Picht ) [480161]\n- [ide] increase timeouts in wait_drive_not_busy (Stanislaw Gruszka ) [464039]\n- [x86_64] mce: do not clear an unrecoverable error status (Aristeu Rozanski ) [489692]\n- [wireless] iwlwifi: booting with RF-kill switch enabled (John W. Linville ) [482990]\n- [net] put_cmsg: may cause application memory overflow (Jiri Pirko ) [488367]\n- [x86_64] fix gettimeoday TSC overflow issue (Prarit Bhargava ) [467942]\n- [net] ipv6: check hop limit setting in ancillary data (Jiri Pirko ) [487406]\n- [net] ipv6: check outgoing interface in all cases (Jiri Pirko ) [486215]\n- [acpi] disable GPEs at the start of resume (Matthew Garrett ) [456302]\n- [crypto] include crypto headers in kernel-devel (Neil Horman ) [470929]\n- [net] netxen: rebase for RHEL-5.4 (tcamuso@redhat.com ) [485381]\n- [misc] signal: modify locking to handle large loads (AMEET M. PARANJAPE ) [487376]\n- [kexec] add ability to dump log from vmcore file (Neil Horman ) [485308]\n- [fs] ext3: handle collisions in htree dirs (Eric Sandeen ) [465626]\n- [acpi] use vmalloc in acpi_system_read_dsdt (Prarit Bhargava ) [480142]\n- [misc] make ioctl.h compatible with userland (Jiri Pirko ) [473947]\n- [nfs] sunrpc: add sv_maxconn field to svc_serv (Jeff Layton ) [468092]\n- [nfs] lockd: set svc_serv->sv_maxconn to a better value (Jeff Layton ) [468092]\n- [mm] decrement reclaim_in_progress after an OOM kill (Larry Woodman ) [488955]\n- [misc] sysrq-t: display backtrace for runnable processes (Anton Arapov ) [456588]\n[2.6.18-134.el5]\n- [dlm] fix length calculation in compat code (David Teigland ) [487672]\n- [net] ehea: remove adapter from list in error path (AMEET M. PARANJAPE ) [488254]\n- [x86] reserve low 64k of memory to avoid BIOS corruption (Matthew Garrett ) [471851]\n- [nfs] fix hung clients from deadlock in flush_workqueue (David Jeffery ) [483627]\n- [net] fix a few udp counters (Neil Horman ) [483266]\n- [ia64] use current_kernel_time/xtime in hrtimer_start() (Prarit Bhargava ) [485323]\n- [sata] libata: ahci withdraw IGN_SERR_INTERNAL for SB800 (David Milburn ) [474301]\n- [ata] libata: iterate padded atapi scatterlist (David Milburn ) [446086]\n- [x86] TSC keeps running in C3+ (Luming Yu ) [474091]\n- [acpi] fix C-states less efficient on certain machines (Luming Yu ) [484174]\n- [net] ipv6: fix getsockopt for sticky options (Jiri Pirko ) [484105 483790]\n- [ppc64] cell spufs: update to the upstream for RHEL-5.4 (AMEET M. PARANJAPE ) [475620]\n- [ppc64] cell: fix npc setting for NOSCHED contexts (AMEET M. PARANJAPE ) [467344]\n- [ppc64] handle null iommu dma-window property correctly (AMEET M. PARANJAPE ) [393241]\n- [net] e1000, bnx2: enable entropy generation (Ivan Vecera ) [439898]\n- Revert: [xen] console: make LUKS passphrase readable (Bill Burns ) [475986]\n- [gfs2] add UUID to gfs2 super block (Steven Whitehouse ) [242696]\n- [x86] consistent time options for x86_64 and i386 (Prarit Bhargava ) [475374]\n- [xen] allow > 4GB EPT guests on i386 (Chris Lalancette ) [478522]\n- [xen] clear screen to make LUKS passphrase visible (Bill Burns ) [475986]\n[2.6.18-133.el5]\n- [net] fix oops when using openswan (Neil Horman ) [484590]\n- [net] bonding: fix arp_validate=3 slaves behaviour (Jiri Pirko ) [484304]\n- [serial] 8250: fix boot hang when using with SOL port (Mauro Carvalho Chehab ) [467124]\n- [usb] sb600/sb700: workaround for hang (Pete Zaitcev ) [471972]\n- [gfs2] make quota mount option consistent with gfs (Bob Peterson ) [486168]\n- [xen] pv-block: remove anaconda workaround (Don Dutile ) [477005]\n- [ppc64] power7: fix /proc/cpuinfo cpus info (AMEET M. PARANJAPE ) [486649]\n- [net] skfp_ioctl inverted logic flaw (Eugene Teo ) [486540] {CVE-2009-0675}\n- [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene Teo ) [486518] {CVE-2009-0676}\n- [net] enic: upstream update to version 1.0.0.933 (Andy Gospodarek ) [484824]\n- [mm] cow vs gup race fix (Andrea Arcangeli ) [471613]\n- [mm] fork vs gup race fix (Andrea Arcangeli ) [471613]\n- [gfs2] parsing of remount arguments incorrect (Bob Peterson ) [479401]\n- [ppc64] eeh: disable/enable LSI interrupts (AMEET M. PARANJAPE ) [475696]\n- [x86] limit max_cstate to use TSC on some platforms (Tony Camuso ) [470572]\n- [ptrace] correctly handle ptrace_update return value (Jerome Marchand ) [483814]\n- [dlm] fix plock notify callback to lockd (David Teigland ) [470074]\n- [input] wacom: 12x12 problem while using lens cursor (Aristeu Rozanski ) [484959]\n- [wireless] ath5k: update to F10 version (Michal Schmidt ) [479049]\n- [xen] disable suspend in kernel (Justin M. Forbes ) [430928]\n- [net] ipv6: update setsockopt to support RFC 3493 (Jiri Pirko ) [484971]\n- [net] ipv6: check length of userss optval in setsockopt (Jiri Pirko ) [484977]\n- [scsi] handle work queue and shost_data setup failures (mchristi@redhat.com ) [450862]\n- [net] skbuff: fix oops in skb_seq_read (mchristi@redhat.com ) [483285]\n- [net] sky2: update driver for RHEL-5.4 (Neil Horman ) [484712]\n- [net] ipv6: Hop-by-Hop options header returned bad value (Jiri Pirko ) [483793]\n- [pci] fix MSI descriptor leak during hot-unplug (James Paradis ) [484943]\n- [net] improve udp port randomization (Vitaly Mayatskikh ) [480951]\n- [misc] ia64, s390: add kernel version to panic output (Prarit Bhargava ) [484403]\n- [x86-64] fix int db_5.RHSA-2009-1243x80 -ENOSYS return (Vitaly Mayatskikh ) [481682]\n- [net] dont add NAT extension for confirmed conntracks (Herbert Xu ) [481076]\n- [xen] fbfront dirty race (Markus Armbruster ) [456893]\n- [net] ehea: improve behaviour in low mem conditions (AMEET M. PARANJAPE ) [483148]\n- [net] fix icmp_send and icmpv6_send host re-lookup code (Jiri Pirko ) [439670]\n- [scsi] ibmvscsi: N-Port-ID support on ppc64 (AMEET M. PARANJAPE ) [474701]\n- [xen] guest crash when host has >= 64G RAM (Rik van Riel ) [448115]\n- [ppc] cell: add support for power button on blades (AMEET M. PARANJAPE ) [475658]\n- [ppc64] serial_core: define FIXED_PORT flag (AMEET M. PARANJAPE ) [475621]\n- [s390] cio: I/O error after cable pulls 2 (Hans-Joachim Picht ) [479878]\n- [misc] ptrace, utrace: fix blocked signal injection (Jerome Marchand ) [451849]\n- [xen] irq: remove superfluous printk (Rik van Riel ) [456095]\n- [s390] qeth: print HiperSocket version on z9 and later (Hans-Joachim Picht ) [479881]\n- [s390] qeth: crash in case of layer mismatch for VSWITCH (Hans-Joachim Picht ) [476205]\n- [s390] qdio: only 1 buffer in INPUT_PROCESSING state (Hans-Joachim Picht ) [479867]\n- [s390] disable cpu topology support by default (Hans-Joachim Picht ) [475797]\n- [s390] qeth: unnecessary support ckeck in sysfs route6 (Hans-Joachim Picht ) [474469]\n- [s390] cio: ccwgroup online vs. ungroup race condition (Hans-Joachim Picht ) [479879]\n- [s390] dasd: dasd_device_from_cdev called from interrupt (Hans-Joachim Picht ) [474806]\n- [misc] minor signal handling vulnerability (Oleg Nesterov ) [479964] {CVE-2009-0028}\n[2.6.18-132.el5]\n- [firmware] dell_rbu: prevent oops (Don Howard ) [482942]\n- [fs] lockd: improve locking when exiting from a process (Peter Staubach ) [448929]\n- [misc] backport RUSAGE_THREAD support (Jerome Marchand ) [451063]\n- [gfs2] panic in debugfs_remove when unmounting (Abhijith Das ) [483617]\n- [nfs] memory corruption in nfs3_xdr_setaclargs (Sachin S. Prabhu ) [479432]\n- [nfs] fix hangs during heavy write workloads (Peter Staubach ) [469848]\n- [pci] msi: set 'En' bit for devices on HT-based platform (Andy Gospodarek ) [290701]\n- [net] ipt_REJECT: properly handle IP options (Ivan Vecera ) [473504]\n- [ppc] cell: fix GDB watchpoints (AMEET M. PARANJAPE ) [480239]\n- [edac] add i5400 driver (Mauro Carvalho Chehab ) [462895]\n- [xen] fix disappearing PCI devices from PV guests (Bill Burns ) [233801]\n- [net] s2io: flush statistics when changing the MTU (AMEET M. PARANJAPE ) [459514]\n- [scsi] no-sense msgs, data corruption, but no i/o errors (Rob Evers ) [468088]\n- [powerpc] wait for a panic_timeout > 0 before reboot (AMEET M. PARANJAPE ) [446120]\n- [ppc64] cell: axon-msi: Retry on missing interrupt (AMEET M. PARANJAPE ) [472405]\n- [ppc] MSI interrupts are unreliable on IBM QS21 and QS22 (AMEET M. PARANJAPE ) [472405]\n- [crypto] des3_ede: permit weak keys unless REQ_WEAK_KEY (Jarod Wilson ) [474394]\n- [ata] JMB361 only has one port (Prarit Bhargava ) [476206]\n- [net] r8169: disable the ability to change MAC address (Ivan Vecera ) [475867]\n- [misc] futex.h: remove kernel bits for userspace header (Anton Arapov ) [475790]\n- [fs] inotify: send IN_ATTRIB event on link count changes (Eric Paris ) [471893]\n- [misc] ppc64: large sends fail with unix domain sockets (Larry Woodman ) [461312]\n- [audit] misc kernel fixups (Alexander Viro ) [475330]\n- [audit] records for descr created by pipe and socketpair (Alexander Viro ) [475278]\n- [audit] control character detection is off-by-one (Alexander Viro ) [475150]\n- [audit] fix kstrdup error check (Alexander Viro ) [475149]\n- [audit] assorted audit_filter_task panics on ctx == NULL (Alexander Viro ) [475147]\n- [audit] increase AUDIT_MAX_KEY_LEN (Alexander Viro ) [475145]\n- [nfs] race with nfs_access_cache_shrinker() and umount (Peter Staubach ) [469225]\n- [nfs] lockd: handle long grace periods correctly (Peter Staubach ) [474590]\n- [crypto] ansi_cprng: fix inverted DT increment routine (Jarod Wilson ) [471281]\n- [crypto] ansi_cprng: extra call to _get_more_prng_bytes (Jarod Wilson ) [471281]\n- [fs] proc: Proportional Set Size calculation and display (Larry Woodman ) [471969]\n- [video] avoid writing outside shadow.bytes array (Mauro Carvalho Chehab ) [471844]\n- [fs] need locking when reading /proc/\n/oom_score (Larry Woodman ) [470459]\n- [x86] memmap=X does not yield new map (Prarit Bhargava ) [464500]\n- [s390] qeth: avoid problems after failing recovery (Hans-Joachim Picht ) [468019]\n- [s390] qeth: avoid skb_under_panic for bad inbound data (Hans-Joachim Picht ) [468075]\n- [s390] sclp: incorrect softirq disable/enable (Hans-Joachim Picht ) [468021]\n- [crypto] export DSA_verify as a gpl symbol (Jarod Wilson ) [470111]\n- [s390] lcs: output request completion with zero cpa val (Hans-Joachim Picht ) [463165]\n- [s390] dasd: oops when Hyper PAV alias is set online (Hans-Joachim Picht ) [458155]\n- [s390] ipl: file boot then boot from alt dev wont work (Hans-Joachim Picht ) [458115]\n- [s390] zfcp: remove messages flooding the kernel log (Hans-Joachim Picht ) [455260]\n- [snd] fix snd-sb16.ko compile (Prarit Bhargava ) [456698]\n[2.6.18-131.el5]\n- [scsi] libata: sas_ata fixup sas_sata_ops (David Milburn ) [483171]\n- [fs] ecryptfs: readlink flaw (Eric Sandeen ) [481607] {CVE-2009-0269}\n- [crypto] ccm: fix handling of null assoc data (Jarod Wilson ) [481031]\n- [misc] fix leap second hang (Prarit Bhargava ) [479765]\n- [qla2xxx] correct endianness during flash manipulation (Marcus Barrow ) [481691]\n- [net] gso: ensure that the packet is long enough (Jiri Pirko ) [479927]\n- [audit] remove bogus newlines in EXECVE audit records (Jiri Pirko ) [479412]\n- [ppc] dont reset affinity for secondary MPIC on boot (AMEET M. PARANJAPE ) [480801]\n- [nfs] knfsd: alloc readahead cache in individual chunks (Jeff Layton ) [459397]\n- [nfs] knfsd: read-ahead cache, export table corruption (Jeff Layton ) [459397]\n- [nfs] knfsd: replace kmalloc/memset with kcalloc (Jeff Layton ) [459397]\n- [nfs] knfsd: make readahead params cache SMP-friendly (Jeff Layton ) [459397]\n- [crypto] fix sha384 blocksize definition (Neil Horman ) [469167]\n[2.6.18-130.el5]\n- [security] keys: introduce missing kfree (Jiri Pirko ) [480598] {CVE-2009-0031}\n- [net] ixgbe: frame reception and ring parameter issues (Andy Gospodarek ) [475625]\n- [net] tcp-lp: prevent chance for oops (Ivan Vecera ) [478638]\n- [misc] fix memory leak during pipe failure (Benjamin Marzinski ) [478643]\n- [block] enforce a minimum SG_IO timeout (Eugene Teo ) [475406] {CVE-2008-5700}\n- [x86] pci domain: re-enable support on blacklisted boxes (Prarit Bhargava ) [474891]\n- [fs] link_path_walk sanity, stack usage optimization (Anton Arapov ) [470139]\n- [x86_64] incorrect cpu_khz calculation for AMD processor (Prarit Bhargava ) [467782]\n- [crypto] fips: panic kernel if we fail crypto self tests (Neil Horman ) [462909]\n- [genkey] increase signing key length to 1024 bits (Neil Horman ) [413241]\n- [x86] kdump: lockup when crashing with console_sem held (Neil Horman ) [456934]\n- [fs] ext[234]: directory corruption DoS (Eugene Teo ) [459604] {CVE-2008-3528}\n[2.6.18-129.el5]\n- [gfs2] mount attempt hangs if no more journals available (Bob Peterson ) [475312]\n- [sched] fix clock_gettime monotonicity (Peter Zijlstra ) [477763]\n- [nfs] create rpc clients with proper auth flavor (Jeff Layton ) [465456]\n- [nfs] handle attribute timeout and u32 jiffies wrap (Jeff Layton ) [460133]\n- [net] deadlock in Hierarchical token bucket scheduler (Neil Horman ) [474797]\n- [net] sctp: overflow with bad stream ID in FWD-TSN chunk (Eugene Teo ) [478805] {CVE-2009-0065}\n- [md] fix oops with device-mapper mirror target (Heinz Mauelshagen ) [472558]\n- [openib] restore traffic in connected mode on HCA (AMEET M. PARANJAPE ) [477000]\n- [net] add preemption point in qdisc_run (Jiri Pirko ) [471398] {CVE-2008-5713}\n- [wireless] iwl: fix BUG_ON in driver (Neil Horman ) [477671]\n- [x86_64] copy_user_c assembler can leave garbage in rsi (Larry Woodman ) [456682]\n- [misc] setpgid returns ESRCH in some situations (Oleg Nesterov ) [472433]\n- [s390] zfcp: fix hexdump data in s390dbf traces (Hans-Joachim Picht ) [470618]\n- [fs] hfsplus: fix buffer overflow with a corrupted image (Anton Arapov ) [469638] {CVE-2008-4933}\n- [fs] hfsplus: check read_mapping_page return value (Anton Arapov ) [469645] {CVE-2008-4934}\n- [fs] hfs: fix namelength memory corruption (Anton Arapov ) [470773] {CVE-2008-5025}\n- [net] netlink: fix overrun in attribute iteration (Eugene Teo ) [462283]", "published": "2009-09-08T00:00:00", "modified": "2009-09-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://linux.oracle.com/errata/ELSA-2009-1243.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2009-2692", "CVE-2009-1385", "CVE-2008-5700", "CVE-2008-3528", "CVE-2008-5713", "CVE-2009-0675", "CVE-2009-0747", "CVE-2009-0746", "CVE-2009-2698", "CVE-2009-0028", "CVE-2009-1072", "CVE-2009-0676", "CVE-2009-1192", "CVE-2008-5025", "CVE-2009-0065", "CVE-2009-0745", "CVE-2009-2407", "CVE-2008-4933", "CVE-2009-1337", "CVE-2007-5966", "CVE-2009-1388", "CVE-2009-0269", "CVE-2009-1389", "CVE-2009-0834", "CVE-2009-1633", "CVE-2009-0748", "CVE-2009-0031", "CVE-2009-2406", "CVE-2009-1439", "CVE-2009-2848", "CVE-2009-1897", "CVE-2007-3719", "CVE-2008-4934", "CVE-2009-1630", "CVE-2009-2847"], "immutableFields": [], "lastseen": "2019-05-29T18:38:49", "viewCount": 38, "enchantments": {"dependencies": {"references": [{"type": "android", "idList": ["ANDROID:SOCK_SENDPAGE"]}, {"type": "canvas", "idList": ["PROTO_OPS_NULL"]}, {"type": "centos", "idList": ["CESA-2008:0972", "CESA-2009:0014", "CESA-2009:0326", "CESA-2009:0331", "CESA-2009:0459", "CESA-2009:0473", "CESA-2009:1106", "CESA-2009:1193", "CESA-2009:1222", "CESA-2009:1223", "CESA-2009:1233", "CESA-2009:1243", "CESA-2009:1438", "CESA-2009:1550"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2009-340", "CPAI-2009-467", "CPAI-2015-0376"]}, {"type": "checkpoint_security", "idList": ["CPS:SK42420", "CPS:SK42600"]}, {"type": "cve", "idList": ["CVE-2007-3719", "CVE-2007-5966", "CVE-2008-3528", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5700", "CVE-2008-5713", "CVE-2009-0028", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0834", "CVE-2009-1072", "CVE-2009-1192", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1897", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692", "CVE-2009-2698", "CVE-2009-2847", "CVE-2009-2848", "CVE-2009-2962", "CVE-2009-4536", "CVE-2009-4537"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1436-1:A63C3", "DEBIAN:DSA-1681-1:67CE4", "DEBIAN:DSA-1687-1:1BA38", "DEBIAN:DSA-1749-1:B61FF", "DEBIAN:DSA-1787-1:1654D", "DEBIAN:DSA-1794-1:CF19C", "DEBIAN:DSA-1800-1:C8938", "DEBIAN:DSA-1809-1:64C07", "DEBIAN:DSA-1844-1:B4D67", "DEBIAN:DSA-1845-1:D0DFF", "DEBIAN:DSA-1862-1:C1869", "DEBIAN:DSA-1864-1:B2834", "DEBIAN:DSA-1865-1:34CE7", "DEBIAN:DSA-1872-1:3575F", "DEBIAN:DSA-1928-1:AD816"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-3719"]}, {"type": "exploitdb", "idList": ["EDB-ID:8556", "EDB-ID:9477", "EDB-ID:9479", "EDB-ID:9542", "EDB-ID:9574", "EDB-ID:9575"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:4F88E5E8FE4BE7BADDC75AABF81C4DF7", "EXPLOITPACK:C73358FA43F9D0458E66661B68108C1D", "EXPLOITPACK:EC59CF0D0A8C58A6BA88DD9DDE82A311", "EXPLOITPACK:F1A9BD18B358D167D508909A06999F96", "EXPLOITPACK:FF3D313D03F8BCB90EE2F22064032248", "EXPLOITPACK:FFC7937A2F3CCF339D4184C9A6F06FDC"]}, {"type": "f5", "idList": ["F5:K10772", "SOL10772", "SOL16349", "SOL16351"]}, {"type": "fedora", "idList": ["FEDORA:0A08C10F8CD", "FEDORA:2478710F7EA", "FEDORA:24DB910F87E", "FEDORA:2A46A208DA7", "FEDORA:2BC4510F896", "FEDORA:2CF2010F7EA", "FEDORA:2DF3C10F88B", "FEDORA:3462710F8B9", "FEDORA:41D6810F891", "FEDORA:43A4210F8C3", "FEDORA:45AC610F8D3", "FEDORA:52EFE10F85C", "FEDORA:5AA2F10FA12", "FEDORA:5B2C610F862", "FEDORA:6D5F810F87F", "FEDORA:7B88D10F857", "FEDORA:91FDD10F8A2", "FEDORA:921C610F878", "FEDORA:B0F721107BF", "FEDORA:B3FC210F880", "FEDORA:C07E810F9BD", "FEDORA:C80E110F85F", "FEDORA:EA327208DDB", "FEDORA:EC31A2084B7", "FEDORA:F394810F8A0"]}, {"type": "kitploit", "idList": ["KITPLOIT:5310354020898253604"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2008-0972.NASL", "CENTOS_RHSA-2009-0014.NASL", "CENTOS_RHSA-2009-0326.NASL", "CENTOS_RHSA-2009-0331.NASL", "CENTOS_RHSA-2009-0459.NASL", "CENTOS_RHSA-2009-0473.NASL", "CENTOS_RHSA-2009-1106.NASL", "CENTOS_RHSA-2009-1193.NASL", "CENTOS_RHSA-2009-1222.NASL", "CENTOS_RHSA-2009-1223.NASL", "CENTOS_RHSA-2009-1233.NASL", "CENTOS_RHSA-2009-1243.NASL", "CENTOS_RHSA-2009-1438.NASL", "CENTOS_RHSA-2009-1550.NASL", "DEBIAN_DSA-1436.NASL", "DEBIAN_DSA-1681.NASL", "DEBIAN_DSA-1687.NASL", "DEBIAN_DSA-1749.NASL", "DEBIAN_DSA-1787.NASL", "DEBIAN_DSA-1794.NASL", "DEBIAN_DSA-1800.NASL", "DEBIAN_DSA-1809.NASL", "DEBIAN_DSA-1844.NASL", "DEBIAN_DSA-1845.NASL", "DEBIAN_DSA-1862.NASL", "DEBIAN_DSA-1864.NASL", "DEBIAN_DSA-1865.NASL", "DEBIAN_DSA-1872.NASL", "DEBIAN_DSA-1928.NASL", "F5_BIGIP_SOL16479.NASL", "FEDORA_2009-0816.NASL", "FEDORA_2009-0923.NASL", "FEDORA_2009-10165.NASL", "FEDORA_2009-5356.NASL", "FEDORA_2009-5383.NASL", "FEDORA_2009-6768.NASL", "FEDORA_2009-6846.NASL", "FEDORA_2009-6883.NASL", "FEDORA_2009-8144.NASL", "FEDORA_2009-8264.NASL", "FEDORA_2009-8647.NASL", "FEDORA_2009-8649.NASL", "FEDORA_2009-9044.NASL", "MANDRIVA_MDVSA-2008-112.NASL", "MANDRIVA_MDVSA-2008-224.NASL", "MANDRIVA_MDVSA-2008-234.NASL", "MANDRIVA_MDVSA-2008-246.NASL", "MANDRIVA_MDVSA-2009-071.NASL", "MANDRIVA_MDVSA-2009-118.NASL", "MANDRIVA_MDVSA-2009-119.NASL", "MANDRIVA_MDVSA-2009-135.NASL", "MANDRIVA_MDVSA-2009-148.NASL", "MANDRIVA_MDVSA-2009-205.NASL", "MANDRIVA_MDVSA-2009-233.NASL", "MANDRIVA_MDVSA-2009-289.NASL", "ORACLELINUX_ELSA-2008-0972.NASL", "ORACLELINUX_ELSA-2009-0014.NASL", "ORACLELINUX_ELSA-2009-0264.NASL", "ORACLELINUX_ELSA-2009-0326.NASL", "ORACLELINUX_ELSA-2009-0331.NASL", "ORACLELINUX_ELSA-2009-0459.NASL", "ORACLELINUX_ELSA-2009-0473.NASL", "ORACLELINUX_ELSA-2009-1106.NASL", "ORACLELINUX_ELSA-2009-1132.NASL", "ORACLELINUX_ELSA-2009-1193.NASL", "ORACLELINUX_ELSA-2009-1211.NASL", "ORACLELINUX_ELSA-2009-1222.NASL", "ORACLELINUX_ELSA-2009-1223.NASL", "ORACLELINUX_ELSA-2009-1233.NASL", "ORACLELINUX_ELSA-2009-1438.NASL", "ORACLELINUX_ELSA-2009-1550.NASL", "ORACLEVM_OVMSA-2009-0004.NASL", "ORACLEVM_OVMSA-2009-0009.NASL", "ORACLEVM_OVMSA-2009-0014.NASL", "ORACLEVM_OVMSA-2009-0017.NASL", "ORACLEVM_OVMSA-2009-0023.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "REDHAT-RHSA-2008-0972.NASL", "REDHAT-RHSA-2009-0014.NASL", "REDHAT-RHSA-2009-0264.NASL", "REDHAT-RHSA-2009-0326.NASL", "REDHAT-RHSA-2009-0331.NASL", "REDHAT-RHSA-2009-0459.NASL", "REDHAT-RHSA-2009-0473.NASL", "REDHAT-RHSA-2009-1024.NASL", "REDHAT-RHSA-2009-1055.NASL", "REDHAT-RHSA-2009-1077.NASL", "REDHAT-RHSA-2009-1106.NASL", "REDHAT-RHSA-2009-1132.NASL", "REDHAT-RHSA-2009-1193.NASL", "REDHAT-RHSA-2009-1211.NASL", "REDHAT-RHSA-2009-1222.NASL", "REDHAT-RHSA-2009-1223.NASL", "REDHAT-RHSA-2009-1233.NASL", "REDHAT-RHSA-2009-1243.NASL", "REDHAT-RHSA-2009-1438.NASL", "REDHAT-RHSA-2009-1457.NASL", "REDHAT-RHSA-2009-1466.NASL", "REDHAT-RHSA-2009-1469.NASL", "REDHAT-RHSA-2009-1550.NASL", "REDHAT-RHSA-2010-0079.NASL", "SLACKWARE_SSA_2009-230-01.NASL", "SL_20081119_KERNEL_ON_SL4_X.NASL", "SL_20090114_KERNEL_ON_SL4_X.NASL", "SL_20090210_KERNEL_ON_SL5_X.NASL", "SL_20090312_KERNEL_ON_SL4_X.NASL", "SL_20090401_KERNEL_ON_SL5_X.NASL", "SL_20090430_KERNEL_ON_SL4_X.NASL", "SL_20090507_KERNEL_ON_SL5_X.NASL", "SL_20090616_KERNEL_ON_SL5_X.NASL", "SL_20090630_KERNEL_ON_SL4_X.NASL", "SL_20090808_KERNEL_FOR_SL_5_X.NASL", "SL_20090813_KERNEL_ON_SL4_X.NASL", "SL_20090824_KERNEL_ON_SL5_X.NASL", "SL_20090827_KERNEL_ON_SL3_X.NASL", "SL_20091103_KERNEL_ON_SL3_X.NASL", "SUSE9_12487.NASL", "SUSE9_12541.NASL", "SUSE9_12636.NASL", "SUSE_11_0_KERNEL-081022.NASL", "SUSE_11_0_KERNEL-090114.NASL", "SUSE_11_0_KERNEL-090602.NASL", "SUSE_11_0_KERNEL-090814.NASL", "SUSE_11_0_KERNEL-100203.NASL", "SUSE_11_1_KERNEL-090225.NASL", "SUSE_11_1_KERNEL-090401.NASL", "SUSE_11_1_KERNEL-090527.NASL", "SUSE_11_1_KERNEL-090709.NASL", "SUSE_11_1_KERNEL-090816.NASL", "SUSE_11_1_KERNEL-100709.NASL", "SUSE_11_2_KERNEL-100921.NASL", "SUSE_11_KERNEL-090402.NASL", "SUSE_11_KERNEL-090527.NASL", "SUSE_11_KERNEL-090704.NASL", "SUSE_11_KERNEL-090708.NASL", "SUSE_11_KERNEL-090709.NASL", "SUSE_11_KERNEL-090816.NASL", "SUSE_11_KERNEL-100709.NASL", "SUSE_KERNEL-4929.NASL", "SUSE_KERNEL-4935.NASL", "SUSE_KERNEL-4938.NASL", "SUSE_KERNEL-4941.NASL", "SUSE_KERNEL-4943.NASL", "SUSE_KERNEL-4970.NASL", "SUSE_KERNEL-5667.NASL", "SUSE_KERNEL-5668.NASL", "SUSE_KERNEL-5700.NASL", "SUSE_KERNEL-5734.NASL", "SUSE_KERNEL-5735.NASL", "SUSE_KERNEL-5751.NASL", "SUSE_KERNEL-5920.NASL", "SUSE_KERNEL-5924.NASL", "SUSE_KERNEL-5927.NASL", "SUSE_KERNEL-6109.NASL", "SUSE_KERNEL-6113.NASL", "SUSE_KERNEL-6236.NASL", "SUSE_KERNEL-6237.NASL", "SUSE_KERNEL-6274.NASL", "SUSE_KERNEL-6437.NASL", "SUSE_KERNEL-6439.NASL", "SUSE_KERNEL-6440.NASL", "SUSE_KERNEL-6453.NASL", "SUSE_KERNEL-6460.NASL", "SUSE_KERNEL-6632.NASL", "SUSE_KERNEL-6636.NASL", "SUSE_KERNEL-6637.NASL", "SUSE_KERNEL-6641.NASL", "UBUNTU_USN-574-1.NASL", "UBUNTU_USN-662-1.NASL", "UBUNTU_USN-679-1.NASL", "UBUNTU_USN-714-1.NASL", "UBUNTU_USN-715-1.NASL", "UBUNTU_USN-751-1.NASL", "UBUNTU_USN-752-1.NASL", "UBUNTU_USN-793-1.NASL", "UBUNTU_USN-807-1.NASL", "UBUNTU_USN-819-1.NASL", "UBUNTU_USN-852-1.NASL", "VMWARE_VMSA-2009-0016.NASL", "VMWARE_VMSA-2009-0016_REMOTE.NASL", "VMWARE_VMSA-2010-0010.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122448", "OPENVAS:1361412562310122454", "OPENVAS:1361412562310122460", "OPENVAS:1361412562310122474", "OPENVAS:1361412562310122489", "OPENVAS:1361412562310122501", "OPENVAS:1361412562310122516", "OPENVAS:136141256231063191", "OPENVAS:136141256231063224", "OPENVAS:136141256231063245", "OPENVAS:136141256231063250", "OPENVAS:136141256231063273", "OPENVAS:136141256231063287", "OPENVAS:136141256231063290", "OPENVAS:136141256231063317", "OPENVAS:136141256231063367", "OPENVAS:136141256231063467", "OPENVAS:136141256231063518", "OPENVAS:136141256231063522", "OPENVAS:136141256231063646", "OPENVAS:136141256231063681", "OPENVAS:136141256231063712", "OPENVAS:136141256231063752", "OPENVAS:136141256231063846", "OPENVAS:136141256231063902", "OPENVAS:136141256231063908", "OPENVAS:136141256231063911", "OPENVAS:136141256231063939", "OPENVAS:136141256231063946", "OPENVAS:136141256231063947", "OPENVAS:136141256231063959", "OPENVAS:136141256231063970", "OPENVAS:136141256231063978", "OPENVAS:136141256231064017", "OPENVAS:136141256231064023", "OPENVAS:136141256231064034", "OPENVAS:136141256231064067", "OPENVAS:136141256231064068", "OPENVAS:136141256231064074", "OPENVAS:136141256231064077", "OPENVAS:136141256231064111", "OPENVAS:136141256231064131", "OPENVAS:136141256231064187", "OPENVAS:136141256231064188", "OPENVAS:136141256231064189", "OPENVAS:136141256231064213", "OPENVAS:136141256231064220", "OPENVAS:136141256231064270", "OPENVAS:136141256231064289", "OPENVAS:136141256231064291", "OPENVAS:136141256231064296", "OPENVAS:136141256231064333", "OPENVAS:136141256231064376", "OPENVAS:136141256231064389", "OPENVAS:136141256231064483", "OPENVAS:136141256231064514", "OPENVAS:136141256231064551", "OPENVAS:136141256231064553", "OPENVAS:136141256231064555", "OPENVAS:136141256231064556", "OPENVAS:136141256231064588", "OPENVAS:136141256231064599", "OPENVAS:136141256231064668", "OPENVAS:136141256231064669", "OPENVAS:136141256231064671", "OPENVAS:136141256231064677", "OPENVAS:136141256231064703", "OPENVAS:136141256231064704", "OPENVAS:136141256231064707", "OPENVAS:136141256231064736", "OPENVAS:136141256231064745", "OPENVAS:136141256231064747", "OPENVAS:136141256231064748", "OPENVAS:136141256231064755", "OPENVAS:136141256231064761", "OPENVAS:136141256231064771", "OPENVAS:136141256231064791", "OPENVAS:136141256231064792", "OPENVAS:136141256231064794", "OPENVAS:136141256231064795", "OPENVAS:136141256231064796", "OPENVAS:136141256231064835", "OPENVAS:136141256231064906", "OPENVAS:136141256231064923", "OPENVAS:136141256231064929", "OPENVAS:136141256231064940", "OPENVAS:136141256231064943", "OPENVAS:136141256231064999", "OPENVAS:136141256231065259", "OPENVAS:136141256231065328", "OPENVAS:136141256231065354", "OPENVAS:136141256231065365", "OPENVAS:136141256231065617", "OPENVAS:136141256231065649", "OPENVAS:136141256231065670", "OPENVAS:136141256231065695", "OPENVAS:136141256231065709", "OPENVAS:136141256231065812", "OPENVAS:136141256231065814", "OPENVAS:136141256231065887", "OPENVAS:136141256231065909", "OPENVAS:136141256231065914", "OPENVAS:136141256231065924", "OPENVAS:136141256231066048", "OPENVAS:136141256231066124", "OPENVAS:136141256231066133", "OPENVAS:136141256231066178", "OPENVAS:136141256231066200", "OPENVAS:136141256231066202", "OPENVAS:136141256231066208", "OPENVAS:136141256231066217", "OPENVAS:136141256231066276", "OPENVAS:136141256231066280", "OPENVAS:136141256231066452", "OPENVAS:136141256231066509", "OPENVAS:136141256231066581", "OPENVAS:1361412562310830443", "OPENVAS:1361412562310830503", "OPENVAS:1361412562310830626", "OPENVAS:1361412562310830717", "OPENVAS:1361412562310830770", "OPENVAS:1361412562310831331", "OPENVAS:1361412562310850125", "OPENVAS:1361412562310850137", "OPENVAS:1361412562310850140", "OPENVAS:1361412562310850143", "OPENVAS:1361412562310861615", "OPENVAS:1361412562310861694", "OPENVAS:1361412562310861742", "OPENVAS:1361412562310870088", "OPENVAS:1361412562310880041", "OPENVAS:1361412562310880111", "OPENVAS:1361412562310880685", "OPENVAS:1361412562310880702", "OPENVAS:1361412562310880750", "OPENVAS:1361412562310880777", "OPENVAS:1361412562310880838", "OPENVAS:1361412562310880841", "OPENVAS:1361412562310880869", "OPENVAS:1361412562310880884", "OPENVAS:1361412562310880926", "OPENVAS:1361412562310880928", "OPENVAS:1361412562310880935", "OPENVAS:1361412562310880941", "OPENVAS:1361412562310880944", "OPENVAS:60047", "OPENVAS:62843", "OPENVAS:62957", "OPENVAS:63191", "OPENVAS:63224", "OPENVAS:63245", "OPENVAS:63250", "OPENVAS:63273", "OPENVAS:63287", "OPENVAS:63290", "OPENVAS:63309", "OPENVAS:63317", "OPENVAS:63367", "OPENVAS:63467", "OPENVAS:63518", "OPENVAS:63522", "OPENVAS:63562", "OPENVAS:63563", "OPENVAS:63646", "OPENVAS:63681", "OPENVAS:63712", "OPENVAS:63752", "OPENVAS:63811", "OPENVAS:63812", "OPENVAS:63846", "OPENVAS:63902", "OPENVAS:63908", "OPENVAS:63911", "OPENVAS:63939", "OPENVAS:63946", "OPENVAS:63947", "OPENVAS:63959", "OPENVAS:63970", "OPENVAS:63978", "OPENVAS:64017", "OPENVAS:64023", "OPENVAS:64034", "OPENVAS:64067", "OPENVAS:64068", "OPENVAS:64074", "OPENVAS:64077", "OPENVAS:64111", "OPENVAS:64131", "OPENVAS:64164", "OPENVAS:64175", "OPENVAS:64187", "OPENVAS:64188", "OPENVAS:64189", "OPENVAS:64213", "OPENVAS:64220", "OPENVAS:64270", "OPENVAS:64289", "OPENVAS:64291", "OPENVAS:64296", "OPENVAS:64333", "OPENVAS:64376", "OPENVAS:64389", "OPENVAS:64483", "OPENVAS:64514", "OPENVAS:64551", "OPENVAS:64553", "OPENVAS:64555", "OPENVAS:64556", "OPENVAS:64588", "OPENVAS:64599", "OPENVAS:64668", "OPENVAS:64669", "OPENVAS:64671", "OPENVAS:64677", "OPENVAS:64703", "OPENVAS:64704", "OPENVAS:64707", "OPENVAS:64736", "OPENVAS:64745", "OPENVAS:64747", "OPENVAS:64748", "OPENVAS:64755", "OPENVAS:64761", "OPENVAS:64771", "OPENVAS:64791", "OPENVAS:64792", "OPENVAS:64794", "OPENVAS:64795", "OPENVAS:64796", "OPENVAS:64835", "OPENVAS:64906", "OPENVAS:64923", "OPENVAS:64929", "OPENVAS:64940", "OPENVAS:64943", "OPENVAS:64999", "OPENVAS:65259", "OPENVAS:65328", "OPENVAS:65354", "OPENVAS:65365", "OPENVAS:65617", "OPENVAS:65649", "OPENVAS:65670", "OPENVAS:65695", "OPENVAS:65709", "OPENVAS:65812", "OPENVAS:65814", "OPENVAS:65887", "OPENVAS:65909", "OPENVAS:65914", "OPENVAS:65924", "OPENVAS:66048", "OPENVAS:66124", "OPENVAS:66133", "OPENVAS:66178", "OPENVAS:66200", "OPENVAS:66202", "OPENVAS:66208", "OPENVAS:66217", "OPENVAS:66276", "OPENVAS:66280", "OPENVAS:66452", "OPENVAS:66509", "OPENVAS:66581", "OPENVAS:830443", "OPENVAS:830503", "OPENVAS:830626", "OPENVAS:830717", "OPENVAS:830770", "OPENVAS:831331", "OPENVAS:840288", "OPENVAS:840296", "OPENVAS:840307", "OPENVAS:850001", "OPENVAS:850005", "OPENVAS:850035", "OPENVAS:850045", "OPENVAS:850125", "OPENVAS:850137", "OPENVAS:850140", "OPENVAS:850143", "OPENVAS:860598", "OPENVAS:861615", "OPENVAS:861694", "OPENVAS:861742", "OPENVAS:870088", "OPENVAS:880041", "OPENVAS:880111", "OPENVAS:880685", "OPENVAS:880702", "OPENVAS:880750", "OPENVAS:880777", "OPENVAS:880838", "OPENVAS:880841", "OPENVAS:880869", "OPENVAS:880884", "OPENVAS:880926", "OPENVAS:880928", "OPENVAS:880935", "OPENVAS:880941", "OPENVAS:880944"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0972", "ELSA-2009-0014", "ELSA-2009-0264", "ELSA-2009-0326", "ELSA-2009-0331", "ELSA-2009-0459", "ELSA-2009-0473", "ELSA-2009-1024", "ELSA-2009-1106", "ELSA-2009-1132", "ELSA-2009-1193", "ELSA-2009-1211", "ELSA-2009-1222", "ELSA-2009-1223", "ELSA-2009-1233", "ELSA-2009-1438", "ELSA-2009-1550"]}, {"type": "osv", "idList": ["OSV:DSA-1436-1", "OSV:DSA-1681-1", "OSV:DSA-1687-1", "OSV:DSA-1749-1", "OSV:DSA-1787-1", "OSV:DSA-1794-1", "OSV:DSA-1800-1", "OSV:DSA-1809-1", "OSV:DSA-1844-1", "OSV:DSA-1845-1", "OSV:DSA-1862-1", "OSV:DSA-1864-1", "OSV:DSA-1865-1", "OSV:DSA-1872-1", "OSV:DSA-1928-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:114856", "PACKETSTORM:76444"]}, {"type": "redhat", "idList": ["RHSA-2008:0585", "RHSA-2008:0972", "RHSA-2009:0009", "RHSA-2009:0014", "RHSA-2009:0053", "RHSA-2009:0264", "RHSA-2009:0326", "RHSA-2009:0331", "RHSA-2009:0360", "RHSA-2009:0451", "RHSA-2009:0459", "RHSA-2009:0473", "RHSA-2009:1024", "RHSA-2009:1055", "RHSA-2009:1077", "RHSA-2009:1081", "RHSA-2009:1106", "RHSA-2009:1132", "RHSA-2009:1157", "RHSA-2009:1193", "RHSA-2009:1211", "RHSA-2009:1222", "RHSA-2009:1223", "RHSA-2009:1233", "RHSA-2009:1239", "RHSA-2009:1243", "RHSA-2009:1438", "RHSA-2009:1457", "RHSA-2009:1466", "RHSA-2009:1469", "RHSA-2009:1550", "RHSA-2010:0079"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18707", "SECURITYVULNS:DOC:20820", "SECURITYVULNS:DOC:20907", "SECURITYVULNS:DOC:21097", "SECURITYVULNS:DOC:21457", "SECURITYVULNS:DOC:21767", "SECURITYVULNS:DOC:21930", "SECURITYVULNS:DOC:22139", "SECURITYVULNS:DOC:22217", "SECURITYVULNS:DOC:22367", "SECURITYVULNS:DOC:28783", "SECURITYVULNS:VULN:10000", "SECURITYVULNS:VULN:10053", "SECURITYVULNS:VULN:10084", "SECURITYVULNS:VULN:10108", "SECURITYVULNS:VULN:10150", "SECURITYVULNS:VULN:10177", "SECURITYVULNS:VULN:8468", "SECURITYVULNS:VULN:8485", "SECURITYVULNS:VULN:9409", "SECURITYVULNS:VULN:9453", "SECURITYVULNS:VULN:9488", "SECURITYVULNS:VULN:9633", "SECURITYVULNS:VULN:9731", "SECURITYVULNS:VULN:9889", "SECURITYVULNS:VULN:9955"]}, {"type": "seebug", "idList": ["SSV:11119", "SSV:11265", "SSV:11320", "SSV:11333", "SSV:11527", "SSV:11599", "SSV:11761", "SSV:12073", "SSV:12088", "SSV:12103", "SSV:12131", "SSV:12160", "SSV:12191", "SSV:12192", "SSV:4459", "SSV:4600", "SSV:4815", "SSV:4817", "SSV:4840", "SSV:4841", "SSV:5116", "SSV:66827", "SSV:66828", "SSV:66851", "SSV:66860", "SSV:66861"]}, {"type": "slackware", "idList": ["SSA-2009-230-01"]}, {"type": "suse", "idList": ["SUSE-SA:2008:006", "SUSE-SA:2008:051", "SUSE-SA:2008:052", "SUSE-SA:2008:053", "SUSE-SA:2008:056", "SUSE-SA:2008:057", "SUSE-SA:2009:003", "SUSE-SA:2009:004", "SUSE-SA:2009:008", "SUSE-SA:2009:010", "SUSE-SA:2009:015", "SUSE-SA:2009:017", "SUSE-SA:2009:021", "SUSE-SA:2009:028", "SUSE-SA:2009:030", "SUSE-SA:2009:031", "SUSE-SA:2009:032", "SUSE-SA:2009:033", "SUSE-SA:2009:038", "SUSE-SA:2009:045", "SUSE-SA:2009:046", "SUSE-SA:2009:054", "SUSE-SA:2009:055", "SUSE-SA:2009:056", "SUSE-SA:2010:012", "SUSE-SA:2010:031", "SUSE-SA:2010:036", "SUSE-SA:2010:046"]}, {"type": "ubuntu", "idList": ["USN-574-1", "USN-662-1", "USN-679-1", "USN-714-1", "USN-715-1", "USN-751-1", "USN-752-1", "USN-793-1", "USN-807-1", "USN-819-1", "USN-852-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-3719", "UB:CVE-2007-5966", "UB:CVE-2008-3528", "UB:CVE-2008-4933", "UB:CVE-2008-4934", "UB:CVE-2008-5025", "UB:CVE-2008-5700", "UB:CVE-2008-5713", "UB:CVE-2009-0028", "UB:CVE-2009-0031", "UB:CVE-2009-0065", "UB:CVE-2009-0269", "UB:CVE-2009-0675", "UB:CVE-2009-0676", "UB:CVE-2009-0745", "UB:CVE-2009-0746", "UB:CVE-2009-0747", "UB:CVE-2009-0748", "UB:CVE-2009-0834", "UB:CVE-2009-1072", "UB:CVE-2009-1192", "UB:CVE-2009-1337", "UB:CVE-2009-1385", "UB:CVE-2009-1388", "UB:CVE-2009-1389", "UB:CVE-2009-1439", "UB:CVE-2009-1630", "UB:CVE-2009-1633", "UB:CVE-2009-1897", "UB:CVE-2009-2406", "UB:CVE-2009-2407", "UB:CVE-2009-2692", "UB:CVE-2009-2698", "UB:CVE-2009-2847", "UB:CVE-2009-2848", "UB:CVE-2009-4536", "UB:CVE-2009-4537"]}, {"type": "veracode", "idList": ["VERACODE:23510", "VERACODE:23525", "VERACODE:23526", "VERACODE:23548", "VERACODE:23549", "VERACODE:23552", "VERACODE:23571", "VERACODE:23572", "VERACODE:23573", "VERACODE:23574", "VERACODE:23575", "VERACODE:23612", "VERACODE:23614", "VERACODE:23703", "VERACODE:23704", "VERACODE:23705", "VERACODE:23706", "VERACODE:23707", "VERACODE:23730", "VERACODE:23731", "VERACODE:23748", "VERACODE:23749", "VERACODE:23751", "VERACODE:23752", "VERACODE:23765", "VERACODE:23766", "VERACODE:23767", "VERACODE:23768", "VERACODE:23769", "VERACODE:23770", "VERACODE:23778", "VERACODE:23792"]}, {"type": "vmware", "idList": ["VMSA-2009-0016", "VMSA-2009-0016.6", "VMSA-2010-0010"]}]}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "android", "idList": ["ANDROID:SOCK_SENDPAGE"]}, {"type": "canvas", "idList": ["PROCFS"]}, {"type": "centos", "idList": ["CESA-2008:0972", "CESA-2009:0014", "CESA-2009:0326", "CESA-2009:0331", "CESA-2009:0459", "CESA-2009:0473", "CESA-2009:1106", "CESA-2009:1193", "CESA-2009:1222", "CESA-2009:1223", "CESA-2009:1233", "CESA-2009:1243", "CESA-2009:1438", "CESA-2009:1550"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2009-340"]}, {"type": "checkpoint_security", "idList": ["CPS:SK42420", "CPS:SK42600"]}, {"type": "cve", "idList": ["CVE-2007-3719", "CVE-2007-5966"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1864-1:B2834"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-3719"]}, {"type": "exploitdb", "idList": ["EDB-ID:9574"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C73358FA43F9D0458E66661B68108C1D"]}, {"type": "f5", "idList": ["SOL10772", "SOL16349", "SOL16351"]}, {"type": "fedora", "idList": ["FEDORA:F394810F8A0"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2009-0028/", "MSF:ILITIES/SUSE-CVE-2009-0028/", "MSF:ILITIES/VMSA-2009-0016-5-UPDATED-SERVICE-CONSOLE-PACKAGE-KERNEL-CVE-2009-0028/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-1106.NASL", "DEBIAN_DSA-1794.NASL", "DEBIAN_DSA-1928.NASL", "FEDORA_2009-0816.NASL", "MANDRIVA_MDVSA-2009-135.NASL", "MANDRIVA_MDVSA-2009-205.NASL", "ORACLELINUX_ELSA-2009-1193.NASL", "ORACLEVM_OVMSA-2009-0009.NASL", "ORACLEVM_OVMSA-2009-0014.NASL", "ORACLEVM_OVMSA-2009-0017.NASL", "ORACLEVM_OVMSA-2009-0023.NASL", "REDHAT-RHSA-2009-0331.NASL", "SUSE9_12487.NASL", "SUSE_KERNEL-5700.NASL", "SUSE_KERNEL-5924.NASL", "SUSE_KERNEL-6453.NASL", "UBUNTU_USN-752-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063317", "OPENVAS:136141256231064333", "OPENVAS:136141256231064555", "OPENVAS:136141256231064677", "OPENVAS:136141256231064704", "OPENVAS:136141256231064940", "OPENVAS:136141256231065259", "OPENVAS:136141256231065365", "OPENVAS:136141256231066178", "OPENVAS:1361412562310880941", "OPENVAS:63287", "OPENVAS:63518", "OPENVAS:63812", "OPENVAS:64220", "OPENVAS:64333", "OPENVAS:64796", "OPENVAS:64906", "OPENVAS:65328", "OPENVAS:66452", "OPENVAS:830770", "OPENVAS:840288", "OPENVAS:861742", "OPENVAS:880941"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0972", "ELSA-2009-0014", "ELSA-2009-0264", "ELSA-2009-0331", "ELSA-2009-0459", "ELSA-2009-1106", "ELSA-2009-1132", "ELSA-2009-1193", "ELSA-2009-1211", "ELSA-2009-1222", "ELSA-2009-1438", "ELSA-2009-1550"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:114856"]}, {"type": "redhat", "idList": ["RHSA-2008:0972", "RHSA-2009:0014", "RHSA-2009:0264", "RHSA-2009:0331", "RHSA-2009:1024", "RHSA-2009:1077", "RHSA-2009:1106", "RHSA-2009:1132", "RHSA-2009:1193", "RHSA-2009:1211", "RHSA-2009:1243", "RHSA-2009:1438", "RHSA-2009:1550"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8468"]}, {"type": "seebug", "idList": ["SSV:12088", "SSV:4817", "SSV:4840", "SSV:4841"]}, {"type": "slackware", "idList": ["SSA-2009-230-01"]}, {"type": "suse", "idList": ["SUSE-SA:2008:006", "SUSE-SA:2009:008", "SUSE-SA:2009:038"]}, {"type": "ubuntu", "idList": ["USN-751-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-3719", "UB:CVE-2008-5025", "UB:CVE-2009-0028", "UB:CVE-2009-0269", "UB:CVE-2009-0675", "UB:CVE-2009-1630", "UB:CVE-2009-1897", "UB:CVE-2009-2407"]}, {"type": "vmware", "idList": ["VMSA-2010-0010"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2009-2692", "epss": "0.000580000", "percentile": "0.220290000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1385", "epss": "0.137830000", "percentile": "0.947160000", "modified": "2023-03-13"}, {"cve": "CVE-2008-5700", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2008-3528", "epss": "0.001230000", "percentile": "0.449160000", "modified": "2023-03-13"}, {"cve": "CVE-2008-5713", "epss": "0.000430000", "percentile": "0.076170000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0675", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0747", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0746", "epss": "0.000420000", "percentile": "0.004990000", "modified": "2023-03-13"}, {"cve": "CVE-2009-2698", "epss": "0.000480000", "percentile": "0.150860000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0028", "epss": "0.000420000", "percentile": "0.004990000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1072", "epss": "0.968890000", "percentile": "0.994730000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0676", "epss": "0.000420000", "percentile": "0.004990000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1192", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2008-5025", "epss": "0.002510000", "percentile": "0.612330000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0065", "epss": "0.950790000", "percentile": "0.988290000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0745", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2009-2407", "epss": "0.000440000", "percentile": "0.082990000", "modified": "2023-03-13"}, {"cve": "CVE-2008-4933", "epss": "0.002850000", "percentile": "0.637430000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1337", "epss": "0.000420000", "percentile": "0.004990000", "modified": "2023-03-13"}, {"cve": "CVE-2007-5966", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1388", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0269", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1389", "epss": "0.126830000", "percentile": "0.945390000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0834", "epss": "0.000460000", "percentile": "0.127290000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1633", "epss": "0.002520000", "percentile": "0.612520000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0748", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2009-0031", "epss": "0.000440000", "percentile": "0.082320000", "modified": "2023-03-13"}, {"cve": "CVE-2009-2406", "epss": "0.000440000", "percentile": "0.082990000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1439", "epss": "0.140220000", "percentile": "0.947700000", "modified": "2023-03-13"}, {"cve": "CVE-2009-2848", "epss": "0.000520000", "percentile": "0.181060000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1897", "epss": "0.000420000", "percentile": "0.056950000", "modified": "2023-03-13"}, {"cve": "CVE-2007-3719", "epss": "0.000420000", "percentile": "0.056400000", "modified": "2023-03-13"}, {"cve": "CVE-2008-4934", "epss": "0.002310000", "percentile": "0.594150000", "modified": "2023-03-13"}, {"cve": "CVE-2009-1630", "epss": "0.000530000", "percentile": "0.192350000", "modified": "2023-03-13"}, {"cve": "CVE-2009-2847", "epss": "0.000420000", "percentile": "0.004990000", "modified": "2023-03-13"}], "vulnersScore": -0.2}, "affectedSoftware": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660012827, "score": 1659984668, "epss": 1678780633}, "_internal": {"score_hash": "81bf529b569520d6f1a327dea940636a"}}

{"nessus": [{"lastseen": "2023-01-11T14:50:57", "description": "Updated kernel packages that resolve several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service.\n(CVE-2009-0031, Important)\n\n* a buffer overflow in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important)\n\n* a flaw when handling heavy network traffic on an SMP system with many cores. An attacker who could send a large amount of network traffic could create a denial of service. (CVE-2008-5713, Important)\n\n* the code for the HFS and HFS Plus (HFS+) file systems failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the HFS Plus (HFS+) file system implementation.\nThis could, potentially, lead to a local denial of service when write operations are performed. (CVE-2008-4934, Low)\n\nIn addition, these updated packages fix the following bugs :\n\n* when using the nfsd daemon in a clustered setup, kernel panics appeared seemingly at random. These panics were caused by a race condition in the device-mapper mirror target.\n\n* the clock_gettime(CLOCK_THREAD_CPUTIME_ID, ) syscall returned a smaller timespec value than the result of previous clock_gettime() function execution, which resulted in a negative, and nonsensical, elapsed time value.\n\n* nfs_create_rpc_client was called with a 'flavor' parameter which was usually ignored and ended up unconditionally creating the RPC client with an AUTH_UNIX flavor. This caused problems on AUTH_GSS mounts when the credentials needed to be refreshed. The credops did not match the authorization type, which resulted in the credops dereferencing an incorrect part of the AUTH_UNIX rpc_auth struct.\n\n* when copy_user_c terminated prematurely due to reading beyond the end of the user buffer and the kernel jumped to the exception table entry, the rsi register was not cleared. This resulted in exiting back to user code with garbage in the rsi register.\n\n* the hexdump data in s390dbf traces was incomplete. The length of the data traced was incorrect and the SAN payload was read from a different place then it was written to.\n\n* when using connected mode (CM) in IPoIB on ehca2 hardware, it was not possible to transmit any data.\n\n* when an application called fork() and pthread_create() many times and, at some point, a thread forked a child and then attempted to call the setpgid() function, then this function failed and returned and ESRCH error value.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. Note: for this update to take effect, the system must be rebooted.", "cvss3": {}, "published": "2009-02-12T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2009:0264)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5713", "CVE-2009-0031", "CVE-2009-0065"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0264.NASL", "href": "https://www.tenable.com/plugins/nessus/35645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0264. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35645);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5713\", \"CVE-2009-0031\", \"CVE-2009-0065\");\n script_bugtraq_id(32093, 32289, 33113);\n script_xref(name:\"RHSA\", value:\"2009:0264\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:0264)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that resolve several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* a memory leak in keyctl handling. A local user could use this flaw\nto deplete kernel memory, eventually leading to a denial of service.\n(CVE-2009-0031, Important)\n\n* a buffer overflow in the Linux kernel Partial Reliable Stream\nControl Transmission Protocol (PR-SCTP) implementation. This could,\npotentially, lead to a denial of service if a Forward-TSN chunk is\nreceived with a large stream ID. (CVE-2009-0065, Important)\n\n* a flaw when handling heavy network traffic on an SMP system with\nmany cores. An attacker who could send a large amount of network\ntraffic could create a denial of service. (CVE-2008-5713, Important)\n\n* the code for the HFS and HFS Plus (HFS+) file systems failed to\nproperly handle corrupted data structures. This could, potentially,\nlead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the HFS Plus (HFS+) file system implementation.\nThis could, potentially, lead to a local denial of service when write\noperations are performed. (CVE-2008-4934, Low)\n\nIn addition, these updated packages fix the following bugs :\n\n* when using the nfsd daemon in a clustered setup, kernel panics\nappeared seemingly at random. These panics were caused by a race\ncondition in the device-mapper mirror target.\n\n* the clock_gettime(CLOCK_THREAD_CPUTIME_ID, ) syscall returned a\nsmaller timespec value than the result of previous clock_gettime()\nfunction execution, which resulted in a negative, and nonsensical,\nelapsed time value.\n\n* nfs_create_rpc_client was called with a 'flavor' parameter which was\nusually ignored and ended up unconditionally creating the RPC client\nwith an AUTH_UNIX flavor. This caused problems on AUTH_GSS mounts when\nthe credentials needed to be refreshed. The credops did not match the\nauthorization type, which resulted in the credops dereferencing an\nincorrect part of the AUTH_UNIX rpc_auth struct.\n\n* when copy_user_c terminated prematurely due to reading beyond the\nend of the user buffer and the kernel jumped to the exception table\nentry, the rsi register was not cleared. This resulted in exiting back\nto user code with garbage in the rsi register.\n\n* the hexdump data in s390dbf traces was incomplete. The length of the\ndata traced was incorrect and the SAN payload was read from a\ndifferent place then it was written to.\n\n* when using connected mode (CM) in IPoIB on ehca2 hardware, it was\nnot possible to transmit any data.\n\n* when an application called fork() and pthread_create() many times\nand, at some point, a thread forked a child and then attempted to call\nthe setpgid() function, then this function failed and returned and\nESRCH error value.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: for this update to\ntake effect, the system must be rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0264\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5713\", \"CVE-2009-0031\", \"CVE-2009-0065\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:0264\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0264\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.1.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.1.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:56:27", "description": "From Red Hat Security Advisory 2009:0264 :\n\nUpdated kernel packages that resolve several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service.\n(CVE-2009-0031, Important)\n\n* a buffer overflow in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important)\n\n* a flaw when handling heavy network traffic on an SMP system with many cores. An attacker who could send a large amount of network traffic could create a denial of service. (CVE-2008-5713, Important)\n\n* the code for the HFS and HFS Plus (HFS+) file systems failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the HFS Plus (HFS+) file system implementation.\nThis could, potentially, lead to a local denial of service when write operations are performed. (CVE-2008-4934, Low)\n\nIn addition, these updated packages fix the following bugs :\n\n* when using the nfsd daemon in a clustered setup, kernel panics appeared seemingly at random. These panics were caused by a race condition in the device-mapper mirror target.\n\n* the clock_gettime(CLOCK_THREAD_CPUTIME_ID, ) syscall returned a smaller timespec value than the result of previous clock_gettime() function execution, which resulted in a negative, and nonsensical, elapsed time value.\n\n* nfs_create_rpc_client was called with a 'flavor' parameter which was usually ignored and ended up unconditionally creating the RPC client with an AUTH_UNIX flavor. This caused problems on AUTH_GSS mounts when the credentials needed to be refreshed. The credops did not match the authorization type, which resulted in the credops dereferencing an incorrect part of the AUTH_UNIX rpc_auth struct.\n\n* when copy_user_c terminated prematurely due to reading beyond the end of the user buffer and the kernel jumped to the exception table entry, the rsi register was not cleared. This resulted in exiting back to user code with garbage in the rsi register.\n\n* the hexdump data in s390dbf traces was incomplete. The length of the data traced was incorrect and the SAN payload was read from a different place then it was written to.\n\n* when using connected mode (CM) in IPoIB on ehca2 hardware, it was not possible to transmit any data.\n\n* when an application called fork() and pthread_create() many times and, at some point, a thread forked a child and then attempted to call the setpgid() function, then this function failed and returned and ESRCH error value.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. Note: for this update to take effect, the system must be rebooted.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2009-0264)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5713", "CVE-2009-0031", "CVE-2009-0065"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-0264.NASL", "href": "https://www.tenable.com/plugins/nessus/67800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0264 and \n# Oracle Linux Security Advisory ELSA-2009-0264 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67800);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5713\", \"CVE-2009-0031\", \"CVE-2009-0065\");\n script_bugtraq_id(32093, 32289, 33113);\n script_xref(name:\"RHSA\", value:\"2009:0264\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2009-0264)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0264 :\n\nUpdated kernel packages that resolve several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* a memory leak in keyctl handling. A local user could use this flaw\nto deplete kernel memory, eventually leading to a denial of service.\n(CVE-2009-0031, Important)\n\n* a buffer overflow in the Linux kernel Partial Reliable Stream\nControl Transmission Protocol (PR-SCTP) implementation. This could,\npotentially, lead to a denial of service if a Forward-TSN chunk is\nreceived with a large stream ID. (CVE-2009-0065, Important)\n\n* a flaw when handling heavy network traffic on an SMP system with\nmany cores. An attacker who could send a large amount of network\ntraffic could create a denial of service. (CVE-2008-5713, Important)\n\n* the code for the HFS and HFS Plus (HFS+) file systems failed to\nproperly handle corrupted data structures. This could, potentially,\nlead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n* a flaw was found in the HFS Plus (HFS+) file system implementation.\nThis could, potentially, lead to a local denial of service when write\noperations are performed. (CVE-2008-4934, Low)\n\nIn addition, these updated packages fix the following bugs :\n\n* when using the nfsd daemon in a clustered setup, kernel panics\nappeared seemingly at random. These panics were caused by a race\ncondition in the device-mapper mirror target.\n\n* the clock_gettime(CLOCK_THREAD_CPUTIME_ID, ) syscall returned a\nsmaller timespec value than the result of previous clock_gettime()\nfunction execution, which resulted in a negative, and nonsensical,\nelapsed time value.\n\n* nfs_create_rpc_client was called with a 'flavor' parameter which was\nusually ignored and ended up unconditionally creating the RPC client\nwith an AUTH_UNIX flavor. This caused problems on AUTH_GSS mounts when\nthe credentials needed to be refreshed. The credops did not match the\nauthorization type, which resulted in the credops dereferencing an\nincorrect part of the AUTH_UNIX rpc_auth struct.\n\n* when copy_user_c terminated prematurely due to reading beyond the\nend of the user buffer and the kernel jumped to the exception table\nentry, the rsi register was not cleared. This resulted in exiting back\nto user code with garbage in the rsi register.\n\n* the hexdump data in s390dbf traces was incomplete. The length of the\ndata traced was incorrect and the SAN payload was read from a\ndifferent place then it was written to.\n\n* when using connected mode (CM) in IPoIB on ehca2 hardware, it was\nnot possible to transmit any data.\n\n* when an application called fork() and pthread_create() many times\nand, at some point, a thread forked a child and then attempted to call\nthe setpgid() function, then this function failed and returned and\nESRCH error value.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: for this update to\ntake effect, the system must be rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-February/000886.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5713\", \"CVE-2009-0031\", \"CVE-2009-0065\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2009-0264\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-128.1.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-128.1.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-128.1.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-128.1.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-128.1.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-128.1.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-128.1.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-128.1.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:11:42", "description": "This kernel update for openSUSE 10.3 fixes some bugs and several security problems.\n\nThe following security issues are fixed: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges.\n\nCVE-2009-2406: A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible of ecryptfs is in use.\n\nCVE-2009-2407: A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible of ecryptfs is in use.\n\nThe compiler option -fno-delete-null-pointer-checks was added to the kernel build, and the -fwrapv compiler option usage was fixed to be used everywhere. This works around the compiler removing checks too aggressively.\n\nCVE-2009-1389: A crash in the r8169 driver when receiving large packets was fixed. This is probably exploitable only in the local network.\n\nCVE-2009-0676: A memory disclosure via the SO_BSDCOMPAT socket option was fixed.\n\nCVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the NFS client implementation when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.\n\nrandom: make get_random_int() was made more random to enhance ASLR protection.", "cvss3": {}, "published": "2009-10-06T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : kernel (kernel-6440)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0676", "CVE-2009-1389", "CVE-2009-1630", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-bigsmp", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xenpae", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_KERNEL-6440.NASL", "href": "https://www.tenable.com/plugins/nessus/42009", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-6440.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42009);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0676\", \"CVE-2009-1389\", \"CVE-2009-1630\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2692\");\n\n script_name(english:\"openSUSE 10 Security Update : kernel (kernel-6440)\");\n script_summary(english:\"Check for the kernel-6440 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for openSUSE 10.3 fixes some bugs and several\nsecurity problems.\n\nThe following security issues are fixed: CVE-2009-2692: A missing NULL\npointer check in the socket sendpage function can be used by local\nattackers to gain root privileges.\n\nCVE-2009-2406: A kernel stack overflow when mounting eCryptfs\nfilesystems in parse_tag_11_packet() was fixed. Code execution might\nbe possible of ecryptfs is in use.\n\nCVE-2009-2407: A kernel heap overflow when mounting eCryptfs\nfilesystems in parse_tag_3_packet() was fixed. Code execution might be\npossible of ecryptfs is in use.\n\nThe compiler option -fno-delete-null-pointer-checks was added to the\nkernel build, and the -fwrapv compiler option usage was fixed to be\nused everywhere. This works around the compiler removing checks too\naggressively.\n\nCVE-2009-1389: A crash in the r8169 driver when receiving large\npackets was fixed. This is probably exploitable only in the local\nnetwork.\n\nCVE-2009-0676: A memory disclosure via the SO_BSDCOMPAT socket option\nwas fixed.\n\nCVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the NFS\nclient implementation when atomic_open is available, does not check\nexecute (aka EXEC or MAY_EXEC) permission bits, which allows local\nusers to bypass permissions and execute files, as demonstrated by\nfiles on an NFSv4 fileserver.\n\nrandom: make get_random_int() was made more random to enhance ASLR\nprotection.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xenpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-bigsmp-2.6.22.19-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-debug-2.6.22.19-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-default-2.6.22.19-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-source-2.6.22.19-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-syms-2.6.22.19-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-xen-2.6.22.19-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"kernel-xenpae-2.6.22.19-0.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-bigsmp / kernel-debug / kernel-default / kernel-source / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:11:16", "description": "Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated packages fix the following security issues :\n\n* it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important)\n\n* a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak.\n(CVE-2009-2847, Moderate)\n\n* a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially crafted ext4 file system.\n(CVE-2009-0745, Low)\n\n* multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low)\n\nThese updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Release_Notes/\n\nAlso, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Technical_Notes/kernel.html\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2009:1243)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-2847", "CVE-2009-2848"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2009-1243.NASL", "href": "https://www.tenable.com/plugins/nessus/40835", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1243. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40835);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-2847\", \"CVE-2009-2848\");\n script_bugtraq_id(35930);\n script_xref(name:\"RHSA\", value:\"2009:1243\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:1243)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix security issues, address several\nhundred bugs and add numerous enhancements are now available as part\nof the ongoing support and maintenance of Red Hat Enterprise Linux\nversion 5. This is the fourth regular update.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues :\n\n* it was discovered that, when executing a new process, the\nclear_child_tid pointer in the Linux kernel is not cleared. If this\npointer points to a writable portion of the memory of the new program,\nthe kernel could corrupt four bytes of memory, possibly leading to a\nlocal denial of service or privilege escalation. (CVE-2009-2848,\nImportant)\n\n* a flaw was found in the way the do_sigaltstack() function in the\nLinux kernel copies the stack_t structure to user-space. On 64-bit\nmachines, this flaw could lead to a four-byte information leak.\n(CVE-2009-2847, Moderate)\n\n* a flaw was found in the ext4 file system code. A local attacker\ncould use this flaw to cause a denial of service by performing a\nresize operation on a specially crafted ext4 file system.\n(CVE-2009-0745, Low)\n\n* multiple flaws were found in the ext4 file system code. A local\nattacker could use these flaws to cause a denial of service by\nmounting a specially crafted ext4 file system. (CVE-2009-0746,\nCVE-2009-0747, CVE-2009-0748, Low)\n\nThese updated packages also include several hundred bug fixes for and\nenhancements to the Linux kernel. Space precludes documenting each of\nthese changes in this advisory and users are directed to the Red Hat\nEnterprise Linux 5.4 Release Notes for information on the most\nsignificant of these changes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/\nRelease_Notes/\n\nAlso, for details concerning every bug fixed in and every enhancement\nadded to the kernel for this release, see the kernel chapter in the\nRed Hat Enterprise Linux 5.4 Technical Notes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/\nTechnical_Notes/kernel.html\n\nAll Red Hat Enterprise Linux 5 users are advised to install these\nupdated packages, which address these vulnerabilities as well as\nfixing the bugs and adding the enhancements noted in the Red Hat\nEnterprise Linux 5.4 Release Notes and Technical Notes. The system\nmust be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2848\"\n );\n # http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1243\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-2847\", \"CVE-2009-2848\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:1243\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1243\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-164.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-164.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 5.9, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-11T14:58:34", "description": "Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated packages fix the following security issues :\n\n* it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important)\n\n* a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak.\n(CVE-2009-2847, Moderate)\n\n* a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially crafted ext4 file system.\n(CVE-2009-0745, Low)\n\n* multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low)\n\nThese updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Release_Notes/\n\nAlso, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/ Technical_Notes/kernel.html\n\nAll Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2009:1243)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-2847", "CVE-2009-2848"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1243.NASL", "href": "https://www.tenable.com/plugins/nessus/43779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1243 and \n# CentOS Errata and Security Advisory 2009:1243 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43779);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-2847\", \"CVE-2009-2848\");\n script_bugtraq_id(35930);\n script_xref(name:\"RHSA\", value:\"2009:1243\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2009:1243)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix security issues, address several\nhundred bugs and add numerous enhancements are now available as part\nof the ongoing support and maintenance of Red Hat Enterprise Linux\nversion 5. This is the fourth regular update.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated packages fix the following security issues :\n\n* it was discovered that, when executing a new process, the\nclear_child_tid pointer in the Linux kernel is not cleared. If this\npointer points to a writable portion of the memory of the new program,\nthe kernel could corrupt four bytes of memory, possibly leading to a\nlocal denial of service or privilege escalation. (CVE-2009-2848,\nImportant)\n\n* a flaw was found in the way the do_sigaltstack() function in the\nLinux kernel copies the stack_t structure to user-space. On 64-bit\nmachines, this flaw could lead to a four-byte information leak.\n(CVE-2009-2847, Moderate)\n\n* a flaw was found in the ext4 file system code. A local attacker\ncould use this flaw to cause a denial of service by performing a\nresize operation on a specially crafted ext4 file system.\n(CVE-2009-0745, Low)\n\n* multiple flaws were found in the ext4 file system code. A local\nattacker could use these flaws to cause a denial of service by\nmounting a specially crafted ext4 file system. (CVE-2009-0746,\nCVE-2009-0747, CVE-2009-0748, Low)\n\nThese updated packages also include several hundred bug fixes for and\nenhancements to the Linux kernel. Space precludes documenting each of\nthese changes in this advisory and users are directed to the Red Hat\nEnterprise Linux 5.4 Release Notes for information on the most\nsignificant of these changes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/\nRelease_Notes/\n\nAlso, for details concerning every bug fixed in and every enhancement\nadded to the kernel for this release, see the kernel chapter in the\nRed Hat Enterprise Linux 5.4 Technical Notes :\n\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/\nTechnical_Notes/kernel.html\n\nAll Red Hat Enterprise Linux 5 users are advised to install these\nupdated packages, which address these vulnerabilities as well as\nfixing the bugs and adding the enhancements noted in the Red Hat\nEnterprise Linux 5.4 Release Notes and Technical Notes. The system\nmust be rebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016137.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?faf11e01\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016138.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe5f2e6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-164.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-164.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-164.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-164.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-164.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-164.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-164.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-164.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-164.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-164.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 5.9, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-01-11T14:51:59", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges.\n\n - CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory.\n\n - CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users.\n\n - CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption).\n\n - CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry.\n\n - CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory.\n\n - CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics.\n\n - CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation.\n\n - CVE-2009-0746 Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem.\n\n - CVE-2009-0747 David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem.\n\n - CVE-2009-0748 David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem.", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "nessus", "title": "Debian DSA-1749-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1749.NASL", "href": "https://www.tenable.com/plugins/nessus/35987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1749. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35987);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0029\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\");\n script_bugtraq_id(33113, 33846);\n script_xref(name:\"DSA\", value:\"1749\");\n\n script_name(english:\"Debian DSA-1749-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-0029\n Christian Borntraeger discovered an issue effecting the\n alpha, mips, powerpc, s390 and sparc64 architectures\n that allows local users to cause a denial of service or\n potentially gain elevated privileges.\n\n - CVE-2009-0031\n Vegard Nossum discovered a memory leak in the keyctl\n subsystem that allows local users to cause a denial of\n service by consuming all of kernel memory.\n\n - CVE-2009-0065\n Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users.\n\n - CVE-2009-0269\n Duane Griffin provided a fix for an issue in the\n eCryptfs subsystem which allows local users to cause a\n denial of service (fault or memory corruption).\n\n - CVE-2009-0322\n Pavel Roskin provided a fix for an issue in the dell_rbu\n driver that allows a local user to cause a denial of\n service (oops) by reading 0 bytes from a sysfs entry.\n\n - CVE-2009-0676\n Clement LECIGNE discovered a bug in the sock_getsockopt\n function that may result in leaking sensitive kernel\n memory.\n\n - CVE-2009-0675\n Roel Kluin discovered inverted logic in the skfddi\n driver that permits local, unprivileged users to reset\n the driver statistics.\n\n - CVE-2009-0745\n Peter Kerwien discovered an issue in the ext4 filesystem\n that allows local users to cause a denial of service\n (kernel oops) during a resize operation.\n\n - CVE-2009-0746\n Sami Liedes reported an issue in the ext4 filesystem\n that allows local users to cause a denial of service\n (kernel oops) when accessing a specially crafted corrupt\n filesystem.\n\n - CVE-2009-0747\n David Maciejak reported an issue in the ext4 filesystem\n that allows local users to cause a denial of service\n (kernel oops) when mounting a specially crafted corrupt\n filesystem.\n\n - CVE-2009-0748\n David Maciejak reported an additional issue in the ext4\n filesystem that allows local users to cause a denial of\n service (kernel oops) when mounting a specially crafted\n corrupt filesystem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1749\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 packages.\n\nFor the oldstable distribution (etch), these problems, where\napplicable, will be fixed in future updates to linux-2.6 and\nlinux-2.6.24.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-13lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"linux-doc-2.6.26\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-486\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-4kc-malta\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-5kc-malta\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-686-bigmem\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-alpha\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-arm\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-armel\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-hppa\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-i386\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-ia64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-mips\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-mipsel\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-powerpc\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-s390\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-all-sparc\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-alpha-generic\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-alpha-legacy\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-alpha-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-common\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-common-openvz\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-common-vserver\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-common-xen\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-footbridge\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-iop32x\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-itanium\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-ixp4xx\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-mckinley\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-openvz-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-openvz-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-orion5x\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-parisc\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-parisc-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-parisc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-parisc64-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-powerpc\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-powerpc-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-powerpc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-r4k-ip22\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-r5k-cobalt\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-r5k-ip32\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-s390\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-s390x\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-sb1-bcm91250a\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-sb1a-bcm91480b\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-sparc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-sparc64-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-versatile\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-vserver-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-vserver-686-bigmem\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-vserver-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-vserver-itanium\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-vserver-mckinley\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-vserver-powerpc\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-vserver-powerpc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-vserver-s390x\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-vserver-sparc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-xen-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-headers-2.6.26-1-xen-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-486\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-4kc-malta\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-5kc-malta\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-686-bigmem\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-alpha-generic\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-alpha-legacy\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-alpha-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-footbridge\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-iop32x\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-itanium\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-ixp4xx\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-mckinley\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-openvz-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-openvz-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-orion5x\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-parisc\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-parisc-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-parisc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-parisc64-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-powerpc\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-powerpc-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-powerpc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-r4k-ip22\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-r5k-cobalt\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-r5k-ip32\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-s390\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-s390-tape\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-s390x\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-sb1-bcm91250a\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-sb1a-bcm91480b\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-sparc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-sparc64-smp\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-versatile\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-vserver-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-vserver-686-bigmem\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-vserver-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-vserver-itanium\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-vserver-mckinley\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-vserver-powerpc\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-vserver-powerpc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-vserver-s390x\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-vserver-sparc64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-xen-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-image-2.6.26-1-xen-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-libc-dev\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-manual-2.6.26\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-modules-2.6.26-1-xen-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-modules-2.6.26-1-xen-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-patch-debian-2.6.26\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-source-2.6.26\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-support-2.6.26-1\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"linux-tree-2.6.26\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xen-linux-system-2.6.26-1-xen-686\", reference:\"2.6.26-13lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xen-linux-system-2.6.26-1-xen-amd64\", reference:\"2.6.26-13lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T15:06:38", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-1385 Neil Horman discovered a missing fix from the e1000 network driver. A remote user may cause a denial of service by way of a kernel panic triggered by specially crafted frame sizes.\n\n - CVE-2009-1389 Michael Tokarev discovered an issue in the r8169 network driver. Remote users on the same LAN may cause a denial of service by way of a kernel panic triggered by receiving a large size frame.\n\n - CVE-2009-1630 Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount.\n\n - CVE-2009-1633 Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption.\n\n - CVE-2009-2692 Tavis Ormandy and Julien Tinnes discovered an issue with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges.", "cvss3": {}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1865-1 : linux-2.6 - denial of service/privilege escalation", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1385", "CVE-2009-1389", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-2692"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1865.NASL", "href": "https://www.tenable.com/plugins/nessus/44730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1865. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44730);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1385\", \"CVE-2009-1389\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-2692\");\n script_bugtraq_id(34612, 34934, 35185, 35281, 36038);\n script_xref(name:\"DSA\", value:\"1865\");\n\n script_name(english:\"Debian DSA-1865-1 : linux-2.6 - denial of service/privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-1385\n Neil Horman discovered a missing fix from the e1000\n network driver. A remote user may cause a denial of\n service by way of a kernel panic triggered by specially\n crafted frame sizes.\n\n - CVE-2009-1389\n Michael Tokarev discovered an issue in the r8169 network\n driver. Remote users on the same LAN may cause a denial\n of service by way of a kernel panic triggered by\n receiving a large size frame.\n\n - CVE-2009-1630\n Frank Filz discovered that local users may be able to\n execute files without execute permission when accessed\n via an nfs4 mount.\n\n - CVE-2009-1633\n Jeff Layton and Suresh Jayaraman fixed several buffer\n overflows in the CIFS filesystem which allow remote\n servers to cause memory corruption.\n\n - CVE-2009-2692\n Tavis Ormandy and Julien Tinnes discovered an issue with\n how the sendpage function is initialized in the\n proto_ops structure. Local users can exploit this\n vulnerability to gain elevated privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1865\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6, fai-kernels, and user-mode-linux packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-24etch3.\n\nThe following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update :\n\n Debian 4.0 (etch) \n fai-kernels 1.17+etch.24etch3 \n user-mode-linux 2.6.18-1um-2etch.24etch3 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"fai-kernels\", reference:\"1.17+etch.24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-doc-2.6.18\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-486\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-686-bigmem\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-alpha\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-hppa\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-i386\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-ia64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-mipsel\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-powerpc\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-s390\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-all-sparc\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-generic\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-legacy\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-alpha-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-itanium\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-k7\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-mckinley\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-parisc64-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc-miboot\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-powerpc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-prep\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-qemu\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r3k-kn02\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r4k-kn04\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-r5k-cobalt\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s390\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-s390x\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sb1-bcm91250a\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sb1a-bcm91480b\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc32\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-sparc64-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-alpha\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-k7\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-powerpc\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-powerpc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-s390x\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-vserver-sparc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-486\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-686-bigmem\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-generic\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-legacy\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-alpha-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-itanium\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-k7\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-mckinley\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-parisc64-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc-miboot\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-powerpc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-prep\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-qemu\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r3k-kn02\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r4k-kn04\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-r5k-cobalt\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390-tape\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-s390x\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sb1-bcm91250a\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sb1a-bcm91480b\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc32\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-sparc64-smp\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-alpha\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-k7\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-powerpc\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-powerpc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-s390x\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-vserver-sparc64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-manual-2.6.18\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-modules-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-patch-debian-2.6.18\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-source-2.6.18\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-support-2.6.18-6\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-tree-2.6.18\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"user-mode-linux\", reference:\"2.6.18-1um-2etch.24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-vserver-686\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"xen-linux-system-2.6.18-6-xen-vserver-amd64\", reference:\"2.6.18.dfsg.1-24etch3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:58:12", "description": "From Red Hat Security Advisory 2009:1193 :\n\nUpdated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)\n\n* Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than could be handled, which could lead to a remote denial of service or code execution. (CVE-2009-1389, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* Ramon de Carvalho Valle reported two flaws in the Linux kernel eCryptfs implementation. A local attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in that eCrypfts mount to cause a buffer overflow, leading to a denial of service or privilege escalation. (CVE-2009-2406, CVE-2009-2407, Important)\n\n* Konstantin Khlebnikov discovered a race condition in the ptrace implementation in the Linux kernel. This race condition can occur when the process tracing and the process being traced participate in a core dump. A local, unprivileged user could use this flaw to trigger a deadlock, resulting in a partial denial of service. (CVE-2009-1388, Moderate)\n\nBug fixes (see References below for a link to more detailed notes) :\n\n* possible dom0 crash when a Xen para-virtualized guest was installed while another para-virtualized guest was rebooting. (BZ#497812)\n\n* no directory removal audit record if the directory and its subtree were recursively watched by an audit rule. (BZ#507561)\n\n* running 'echo 1 > /proc/sys/vm/drop_caches' under high memory load could cause a kernel panic. (BZ#503692)\n\n* on 32-bit systems, core dumps for some multithreaded applications did not include all thread information. (BZ#505322)\n\n* a stack buffer used by get_event_name() was too small for nul terminator sprintf() writes. This could lead to an invalid pointer or kernel panic. (BZ#506906)\n\n* when using the aic94xx driver, systems with SATA drives may not boot due to a libsas bug. (BZ#506029)\n\n* Wacom Cintiq 21UX and Intuos stylus buttons were handled incorrectly when moved away from and back to these tablets. (BZ#508275)\n\n* CPU 'soft lockup' messages and possibe system hangs on systems with certain Broadcom network devices and running the Linux kernel from the kernel-xen package. (BZ#503689)\n\n* on 64-bit PowerPC, getitimer() failed for programs using the ITIMER_REAL timer that were also compiled for 64-bit systems. This caused such programs to abort. (BZ#510018)\n\n* write operations could be blocked even when using O_NONBLOCK.\n(BZ#510239)\n\n* the 'pci=nomsi' option was required for installing and booting Red Hat Enterprise Linux 5.2 on systems with VIA VT3364 chipsets.\n(BZ#507529)\n\n* shutting down, destroying, or migrating Xen guests with large amounts of memory could cause other guests to be temporarily unresponsive. (BZ#512311)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. Systems must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2009-1193)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5966", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-1193.NASL", "href": "https://www.tenable.com/plugins/nessus/67904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1193 and \n# Oracle Linux Security Advisory ELSA-2009-1193 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67904);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2007-5966\", \"CVE-2009-1385\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_bugtraq_id(26880, 35185, 35281, 35647, 35850, 35851);\n script_xref(name:\"RHSA\", value:\"2009:1193\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2009-1193)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1193 :\n\nUpdated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* the possibility of a timeout value overflow was found in the Linux\nkernel high-resolution timers functionality, hrtimers. This could\nallow a local, unprivileged user to execute arbitrary code, or cause a\ndenial of service (kernel panic). (CVE-2007-5966, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split\nacross multiple hardware receive descriptors. Receipt of such a frame\ncould leak through a validation check, leading to a corruption of the\nlength check. A remote attacker could use this flaw to send a\nspecially crafted packet that would cause a denial of service or code\nexecution. (CVE-2009-1385, Important)\n\n* Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver\nin the Linux kernel. This driver allowed interfaces using this driver\nto receive frames larger than could be handled, which could lead to a\nremote denial of service or code execution. (CVE-2009-1389, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared\nwhen a setuid or setgid program was executed. A local, unprivileged\nuser could use this flaw to bypass the mmap_min_addr protection\nmechanism and perform a NULL pointer dereference attack, or bypass the\nAddress Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* Ramon de Carvalho Valle reported two flaws in the Linux kernel\neCryptfs implementation. A local attacker with permissions to perform\nan eCryptfs mount could modify the metadata of the files in that\neCrypfts mount to cause a buffer overflow, leading to a denial of\nservice or privilege escalation. (CVE-2009-2406, CVE-2009-2407,\nImportant)\n\n* Konstantin Khlebnikov discovered a race condition in the ptrace\nimplementation in the Linux kernel. This race condition can occur when\nthe process tracing and the process being traced participate in a core\ndump. A local, unprivileged user could use this flaw to trigger a\ndeadlock, resulting in a partial denial of service. (CVE-2009-1388,\nModerate)\n\nBug fixes (see References below for a link to more detailed notes) :\n\n* possible dom0 crash when a Xen para-virtualized guest was installed\nwhile another para-virtualized guest was rebooting. (BZ#497812)\n\n* no directory removal audit record if the directory and its subtree\nwere recursively watched by an audit rule. (BZ#507561)\n\n* running 'echo 1 > /proc/sys/vm/drop_caches' under high memory load\ncould cause a kernel panic. (BZ#503692)\n\n* on 32-bit systems, core dumps for some multithreaded applications\ndid not include all thread information. (BZ#505322)\n\n* a stack buffer used by get_event_name() was too small for nul\nterminator sprintf() writes. This could lead to an invalid pointer or\nkernel panic. (BZ#506906)\n\n* when using the aic94xx driver, systems with SATA drives may not boot\ndue to a libsas bug. (BZ#506029)\n\n* Wacom Cintiq 21UX and Intuos stylus buttons were handled incorrectly\nwhen moved away from and back to these tablets. (BZ#508275)\n\n* CPU 'soft lockup' messages and possibe system hangs on systems with\ncertain Broadcom network devices and running the Linux kernel from the\nkernel-xen package. (BZ#503689)\n\n* on 64-bit PowerPC, getitimer() failed for programs using the\nITIMER_REAL timer that were also compiled for 64-bit systems. This\ncaused such programs to abort. (BZ#510018)\n\n* write operations could be blocked even when using O_NONBLOCK.\n(BZ#510239)\n\n* the 'pci=nomsi' option was required for installing and booting Red\nHat Enterprise Linux 5.2 on systems with VIA VT3364 chipsets.\n(BZ#507529)\n\n* shutting down, destroying, or migrating Xen guests with large\namounts of memory could cause other guests to be temporarily\nunresponsive. (BZ#512311)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Systems must be rebooted\nfor this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-August/001102.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 189, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2007-5966\", \"CVE-2009-1385\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2009-1193\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-128.4.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.4.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.4.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-128.4.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-128.4.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-128.4.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-128.4.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-128.4.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-128.4.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-128.4.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T15:04:49", "description": "Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)\n\n* Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than could be handled, which could lead to a remote denial of service or code execution. (CVE-2009-1389, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* Ramon de Carvalho Valle reported two flaws in the Linux kernel eCryptfs implementation. A local attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in that eCrypfts mount to cause a buffer overflow, leading to a denial of service or privilege escalation. (CVE-2009-2406, CVE-2009-2407, Important)\n\n* Konstantin Khlebnikov discovered a race condition in the ptrace implementation in the Linux kernel. This race condition can occur when the process tracing and the process being traced participate in a core dump. A local, unprivileged user could use this flaw to trigger a deadlock, resulting in a partial denial of service. (CVE-2009-1388, Moderate)\n\nBug fixes (see References below for a link to more detailed notes) :\n\n* possible dom0 crash when a Xen para-virtualized guest was installed while another para-virtualized guest was rebooting. (BZ#497812)\n\n* no directory removal audit record if the directory and its subtree were recursively watched by an audit rule. (BZ#507561)\n\n* running 'echo 1 > /proc/sys/vm/drop_caches' under high memory load could cause a kernel panic. (BZ#503692)\n\n* on 32-bit systems, core dumps for some multithreaded applications did not include all thread information. (BZ#505322)\n\n* a stack buffer used by get_event_name() was too small for nul terminator sprintf() writes. This could lead to an invalid pointer or kernel panic. (BZ#506906)\n\n* when using the aic94xx driver, systems with SATA drives may not boot due to a libsas bug. (BZ#506029)\n\n* Wacom Cintiq 21UX and Intuos stylus buttons were handled incorrectly when moved away from and back to these tablets. (BZ#508275)\n\n* CPU 'soft lockup' messages and possibe system hangs on systems with certain Broadcom network devices and running the Linux kernel from the kernel-xen package. (BZ#503689)\n\n* on 64-bit PowerPC, getitimer() failed for programs using the ITIMER_REAL timer that were also compiled for 64-bit systems. This caused such programs to abort. (BZ#510018)\n\n* write operations could be blocked even when using O_NONBLOCK.\n(BZ#510239)\n\n* the 'pci=nomsi' option was required for installing and booting Red Hat Enterprise Linux 5.2 on systems with VIA VT3364 chipsets.\n(BZ#507529)\n\n* shutting down, destroying, or migrating Xen guests with large amounts of memory could cause other guests to be temporarily unresponsive. (BZ#512311)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. Systems must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2009:1193)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5966", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1193.NASL", "href": "https://www.tenable.com/plugins/nessus/43773", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1193 and \n# CentOS Errata and Security Advisory 2009:1193 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43773);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-5966\", \"CVE-2009-1385\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_bugtraq_id(26880, 35185, 35281, 35647, 35850, 35851);\n script_xref(name:\"RHSA\", value:\"2009:1193\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2009:1193)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* the possibility of a timeout value overflow was found in the Linux\nkernel high-resolution timers functionality, hrtimers. This could\nallow a local, unprivileged user to execute arbitrary code, or cause a\ndenial of service (kernel panic). (CVE-2007-5966, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split\nacross multiple hardware receive descriptors. Receipt of such a frame\ncould leak through a validation check, leading to a corruption of the\nlength check. A remote attacker could use this flaw to send a\nspecially crafted packet that would cause a denial of service or code\nexecution. (CVE-2009-1385, Important)\n\n* Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver\nin the Linux kernel. This driver allowed interfaces using this driver\nto receive frames larger than could be handled, which could lead to a\nremote denial of service or code execution. (CVE-2009-1389, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared\nwhen a setuid or setgid program was executed. A local, unprivileged\nuser could use this flaw to bypass the mmap_min_addr protection\nmechanism and perform a NULL pointer dereference attack, or bypass the\nAddress Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* Ramon de Carvalho Valle reported two flaws in the Linux kernel\neCryptfs implementation. A local attacker with permissions to perform\nan eCryptfs mount could modify the metadata of the files in that\neCrypfts mount to cause a buffer overflow, leading to a denial of\nservice or privilege escalation. (CVE-2009-2406, CVE-2009-2407,\nImportant)\n\n* Konstantin Khlebnikov discovered a race condition in the ptrace\nimplementation in the Linux kernel. This race condition can occur when\nthe process tracing and the process being traced participate in a core\ndump. A local, unprivileged user could use this flaw to trigger a\ndeadlock, resulting in a partial denial of service. (CVE-2009-1388,\nModerate)\n\nBug fixes (see References below for a link to more detailed notes) :\n\n* possible dom0 crash when a Xen para-virtualized guest was installed\nwhile another para-virtualized guest was rebooting. (BZ#497812)\n\n* no directory removal audit record if the directory and its subtree\nwere recursively watched by an audit rule. (BZ#507561)\n\n* running 'echo 1 > /proc/sys/vm/drop_caches' under high memory load\ncould cause a kernel panic. (BZ#503692)\n\n* on 32-bit systems, core dumps for some multithreaded applications\ndid not include all thread information. (BZ#505322)\n\n* a stack buffer used by get_event_name() was too small for nul\nterminator sprintf() writes. This could lead to an invalid pointer or\nkernel panic. (BZ#506906)\n\n* when using the aic94xx driver, systems with SATA drives may not boot\ndue to a libsas bug. (BZ#506029)\n\n* Wacom Cintiq 21UX and Intuos stylus buttons were handled incorrectly\nwhen moved away from and back to these tablets. (BZ#508275)\n\n* CPU 'soft lockup' messages and possibe system hangs on systems with\ncertain Broadcom network devices and running the Linux kernel from the\nkernel-xen package. (BZ#503689)\n\n* on 64-bit PowerPC, getitimer() failed for programs using the\nITIMER_REAL timer that were also compiled for 64-bit systems. This\ncaused such programs to abort. (BZ#510018)\n\n* write operations could be blocked even when using O_NONBLOCK.\n(BZ#510239)\n\n* the 'pci=nomsi' option was required for installing and booting Red\nHat Enterprise Linux 5.2 on systems with VIA VT3364 chipsets.\n(BZ#507529)\n\n* shutting down, destroying, or migrating Xen guests with large\namounts of memory could cause other guests to be temporarily\nunresponsive. (BZ#512311)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Systems must be rebooted\nfor this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016062.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bfdf47bb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016063.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bdd79f2a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 189, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-128.4.1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T15:00:21", "description": "Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)\n\n* Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than could be handled, which could lead to a remote denial of service or code execution. (CVE-2009-1389, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* Ramon de Carvalho Valle reported two flaws in the Linux kernel eCryptfs implementation. A local attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in that eCrypfts mount to cause a buffer overflow, leading to a denial of service or privilege escalation. (CVE-2009-2406, CVE-2009-2407, Important)\n\n* Konstantin Khlebnikov discovered a race condition in the ptrace implementation in the Linux kernel. This race condition can occur when the process tracing and the process being traced participate in a core dump. A local, unprivileged user could use this flaw to trigger a deadlock, resulting in a partial denial of service. (CVE-2009-1388, Moderate)\n\nBug fixes (see References below for a link to more detailed notes) :\n\n* possible dom0 crash when a Xen para-virtualized guest was installed while another para-virtualized guest was rebooting. (BZ#497812)\n\n* no directory removal audit record if the directory and its subtree were recursively watched by an audit rule. (BZ#507561)\n\n* running 'echo 1 > /proc/sys/vm/drop_caches' under high memory load could cause a kernel panic. (BZ#503692)\n\n* on 32-bit systems, core dumps for some multithreaded applications did not include all thread information. (BZ#505322)\n\n* a stack buffer used by get_event_name() was too small for nul terminator sprintf() writes. This could lead to an invalid pointer or kernel panic. (BZ#506906)\n\n* when using the aic94xx driver, systems with SATA drives may not boot due to a libsas bug. (BZ#506029)\n\n* Wacom Cintiq 21UX and Intuos stylus buttons were handled incorrectly when moved away from and back to these tablets. (BZ#508275)\n\n* CPU 'soft lockup' messages and possibe system hangs on systems with certain Broadcom network devices and running the Linux kernel from the kernel-xen package. (BZ#503689)\n\n* on 64-bit PowerPC, getitimer() failed for programs using the ITIMER_REAL timer that were also compiled for 64-bit systems. This caused such programs to abort. (BZ#510018)\n\n* write operations could be blocked even when using O_NONBLOCK.\n(BZ#510239)\n\n* the 'pci=nomsi' option was required for installing and booting Red Hat Enterprise Linux 5.2 on systems with VIA VT3364 chipsets.\n(BZ#507529)\n\n* shutting down, destroying, or migrating Xen guests with large amounts of memory could cause other guests to be temporarily unresponsive. (BZ#512311)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. Systems must be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-08-05T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2009:1193)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5966", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1193.NASL", "href": "https://www.tenable.com/plugins/nessus/40487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1193. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40487);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5966\", \"CVE-2009-1385\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_bugtraq_id(26880, 35185, 35281, 35647, 35850, 35851);\n script_xref(name:\"RHSA\", value:\"2009:1193\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:1193)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* the possibility of a timeout value overflow was found in the Linux\nkernel high-resolution timers functionality, hrtimers. This could\nallow a local, unprivileged user to execute arbitrary code, or cause a\ndenial of service (kernel panic). (CVE-2007-5966, Important)\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux\nkernel. Frames with sizes near the MTU of an interface may be split\nacross multiple hardware receive descriptors. Receipt of such a frame\ncould leak through a validation check, leading to a corruption of the\nlength check. A remote attacker could use this flaw to send a\nspecially crafted packet that would cause a denial of service or code\nexecution. (CVE-2009-1385, Important)\n\n* Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver\nin the Linux kernel. This driver allowed interfaces using this driver\nto receive frames larger than could be handled, which could lead to a\nremote denial of service or code execution. (CVE-2009-1389, Important)\n\n* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared\nwhen a setuid or setgid program was executed. A local, unprivileged\nuser could use this flaw to bypass the mmap_min_addr protection\nmechanism and perform a NULL pointer dereference attack, or bypass the\nAddress Space Layout Randomization (ASLR) security feature.\n(CVE-2009-1895, Important)\n\n* Ramon de Carvalho Valle reported two flaws in the Linux kernel\neCryptfs implementation. A local attacker with permissions to perform\nan eCryptfs mount could modify the metadata of the files in that\neCrypfts mount to cause a buffer overflow, leading to a denial of\nservice or privilege escalation. (CVE-2009-2406, CVE-2009-2407,\nImportant)\n\n* Konstantin Khlebnikov discovered a race condition in the ptrace\nimplementation in the Linux kernel. This race condition can occur when\nthe process tracing and the process being traced participate in a core\ndump. A local, unprivileged user could use this flaw to trigger a\ndeadlock, resulting in a partial denial of service. (CVE-2009-1388,\nModerate)\n\nBug fixes (see References below for a link to more detailed notes) :\n\n* possible dom0 crash when a Xen para-virtualized guest was installed\nwhile another para-virtualized guest was rebooting. (BZ#497812)\n\n* no directory removal audit record if the directory and its subtree\nwere recursively watched by an audit rule. (BZ#507561)\n\n* running 'echo 1 > /proc/sys/vm/drop_caches' under high memory load\ncould cause a kernel panic. (BZ#503692)\n\n* on 32-bit systems, core dumps for some multithreaded applications\ndid not include all thread information. (BZ#505322)\n\n* a stack buffer used by get_event_name() was too small for nul\nterminator sprintf() writes. This could lead to an invalid pointer or\nkernel panic. (BZ#506906)\n\n* when using the aic94xx driver, systems with SATA drives may not boot\ndue to a libsas bug. (BZ#506029)\n\n* Wacom Cintiq 21UX and Intuos stylus buttons were handled incorrectly\nwhen moved away from and back to these tablets. (BZ#508275)\n\n* CPU 'soft lockup' messages and possibe system hangs on systems with\ncertain Broadcom network devices and running the Linux kernel from the\nkernel-xen package. (BZ#503689)\n\n* on 64-bit PowerPC, getitimer() failed for programs using the\nITIMER_REAL timer that were also compiled for 64-bit systems. This\ncaused such programs to abort. (BZ#510018)\n\n* write operations could be blocked even when using O_NONBLOCK.\n(BZ#510239)\n\n* the 'pci=nomsi' option was required for installing and booting Red\nHat Enterprise Linux 5.2 on systems with VIA VT3364 chipsets.\n(BZ#507529)\n\n* shutting down, destroying, or migrating Xen guests with large\namounts of memory could cause other guests to be temporarily\nunresponsive. (BZ#512311)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Systems must be rebooted\nfor this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2407\"\n );\n # http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1193\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 189, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2007-5966\", \"CVE-2009-1385\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:1193\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1193\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.4.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.4.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:36:39", "description": "CVE-2007-5966 kernel: non-root can trigger cpu_idle soft lockup CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service CVE-2009-1388 kernel: do_coredump() vs ptrace_start() deadlock CVE-2009-1389 kernel: r8169: fix crash when large packets are received CVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID CVE-2009-2406 kernel: ecryptfs stack overflow in parse_tag_11_packet() CVE-2009-2407 kernel: ecryptfs heap overflow in parse_tag_3_packet()\n\nSecurity fixes :\n\n - the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important)\n\n - a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important)\n\n - Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than could be handled, which could lead to a remote denial of service or code execution. (CVE-2009-1389, Important)\n\n - the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature.\n (CVE-2009-1895, Important)\n\n - Ramon de Carvalho Valle reported two flaws in the Linux kernel eCryptfs implementation. A local attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in that eCrypfts mount to cause a buffer overflow, leading to a denial of service or privilege escalation. (CVE-2009-2406, CVE-2009-2407, Important)\n\n - Konstantin Khlebnikov discovered a race condition in the ptrace implementation in the Linux kernel. This race condition can occur when the process tracing and the process being traced participate in a core dump. A local, unprivileged user could use this flaw to trigger a deadlock, resulting in a partial denial of service.\n (CVE-2009-1388, Moderate)\n\nBug fixes :\n\n - possible host (dom0) crash when installing a Xen para-virtualized guest while another para-virtualized guest was rebooting. (BZ#497812)\n\n - no audit record for a directory removal if the directory and its subtree were recursively watched by an audit rule. (BZ#507561)\n\n - running 'echo 1 > /proc/sys/vm/drop_caches' on systems under high memory load could cause a kernel panic.\n (BZ#503692)\n\n - on 32-bit systems, core dumps for some multithreaded applications did not include all thread information.\n (BZ#505322)\n\n - a stack buffer used by get_event_name() was not large enough for the nul terminator sprintf() writes. This could lead to an invalid pointer or kernel panic.\n (BZ#506906)\n\n - when using the aic94xx driver, a system with SATA drives may not boot due to a bug in libsas. (BZ#506029)\n\n - incorrect stylus button handling when moving it away then returning it to the tablet for Wacom Cintiq 21UX and Intuos tablets. (BZ#508275)\n\n - CPU 'soft lockup' messages and possibly a system hang on systems with certain Broadcom network devices and running the Linux kernel from the kernel-xen package.\n (BZ#503689)\n\n - on 64-bit PowerPC, getitimer() failed for programs using the ITIMER_REAL timer and that were also compiled for 64-bit systems (this caused such programs to abort).\n (BZ#510018)\n\n - write operations could be blocked even when using O_NONBLOCK. (BZ#510239)\n\n - the 'pci=nomsi' option was required for installing and booting Red Hat Enterprise Linux 5.2 on systems with VIA VT3364 chipsets. (BZ#507529)\n\n - shutting down, destroying, or migrating Xen guests with large amounts of memory could cause other guests to be temporarily unresponsive. (BZ#512311)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel for SL 5.x on i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5966", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090808_KERNEL_FOR_SL_5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60634);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5966\", \"CVE-2009-1385\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n\n script_name(english:\"Scientific Linux Security Update : kernel for SL 5.x on i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2007-5966 kernel: non-root can trigger cpu_idle soft lockup\nCVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service\nCVE-2009-1388 kernel: do_coredump() vs ptrace_start() deadlock\nCVE-2009-1389 kernel: r8169: fix crash when large packets are received\nCVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID\nCVE-2009-2406 kernel: ecryptfs stack overflow in parse_tag_11_packet()\nCVE-2009-2407 kernel: ecryptfs heap overflow in parse_tag_3_packet()\n\nSecurity fixes :\n\n - the possibility of a timeout value overflow was found in\n the Linux kernel high-resolution timers functionality,\n hrtimers. This could allow a local, unprivileged user to\n execute arbitrary code, or cause a denial of service\n (kernel panic). (CVE-2007-5966, Important)\n\n - a flaw was found in the Intel PRO/1000 network driver in\n the Linux kernel. Frames with sizes near the MTU of an\n interface may be split across multiple hardware receive\n descriptors. Receipt of such a frame could leak through\n a validation check, leading to a corruption of the\n length check. A remote attacker could use this flaw to\n send a specially crafted packet that would cause a\n denial of service or code execution. (CVE-2009-1385,\n Important)\n\n - Michael Tokarev reported a flaw in the Realtek r8169\n Ethernet driver in the Linux kernel. This driver allowed\n interfaces using this driver to receive frames larger\n than could be handled, which could lead to a remote\n denial of service or code execution. (CVE-2009-1389,\n Important)\n\n - the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not\n cleared when a setuid or setgid program was executed. A\n local, unprivileged user could use this flaw to bypass\n the mmap_min_addr protection mechanism and perform a\n NULL pointer dereference attack, or bypass the Address\n Space Layout Randomization (ASLR) security feature.\n (CVE-2009-1895, Important)\n\n - Ramon de Carvalho Valle reported two flaws in the Linux\n kernel eCryptfs implementation. A local attacker with\n permissions to perform an eCryptfs mount could modify\n the metadata of the files in that eCrypfts mount to\n cause a buffer overflow, leading to a denial of service\n or privilege escalation. (CVE-2009-2406, CVE-2009-2407,\n Important)\n\n - Konstantin Khlebnikov discovered a race condition in the\n ptrace implementation in the Linux kernel. This race\n condition can occur when the process tracing and the\n process being traced participate in a core dump. A\n local, unprivileged user could use this flaw to trigger\n a deadlock, resulting in a partial denial of service.\n (CVE-2009-1388, Moderate)\n\nBug fixes :\n\n - possible host (dom0) crash when installing a Xen\n para-virtualized guest while another para-virtualized\n guest was rebooting. (BZ#497812)\n\n - no audit record for a directory removal if the directory\n and its subtree were recursively watched by an audit\n rule. (BZ#507561)\n\n - running 'echo 1 > /proc/sys/vm/drop_caches' on systems\n under high memory load could cause a kernel panic.\n (BZ#503692)\n\n - on 32-bit systems, core dumps for some multithreaded\n applications did not include all thread information.\n (BZ#505322)\n\n - a stack buffer used by get_event_name() was not large\n enough for the nul terminator sprintf() writes. This\n could lead to an invalid pointer or kernel panic.\n (BZ#506906)\n\n - when using the aic94xx driver, a system with SATA drives\n may not boot due to a bug in libsas. (BZ#506029)\n\n - incorrect stylus button handling when moving it away\n then returning it to the tablet for Wacom Cintiq 21UX\n and Intuos tablets. (BZ#508275)\n\n - CPU 'soft lockup' messages and possibly a system hang on\n systems with certain Broadcom network devices and\n running the Linux kernel from the kernel-xen package.\n (BZ#503689)\n\n - on 64-bit PowerPC, getitimer() failed for programs using\n the ITIMER_REAL timer and that were also compiled for\n 64-bit systems (this caused such programs to abort).\n (BZ#510018)\n\n - write operations could be blocked even when using\n O_NONBLOCK. (BZ#510239)\n\n - the 'pci=nomsi' option was required for installing and\n booting Red Hat Enterprise Linux 5.2 on systems with VIA\n VT3364 chipsets. (BZ#507529)\n\n - shutting down, destroying, or migrating Xen guests with\n large amounts of memory could cause other guests to be\n temporarily unresponsive. (BZ#512311)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=497812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=503692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=505322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=506029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=506906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=507529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=507561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=508275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=510018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=510239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512311\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0908&L=scientific-linux-errata&T=0&P=77\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2834484f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(16, 119, 189, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-aufs-2.6.18-128.4.1.el5-0.20090202.cvs-6.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-module-aufs-2.6.18-128.4.1.el5PAE-0.20090202.cvs-6.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-aufs-2.6.18-128.4.1.el5xen-0.20090202.cvs-6.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-fuse-2.6.18-128.4.1.el5-2.6.3-1.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-module-fuse-2.6.18-128.4.1.el5PAE-2.6.3-1.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-fuse-2.6.18-128.4.1.el5xen-2.6.3-1.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-ipw3945-2.6.18-128.4.1.el5-1.2.0-2.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-module-ipw3945-2.6.18-128.4.1.el5PAE-1.2.0-2.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-ipw3945-2.6.18-128.4.1.el5xen-1.2.0-2.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-madwifi-2.6.18-128.4.1.el5-0.9.4-15.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-module-madwifi-2.6.18-128.4.1.el5PAE-0.9.4-15.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-madwifi-2.6.18-128.4.1.el5xen-0.9.4-15.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-madwifi-hal-2.6.18-128.4.1.el5-0.9.4-15.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-module-madwifi-hal-2.6.18-128.4.1.el5PAE-0.9.4-15.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-madwifi-hal-2.6.18-128.4.1.el5xen-0.9.4-15.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-ndiswrapper-2.6.18-128.4.1.el5-1.53-1.SL\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-module-ndiswrapper-2.6.18-128.4.1.el5PAE-1.53-1.SL\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-ndiswrapper-2.6.18-128.4.1.el5xen-1.53-1.SL\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-openafs-2.6.18-128.4.1.el5-1.4.7-68.2.SL5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-module-openafs-2.6.18-128.4.1.el5PAE-1.4.7-68.2.SL5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-openafs-2.6.18-128.4.1.el5xen-1.4.7-68.2.SL5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-xfs-2.6.18-128.4.1.el5-0.4-2.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-module-xfs-2.6.18-128.4.1.el5PAE-0.4-2.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-module-xfs-2.6.18-128.4.1.el5xen-0.4-2.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-128.4.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-128.4.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:06:35", "description": "This kernel update for openSUSE 11.0 fixes some bugs and several security problems.\n\nThe following security issues are fixed: A local denial of service problem in the splice(2) system call.\n\nCVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.\n\nCVE-2009-0834: The audit_syscall_entry function in the Linux kernel on the x86_64 platform did not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls.\n\nCVE-2009-1072: nfsd in the Linux kernel did not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.\n\nCVE-2009-0835 The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod.\n\nCVE-2009-1439: Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) or potential code execution via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.\n\nThis requires that kernel can be made to mount a 'cifs' filesystem from a malicious CIFS server.\n\nCVE-2009-1337: The exit_notify function in kernel/exit.c in the Linux kernel did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.\n\nCVE-2009-0859: The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program. (SUSE is enabling CONFIG_SHMEM, so is by default not affected, the fix is just for completeness).\n\nCVE-2009-1242: The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka 'Long mode enable') bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.\n\nCVE-2009-1265: Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel might allow attackers to obtain sensitive information via a large length value, which causes 'garbage' memory to be sent.\n\nCVE-2009-0028: The clone system call in the Linux kernel allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.\n\nCVE-2009-0675: The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an 'inverted logic' issue.\n\nCVE-2009-0676: The sock_getsockopt function in net/core/sock.c in the Linux kernel does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.\n\nCVE-2009-0322: drivers/firmware/dell_rbu.c in the Linux kernel allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/.\n\nCVE-2009-0269: fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.\n\nCVE-2009-0065: Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.\n\nSome other non-security bugs were fixed, please see the RPM changelog.", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (kernel-951)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0028", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859", "CVE-2009-1072", "CVE-2009-1242", "CVE-2009-1265", "CVE-2009-1337", "CVE-2009-1439", "CVE-2009-1630"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acerhk-kmp-debug", "p-cpe:/a:novell:opensuse:acx-kmp-debug", "p-cpe:/a:novell:opensuse:appleir-kmp-debug", "p-cpe:/a:novell:opensuse:at76_usb-kmp-debug", "p-cpe:/a:novell:opensuse:atl2-kmp-debug", "p-cpe:/a:novell:opensuse:aufs-kmp-debug", "p-cpe:/a:novell:opensuse:dazuko-kmp-debug", "p-cpe:/a:novell:opensuse:drbd-kmp-debug", "p-cpe:/a:novell:opensuse:gspcav-kmp-debug", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-debug", "p-cpe:/a:novell:opensuse:ivtv-kmp-debug", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kqemu-kmp-debug", "p-cpe:/a:novell:opensuse:nouveau-kmp-debug", "p-cpe:/a:novell:opensuse:omnibook-kmp-debug", "p-cpe:/a:novell:opensuse:pcc-acpi-kmp-debug", "p-cpe:/a:novell:opensuse:pcfclock-kmp-debug", "p-cpe:/a:novell:opensuse:tpctl-kmp-debug", "p-cpe:/a:novell:opensuse:uvcvideo-kmp-debug", "p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug", "p-cpe:/a:novell:opensuse:vmware-kmp-debug", "p-cpe:/a:novell:opensuse:wlan-ng-kmp-debug", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_KERNEL-090602.NASL", "href": "https://www.tenable.com/plugins/nessus/40012", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-951.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40012);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0028\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1072\", \"CVE-2009-1242\", \"CVE-2009-1265\", \"CVE-2009-1337\", \"CVE-2009-1439\", \"CVE-2009-1630\");\n\n script_name(english:\"openSUSE Security Update : kernel (kernel-951)\");\n script_summary(english:\"Check for the kernel-951 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update for openSUSE 11.0 fixes some bugs and several\nsecurity problems.\n\nThe following security issues are fixed: A local denial of service\nproblem in the splice(2) system call.\n\nCVE-2009-1630: The nfs_permission function in fs/nfs/dir.c in the NFS\nclient implementation in the Linux kernel when atomic_open is\navailable, does not check execute (aka EXEC or MAY_EXEC) permission\nbits, which allows local users to bypass permissions and execute\nfiles, as demonstrated by files on an NFSv4 fileserver.\n\nCVE-2009-0834: The audit_syscall_entry function in the Linux kernel on\nthe x86_64 platform did not properly handle (1) a 32-bit process\nmaking a 64-bit syscall or (2) a 64-bit process making a 32-bit\nsyscall, which allows local users to bypass certain syscall audit\nconfigurations via crafted syscalls.\n\nCVE-2009-1072: nfsd in the Linux kernel did not drop the CAP_MKNOD\ncapability before handling a user request in a thread, which allows\nlocal users to create device nodes, as demonstrated on a filesystem\nthat has been exported with the root_squash option.\n\nCVE-2009-0835 The __secure_computing function in kernel/seccomp.c in\nthe seccomp subsystem in the Linux kernel on the x86_64 platform, when\nCONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit\nprocess making a 64-bit syscall or (2) a 64-bit process making a\n32-bit syscall, which allows local users to bypass intended access\nrestrictions via crafted syscalls that are misinterpreted as (a) stat\nor (b) chmod.\n\nCVE-2009-1439: Buffer overflow in fs/cifs/connect.c in CIFS in the\nLinux kernel 2.6.29 and earlier allows remote attackers to cause a\ndenial of service (crash) or potential code execution via a long\nnativeFileSystem field in a Tree Connect response to an SMB mount\nrequest.\n\nThis requires that kernel can be made to mount a 'cifs' filesystem\nfrom a malicious CIFS server.\n\nCVE-2009-1337: The exit_notify function in kernel/exit.c in the Linux\nkernel did not restrict exit signals when the CAP_KILL capability is\nheld, which allows local users to send an arbitrary signal to a\nprocess by running a program that modifies the exit_signal field and\nthen uses an exec system call to launch a setuid application.\n\nCVE-2009-0859: The shm_get_stat function in ipc/shm.c in the shm\nsubsystem in the Linux kernel, when CONFIG_SHMEM is disabled,\nmisinterprets the data type of an inode, which allows local users to\ncause a denial of service (system hang) via an SHM_INFO shmctl call,\nas demonstrated by running the ipcs program. (SUSE is enabling\nCONFIG_SHMEM, so is by default not affected, the fix is just for\ncompleteness).\n\nCVE-2009-1242: The vmx_set_msr function in arch/x86/kvm/vmx.c in the\nVMX implementation in the KVM subsystem in the Linux kernel on the\ni386 platform allows guest OS users to cause a denial of service\n(OOPS) by setting the EFER_LME (aka 'Long mode enable') bit in the\nExtended Feature Enable Register (EFER) model-specific register, which\nis specific to the x86_64 platform.\n\nCVE-2009-1265: Integer overflow in rose_sendmsg (sys/net/af_rose.c) in\nthe Linux kernel might allow attackers to obtain sensitive information\nvia a large length value, which causes 'garbage' memory to be sent.\n\nCVE-2009-0028: The clone system call in the Linux kernel allows local\nusers to send arbitrary signals to a parent process from an\nunprivileged child process by launching an additional child process\nwith the CLONE_PARENT flag, and then letting this new process exit.\n\nCVE-2009-0675: The skfp_ioctl function in drivers/net/skfp/skfddi.c in\nthe Linux kernel permits SKFP_CLR_STATS requests only when the\nCAP_NET_ADMIN capability is absent, instead of when this capability is\npresent, which allows local users to reset the driver statistics,\nrelated to an 'inverted logic' issue.\n\nCVE-2009-0676: The sock_getsockopt function in net/core/sock.c in the\nLinux kernel does not initialize a certain structure member, which\nallows local users to obtain potentially sensitive information from\nkernel memory via an SO_BSDCOMPAT getsockopt request.\n\nCVE-2009-0322: drivers/firmware/dell_rbu.c in the Linux kernel allows\nlocal users to cause a denial of service (system crash) via a read\nsystem call that specifies zero bytes from the (1) image_type or (2)\npacket_size file in /sys/devices/platform/dell_rbu/.\n\nCVE-2009-0269: fs/ecryptfs/inode.c in the eCryptfs subsystem in the\nLinux kernel allows local users to cause a denial of service (fault or\nmemory corruption), or possibly have unspecified other impact, via a\nreadlink call that results in an error, leading to use of a -1 return\nvalue as an array index.\n\nCVE-2009-0065: Buffer overflow in net/sctp/sm_statefuns.c in the\nStream Control Transmission Protocol (sctp) implementation in the\nLinux kernel allows remote attackers to have an unknown impact via an\nFWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.\n\nSome other non-security bugs were fixed, please see the RPM changelog.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=399966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=407523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=408818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=429484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=462365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=463522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=465955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=465963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=470942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=470943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=472896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=478002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=478003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=482720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=483819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=483820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=487106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=487681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=490608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=492282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=492760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=492768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=495065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=496398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=497551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=497597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=498237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=502675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=503353\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acerhk-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acx-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:appleir-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:at76_usb-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:atl2-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:aufs-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dazuko-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gspcav-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ivtv-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kqemu-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nouveau-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:omnibook-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcc-acpi-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tpctl-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uvcvideo-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vmware-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wlan-ng-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acerhk-kmp-debug-0.5.35_2.6.25.20_0.4-98.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acx-kmp-debug-20080210_2.6.25.20_0.4-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"appleir-kmp-debug-1.1_2.6.25.20_0.4-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"at76_usb-kmp-debug-0.17_2.6.25.20_0.4-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"atl2-kmp-debug-2.0.4_2.6.25.20_0.4-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"aufs-kmp-debug-cvs20080429_2.6.25.20_0.4-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"dazuko-kmp-debug-2.3.4.4_2.6.25.20_0.4-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"drbd-kmp-debug-8.2.6_2.6.25.20_0.4-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gspcav-kmp-debug-01.00.20_2.6.25.20_0.4-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"iscsitarget-kmp-debug-0.4.15_2.6.25.20_0.4-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ivtv-kmp-debug-1.0.3_2.6.25.20_0.4-66.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-debug-2.6.25.20-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-default-2.6.25.20-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-pae-2.6.25.20-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-source-2.6.25.20-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-syms-2.6.25.20-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-vanilla-2.6.25.20-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kernel-xen-2.6.25.20-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"kqemu-kmp-debug-1.3.0pre11_2.6.25.20_0.4-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"nouveau-kmp-debug-0.10.1.20081112_2.6.25.20_0.4-0.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"omnibook-kmp-debug-20080313_2.6.25.20_0.4-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pcc-acpi-kmp-debug-0.9_2.6.25.20_0.4-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pcfclock-kmp-debug-0.44_2.6.25.20_0.4-207.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tpctl-kmp-debug-4.17_2.6.25.20_0.4-189.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"uvcvideo-kmp-debug-r200_2.6.25.20_0.4-2.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"virtualbox-ose-kmp-debug-1.5.6_2.6.25.20_0.4-33.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"vmware-kmp-debug-2008.04.14_2.6.25.20_0.4-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"wlan-ng-kmp-debug-0.2.8_2.6.25.20_0.4-107.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acerhk-kmp-debug / acx-kmp-debug / appleir-kmp-debug / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T14:36:53", "description": "Security fixes :\n\n - memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease.\n (CVE-2009-0778, Important)\n\n - Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate)\n\n - an off-by-one underflow flaw was found in the eCryptfs subsystem. This could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate)\n\n - a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in '/sys/devices/platform/dell_rbu/'.\n (CVE-2009-0322, Moderate)\n\n - an inverted logic flaw was found in the SysKonnect FDDI PCI adapter driver, allowing driver statistics to be reset only when the CAP_NET_ADMIN capability was absent (local, unprivileged users could reset driver statistics). (CVE-2009-0675, Moderate)\n\n - the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure.\n (CVE-2009-0676, Moderate)\n\n - the ext2 and ext3 file system code failed to properly handle corrupted data structures, leading to a possible local denial of service when read or write operations were performed on a specially crafted file system.\n (CVE-2008-3528, Low)\n\n - a deficiency was found in the libATA implementation.\n This could, potentially, lead to a local denial of service. Note: by default, the '/dev/sg*' devices are accessible only to the root user. (CVE-2008-5700, Low)\n\nBug fixes :\n\n - a bug in aic94xx may have caused kernel panics during boot on some systems with certain SATA disks.\n (BZ#485909)\n\n - a word endianness problem in the qla2xx driver on PowerPC-based machines may have corrupted flash-based devices. (BZ#485908)\n\n - a memory leak in pipe() may have caused a system deadlock. The workaround, which involved manually allocating extra file descriptors toprocesses calling do_pipe, is no longer necessary. (BZ#481576)\n\n - CPU soft-lockups in the network rate estimator.\n (BZ#481746)\n\n - bugs in the ixgbe driver caused it to function unreliably on some systems with 16 or more CPU cores.\n (BZ#483210)\n\n - the iwl4965 driver may have caused a kernel panic.\n (BZ#483206)\n\n - a bug caused NFS attributes to not update for some long-lived NFS mounted file systems. (BZ#483201)\n\n - unmounting a GFS2 file system may have caused a panic.\n (BZ#485910)\n\n - a bug in ptrace() may have caused a panic when single stepping a target. (BZ#487394)\n\n - on some 64-bit systems, notsc was incorrectly set at boot, causing slow gettimeofday() calls. (BZ#488239)\n\n - do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#490433)\n\n - scaling problems caused performance problems for LAPI applications. (BZ#489457)\n\n - a panic may have occurred on systems using certain Intel WiFi Link 5000 products when booting with the RF Kill switch on. (BZ#489846)\n\n - the TSC is invariant with C/P/T states, and always runs at constant frequency from now on. (BZ#489310)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3528", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0778"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090401_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60559);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3528\", \"CVE-2008-5700\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0778\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes :\n\n - memory leaks were found on some error paths in the\n icmp_send() function in the Linux kernel. This could,\n potentially, cause the network connectivity to cease.\n (CVE-2009-0778, Important)\n\n - Chris Evans reported a deficiency in the clone() system\n call when called with the CLONE_PARENT flag. This flaw\n permits the caller (the parent process) to indicate an\n arbitrary signal it wants to receive when its child\n process exits. This could lead to a denial of service of\n the parent process. (CVE-2009-0028, Moderate)\n\n - an off-by-one underflow flaw was found in the eCryptfs\n subsystem. This could potentially cause a local denial\n of service when the readlink() function returned an\n error. (CVE-2009-0269, Moderate)\n\n - a deficiency was found in the Remote BIOS Update (RBU)\n driver for Dell systems. This could allow a local,\n unprivileged user to cause a denial of service by\n reading zero bytes from the image_type or packet_size\n files in '/sys/devices/platform/dell_rbu/'.\n (CVE-2009-0322, Moderate)\n\n - an inverted logic flaw was found in the SysKonnect FDDI\n PCI adapter driver, allowing driver statistics to be\n reset only when the CAP_NET_ADMIN capability was absent\n (local, unprivileged users could reset driver\n statistics). (CVE-2009-0675, Moderate)\n\n - the sock_getsockopt() function in the Linux kernel did\n not properly initialize a data structure that can be\n directly returned to user-space when the getsockopt()\n function is called with SO_BSDCOMPAT optname set. This\n flaw could possibly lead to memory disclosure.\n (CVE-2009-0676, Moderate)\n\n - the ext2 and ext3 file system code failed to properly\n handle corrupted data structures, leading to a possible\n local denial of service when read or write operations\n were performed on a specially crafted file system.\n (CVE-2008-3528, Low)\n\n - a deficiency was found in the libATA implementation.\n This could, potentially, lead to a local denial of\n service. Note: by default, the '/dev/sg*' devices are\n accessible only to the root user. (CVE-2008-5700, Low)\n\nBug fixes :\n\n - a bug in aic94xx may have caused kernel panics during\n boot on some systems with certain SATA disks.\n (BZ#485909)\n\n - a word endianness problem in the qla2xx driver on\n PowerPC-based machines may have corrupted flash-based\n devices. (BZ#485908)\n\n - a memory leak in pipe() may have caused a system\n deadlock. The workaround, which involved manually\n allocating extra file descriptors toprocesses calling\n do_pipe, is no longer necessary. (BZ#481576)\n\n - CPU soft-lockups in the network rate estimator.\n (BZ#481746)\n\n - bugs in the ixgbe driver caused it to function\n unreliably on some systems with 16 or more CPU cores.\n (BZ#483210)\n\n - the iwl4965 driver may have caused a kernel panic.\n (BZ#483206)\n\n - a bug caused NFS attributes to not update for some\n long-lived NFS mounted file systems. (BZ#483201)\n\n - unmounting a GFS2 file system may have caused a panic.\n (BZ#485910)\n\n - a bug in ptrace() may have caused a panic when single\n stepping a target. (BZ#487394)\n\n - on some 64-bit systems, notsc was incorrectly set at\n boot, causing slow gettimeofday() calls. (BZ#488239)\n\n - do_machine_check() cleared all Machine Check Exception\n (MCE) status registers, preventing the BIOS from using\n them to determine the cause of certain panics and\n errors. (BZ#490433)\n\n - scaling problems caused performance problems for LAPI\n applications. (BZ#489457)\n\n - a panic may have occurred on systems using certain Intel\n WiFi Link 5000 products when booting with the RF Kill\n switch on. (BZ#489846)\n\n - the TSC is invariant with C/P/T states, and always runs\n at constant frequency from now on. (BZ#489310)\n\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=481576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=481746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=483201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=483206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=483210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=485908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=485909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=485910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=487394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=488239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=489310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=489457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=489846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490433\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=76\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad870d63\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-128.1.6.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:57:52", "description": "From Red Hat Security Advisory 2009:0326 :\n\nUpdated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important)\n\n* Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate)\n\n* an off-by-one underflow flaw was found in the eCryptfs subsystem.\nThis could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate)\n\n* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in '/sys/devices/platform/dell_rbu/'.\n(CVE-2009-0322, Moderate)\n\n* an inverted logic flaw was found in the SysKonnect FDDI PCI adapter driver, allowing driver statistics to be reset only when the CAP_NET_ADMIN capability was absent (local, unprivileged users could reset driver statistics). (CVE-2009-0675, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\n* the ext2 and ext3 file system code failed to properly handle corrupted data structures, leading to a possible local denial of service when read or write operations were performed on a specially crafted file system. (CVE-2008-3528, Low)\n\n* a deficiency was found in the libATA implementation. This could, potentially, lead to a local denial of service. Note: by default, the '/dev/sg*' devices are accessible only to the root user.\n(CVE-2008-5700, Low)\n\nBug fixes :\n\n* a bug in aic94xx may have caused kernel panics during boot on some systems with certain SATA disks. (BZ#485909)\n\n* a word endianness problem in the qla2xx driver on PowerPC-based machines may have corrupted flash-based devices. (BZ#485908)\n\n* a memory leak in pipe() may have caused a system deadlock. The workaround in Section 1.5, Known Issues, of the Red Hat Enterprise Linux 5.3 Release Notes Updates, which involved manually allocating extra file descriptors to processes calling do_pipe, is no longer necessary. (BZ#481576)\n\n* CPU soft-lockups in the network rate estimator. (BZ#481746)\n\n* bugs in the ixgbe driver caused it to function unreliably on some systems with 16 or more CPU cores. (BZ#483210)\n\n* the iwl4965 driver may have caused a kernel panic. (BZ#483206)\n\n* a bug caused NFS attributes to not update for some long-lived NFS mounted file systems. (BZ#483201)\n\n* unmounting a GFS2 file system may have caused a panic. (BZ#485910)\n\n* a bug in ptrace() may have caused a panic when single stepping a target. (BZ#487394)\n\n* on some 64-bit systems, notsc was incorrectly set at boot, causing slow gettimeofday() calls. (BZ#488239)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#490433)\n\n* scaling problems caused performance problems for LAPI applications.\n(BZ#489457)\n\n* a panic may have occurred on systems using certain Intel WiFi Link 5000 products when booting with the RF Kill switch on. (BZ#489846)\n\n* the TSC is invariant with C/P/T states, and always runs at constant frequency from now on. (BZ#489310)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2009-0326)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3528", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0778"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-0326.NASL", "href": "https://www.tenable.com/plugins/nessus/67812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0326 and \n# Oracle Linux Security Advisory ELSA-2009-0326 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67812);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2008-3528\", \"CVE-2008-5700\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0778\");\n script_bugtraq_id(33846);\n script_xref(name:\"RHSA\", value:\"2009:0326\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2009-0326)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0326 :\n\nUpdated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* memory leaks were found on some error paths in the icmp_send()\nfunction in the Linux kernel. This could, potentially, cause the\nnetwork connectivity to cease. (CVE-2009-0778, Important)\n\n* Chris Evans reported a deficiency in the clone() system call when\ncalled with the CLONE_PARENT flag. This flaw permits the caller (the\nparent process) to indicate an arbitrary signal it wants to receive\nwhen its child process exits. This could lead to a denial of service\nof the parent process. (CVE-2009-0028, Moderate)\n\n* an off-by-one underflow flaw was found in the eCryptfs subsystem.\nThis could potentially cause a local denial of service when the\nreadlink() function returned an error. (CVE-2009-0269, Moderate)\n\n* a deficiency was found in the Remote BIOS Update (RBU) driver for\nDell systems. This could allow a local, unprivileged user to cause a\ndenial of service by reading zero bytes from the image_type or\npacket_size files in '/sys/devices/platform/dell_rbu/'.\n(CVE-2009-0322, Moderate)\n\n* an inverted logic flaw was found in the SysKonnect FDDI PCI adapter\ndriver, allowing driver statistics to be reset only when the\nCAP_NET_ADMIN capability was absent (local, unprivileged users could\nreset driver statistics). (CVE-2009-0675, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to\nuser-space when the getsockopt() function is called with SO_BSDCOMPAT\noptname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\n* the ext2 and ext3 file system code failed to properly handle\ncorrupted data structures, leading to a possible local denial of\nservice when read or write operations were performed on a specially\ncrafted file system. (CVE-2008-3528, Low)\n\n* a deficiency was found in the libATA implementation. This could,\npotentially, lead to a local denial of service. Note: by default, the\n'/dev/sg*' devices are accessible only to the root user.\n(CVE-2008-5700, Low)\n\nBug fixes :\n\n* a bug in aic94xx may have caused kernel panics during boot on some\nsystems with certain SATA disks. (BZ#485909)\n\n* a word endianness problem in the qla2xx driver on PowerPC-based\nmachines may have corrupted flash-based devices. (BZ#485908)\n\n* a memory leak in pipe() may have caused a system deadlock. The\nworkaround in Section 1.5, Known Issues, of the Red Hat Enterprise\nLinux 5.3 Release Notes Updates, which involved manually allocating\nextra file descriptors to processes calling do_pipe, is no longer\nnecessary. (BZ#481576)\n\n* CPU soft-lockups in the network rate estimator. (BZ#481746)\n\n* bugs in the ixgbe driver caused it to function unreliably on some\nsystems with 16 or more CPU cores. (BZ#483210)\n\n* the iwl4965 driver may have caused a kernel panic. (BZ#483206)\n\n* a bug caused NFS attributes to not update for some long-lived NFS\nmounted file systems. (BZ#483201)\n\n* unmounting a GFS2 file system may have caused a panic. (BZ#485910)\n\n* a bug in ptrace() may have caused a panic when single stepping a\ntarget. (BZ#487394)\n\n* on some 64-bit systems, notsc was incorrectly set at boot, causing\nslow gettimeofday() calls. (BZ#488239)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status\nregisters, preventing the BIOS from using them to determine the cause\nof certain panics and errors. (BZ#490433)\n\n* scaling problems caused performance problems for LAPI applications.\n(BZ#489457)\n\n* a panic may have occurred on systems using certain Intel WiFi Link\n5000 products when booting with the RF Kill switch on. (BZ#489846)\n\n* the TSC is invariant with C/P/T states, and always runs at constant\nfrequency from now on. (BZ#489310)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000944.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2008-3528\", \"CVE-2008-5700\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0778\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2009-0326\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-128.1.6.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.6.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.6.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-128.1.6.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-128.1.6.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-128.1.6.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-128.1.6.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-128.1.6.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-128.1.6.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-128.1.6.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:49:15", "description": "Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important)\n\n* Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate)\n\n* an off-by-one underflow flaw was found in the eCryptfs subsystem.\nThis could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate)\n\n* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in '/sys/devices/platform/dell_rbu/'.\n(CVE-2009-0322, Moderate)\n\n* an inverted logic flaw was found in the SysKonnect FDDI PCI adapter driver, allowing driver statistics to be reset only when the CAP_NET_ADMIN capability was absent (local, unprivileged users could reset driver statistics). (CVE-2009-0675, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\n* the ext2 and ext3 file system code failed to properly handle corrupted data structures, leading to a possible local denial of service when read or write operations were performed on a specially crafted file system. (CVE-2008-3528, Low)\n\n* a deficiency was found in the libATA implementation. This could, potentially, lead to a local denial of service. Note: by default, the '/dev/sg*' devices are accessible only to the root user.\n(CVE-2008-5700, Low)\n\nBug fixes :\n\n* a bug in aic94xx may have caused kernel panics during boot on some systems with certain SATA disks. (BZ#485909)\n\n* a word endianness problem in the qla2xx driver on PowerPC-based machines may have corrupted flash-based devices. (BZ#485908)\n\n* a memory leak in pipe() may have caused a system deadlock. The workaround in Section 1.5, Known Issues, of the Red Hat Enterprise Linux 5.3 Release Notes Updates, which involved manually allocating extra file descriptors to processes calling do_pipe, is no longer necessary. (BZ#481576)\n\n* CPU soft-lockups in the network rate estimator. (BZ#481746)\n\n* bugs in the ixgbe driver caused it to function unreliably on some systems with 16 or more CPU cores. (BZ#483210)\n\n* the iwl4965 driver may have caused a kernel panic. (BZ#483206)\n\n* a bug caused NFS attributes to not update for some long-lived NFS mounted file systems. (BZ#483201)\n\n* unmounting a GFS2 file system may have caused a panic. (BZ#485910)\n\n* a bug in ptrace() may have caused a panic when single stepping a target. (BZ#487394)\n\n* on some 64-bit systems, notsc was incorrectly set at boot, causing slow gettimeofday() calls. (BZ#488239)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#490433)\n\n* scaling problems caused performance problems for LAPI applications.\n(BZ#489457)\n\n* a panic may have occurred on systems using certain Intel WiFi Link 5000 products when booting with the RF Kill switch on. (BZ#489846)\n\n* the TSC is invariant with C/P/T states, and always runs at constant frequency from now on. (BZ#489310)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-04-01T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2009:0326)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3528", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0778"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0326.NASL", "href": "https://www.tenable.com/plugins/nessus/36069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0326. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36069);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3528\", \"CVE-2008-5700\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0778\");\n script_bugtraq_id(33846);\n script_xref(name:\"RHSA\", value:\"2009:0326\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:0326)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* memory leaks were found on some error paths in the icmp_send()\nfunction in the Linux kernel. This could, potentially, cause the\nnetwork connectivity to cease. (CVE-2009-0778, Important)\n\n* Chris Evans reported a deficiency in the clone() system call when\ncalled with the CLONE_PARENT flag. This flaw permits the caller (the\nparent process) to indicate an arbitrary signal it wants to receive\nwhen its child process exits. This could lead to a denial of service\nof the parent process. (CVE-2009-0028, Moderate)\n\n* an off-by-one underflow flaw was found in the eCryptfs subsystem.\nThis could potentially cause a local denial of service when the\nreadlink() function returned an error. (CVE-2009-0269, Moderate)\n\n* a deficiency was found in the Remote BIOS Update (RBU) driver for\nDell systems. This could allow a local, unprivileged user to cause a\ndenial of service by reading zero bytes from the image_type or\npacket_size files in '/sys/devices/platform/dell_rbu/'.\n(CVE-2009-0322, Moderate)\n\n* an inverted logic flaw was found in the SysKonnect FDDI PCI adapter\ndriver, allowing driver statistics to be reset only when the\nCAP_NET_ADMIN capability was absent (local, unprivileged users could\nreset driver statistics). (CVE-2009-0675, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to\nuser-space when the getsockopt() function is called with SO_BSDCOMPAT\noptname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\n* the ext2 and ext3 file system code failed to properly handle\ncorrupted data structures, leading to a possible local denial of\nservice when read or write operations were performed on a specially\ncrafted file system. (CVE-2008-3528, Low)\n\n* a deficiency was found in the libATA implementation. This could,\npotentially, lead to a local denial of service. Note: by default, the\n'/dev/sg*' devices are accessible only to the root user.\n(CVE-2008-5700, Low)\n\nBug fixes :\n\n* a bug in aic94xx may have caused kernel panics during boot on some\nsystems with certain SATA disks. (BZ#485909)\n\n* a word endianness problem in the qla2xx driver on PowerPC-based\nmachines may have corrupted flash-based devices. (BZ#485908)\n\n* a memory leak in pipe() may have caused a system deadlock. The\nworkaround in Section 1.5, Known Issues, of the Red Hat Enterprise\nLinux 5.3 Release Notes Updates, which involved manually allocating\nextra file descriptors to processes calling do_pipe, is no longer\nnecessary. (BZ#481576)\n\n* CPU soft-lockups in the network rate estimator. (BZ#481746)\n\n* bugs in the ixgbe driver caused it to function unreliably on some\nsystems with 16 or more CPU cores. (BZ#483210)\n\n* the iwl4965 driver may have caused a kernel panic. (BZ#483206)\n\n* a bug caused NFS attributes to not update for some long-lived NFS\nmounted file systems. (BZ#483201)\n\n* unmounting a GFS2 file system may have caused a panic. (BZ#485910)\n\n* a bug in ptrace() may have caused a panic when single stepping a\ntarget. (BZ#487394)\n\n* on some 64-bit systems, notsc was incorrectly set at boot, causing\nslow gettimeofday() calls. (BZ#488239)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status\nregisters, preventing the BIOS from using them to determine the cause\nof certain panics and errors. (BZ#490433)\n\n* scaling problems caused performance problems for LAPI applications.\n(BZ#489457)\n\n* a panic may have occurred on systems using certain Intel WiFi Link\n5000 products when booting with the RF Kill switch on. (BZ#489846)\n\n* the TSC is invariant with C/P/T states, and always runs at constant\nfrequency from now on. (BZ#489310)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0778\"\n );\n # http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Release_Notes/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a635bce\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0326\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-3528\", \"CVE-2008-5700\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0778\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:0326\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0326\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.1.6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.1.6.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T15:05:29", "description": "Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important)\n\n* Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate)\n\n* an off-by-one underflow flaw was found in the eCryptfs subsystem.\nThis could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate)\n\n* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in '/sys/devices/platform/dell_rbu/'.\n(CVE-2009-0322, Moderate)\n\n* an inverted logic flaw was found in the SysKonnect FDDI PCI adapter driver, allowing driver statistics to be reset only when the CAP_NET_ADMIN capability was absent (local, unprivileged users could reset driver statistics). (CVE-2009-0675, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\n* the ext2 and ext3 file system code failed to properly handle corrupted data structures, leading to a possible local denial of service when read or write operations were performed on a specially crafted file system. (CVE-2008-3528, Low)\n\n* a deficiency was found in the libATA implementation. This could, potentially, lead to a local denial of service. Note: by default, the '/dev/sg*' devices are accessible only to the root user.\n(CVE-2008-5700, Low)\n\nBug fixes :\n\n* a bug in aic94xx may have caused kernel panics during boot on some systems with certain SATA disks. (BZ#485909)\n\n* a word endianness problem in the qla2xx driver on PowerPC-based machines may have corrupted flash-based devices. (BZ#485908)\n\n* a memory leak in pipe() may have caused a system deadlock. The workaround in Section 1.5, Known Issues, of the Red Hat Enterprise Linux 5.3 Release Notes Updates, which involved manually allocating extra file descriptors to processes calling do_pipe, is no longer necessary. (BZ#481576)\n\n* CPU soft-lockups in the network rate estimator. (BZ#481746)\n\n* bugs in the ixgbe driver caused it to function unreliably on some systems with 16 or more CPU cores. (BZ#483210)\n\n* the iwl4965 driver may have caused a kernel panic. (BZ#483206)\n\n* a bug caused NFS attributes to not update for some long-lived NFS mounted file systems. (BZ#483201)\n\n* unmounting a GFS2 file system may have caused a panic. (BZ#485910)\n\n* a bug in ptrace() may have caused a panic when single stepping a target. (BZ#487394)\n\n* on some 64-bit systems, notsc was incorrectly set at boot, causing slow gettimeofday() calls. (BZ#488239)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#490433)\n\n* scaling problems caused performance problems for LAPI applications.\n(BZ#489457)\n\n* a panic may have occurred on systems using certain Intel WiFi Link 5000 products when booting with the RF Kill switch on. (BZ#489846)\n\n* the TSC is invariant with C/P/T states, and always runs at constant frequency from now on. (BZ#489310)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2009:0326)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3528", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0778"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-debuginfo", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-debuginfo", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debuginfo", "p-cpe:/a:centos:centos:kernel-debuginfo-common", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-debuginfo", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-0326.NASL", "href": "https://www.tenable.com/plugins/nessus/43729", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0326 and \n# CentOS Errata and Security Advisory 2009:0326 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43729);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3528\", \"CVE-2008-5700\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0778\");\n script_bugtraq_id(33846);\n script_xref(name:\"RHSA\", value:\"2009:0326\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2009:0326)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* memory leaks were found on some error paths in the icmp_send()\nfunction in the Linux kernel. This could, potentially, cause the\nnetwork connectivity to cease. (CVE-2009-0778, Important)\n\n* Chris Evans reported a deficiency in the clone() system call when\ncalled with the CLONE_PARENT flag. This flaw permits the caller (the\nparent process) to indicate an arbitrary signal it wants to receive\nwhen its child process exits. This could lead to a denial of service\nof the parent process. (CVE-2009-0028, Moderate)\n\n* an off-by-one underflow flaw was found in the eCryptfs subsystem.\nThis could potentially cause a local denial of service when the\nreadlink() function returned an error. (CVE-2009-0269, Moderate)\n\n* a deficiency was found in the Remote BIOS Update (RBU) driver for\nDell systems. This could allow a local, unprivileged user to cause a\ndenial of service by reading zero bytes from the image_type or\npacket_size files in '/sys/devices/platform/dell_rbu/'.\n(CVE-2009-0322, Moderate)\n\n* an inverted logic flaw was found in the SysKonnect FDDI PCI adapter\ndriver, allowing driver statistics to be reset only when the\nCAP_NET_ADMIN capability was absent (local, unprivileged users could\nreset driver statistics). (CVE-2009-0675, Moderate)\n\n* the sock_getsockopt() function in the Linux kernel did not properly\ninitialize a data structure that can be directly returned to\nuser-space when the getsockopt() function is called with SO_BSDCOMPAT\noptname set. This flaw could possibly lead to memory disclosure.\n(CVE-2009-0676, Moderate)\n\n* the ext2 and ext3 file system code failed to properly handle\ncorrupted data structures, leading to a possible local denial of\nservice when read or write operations were performed on a specially\ncrafted file system. (CVE-2008-3528, Low)\n\n* a deficiency was found in the libATA implementation. This could,\npotentially, lead to a local denial of service. Note: by default, the\n'/dev/sg*' devices are accessible only to the root user.\n(CVE-2008-5700, Low)\n\nBug fixes :\n\n* a bug in aic94xx may have caused kernel panics during boot on some\nsystems with certain SATA disks. (BZ#485909)\n\n* a word endianness problem in the qla2xx driver on PowerPC-based\nmachines may have corrupted flash-based devices. (BZ#485908)\n\n* a memory leak in pipe() may have caused a system deadlock. The\nworkaround in Section 1.5, Known Issues, of the Red Hat Enterprise\nLinux 5.3 Release Notes Updates, which involved manually allocating\nextra file descriptors to processes calling do_pipe, is no longer\nnecessary. (BZ#481576)\n\n* CPU soft-lockups in the network rate estimator. (BZ#481746)\n\n* bugs in the ixgbe driver caused it to function unreliably on some\nsystems with 16 or more CPU cores. (BZ#483210)\n\n* the iwl4965 driver may have caused a kernel panic. (BZ#483206)\n\n* a bug caused NFS attributes to not update for some long-lived NFS\nmounted file systems. (BZ#483201)\n\n* unmounting a GFS2 file system may have caused a panic. (BZ#485910)\n\n* a bug in ptrace() may have caused a panic when single stepping a\ntarget. (BZ#487394)\n\n* on some 64-bit systems, notsc was incorrectly set at boot, causing\nslow gettimeofday() calls. (BZ#488239)\n\n* do_machine_check() cleared all Machine Check Exception (MCE) status\nregisters, preventing the BIOS from using them to determine the cause\nof certain panics and errors. (BZ#490433)\n\n* scaling problems caused performance problems for LAPI applications.\n(BZ#489457)\n\n* a panic may have occurred on systems using certain Intel WiFi Link\n5000 products when booting with the RF Kill switch on. (BZ#489846)\n\n* the TSC is invariant with C/P/T states, and always runs at constant\nfrequency from now on. (BZ#489310)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015712.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4cf35f94\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015713.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1dc8024d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-debuginfo-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-debuginfo-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debuginfo-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debuginfo-common-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-debuginfo-2.6.18-128.1.6.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-128.1.6.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T16:40:11", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\nCVE-2008-3528 The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.\n\nCVE-2008-5700 libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.\n\nCVE-2009-0028 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. CVE-2009-0322 drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0675 The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an 'inverted logic' issue. CVE-2009-0676 The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.\n\n - CVE-2008-3528 - [fs] ext[234]: directory corruption DoS (Eugene Teo) \n\n - CVE-2008-5700 - [block] enforce a minimum SG_IO timeout (Eugene Teo) \n\n - CVE-2009-0322 - [firmware] dell_rbu: prevent oops (Don Howard) \n\n - CVE-2009-0028 - [misc] minor signal handling vulnerability (Oleg Nesterov) [479963 479964]\n\n - CVE-2009-0676 - [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene Teo) [486517 486518]\n\n - CVE-2009-0675 - [net] skfp_ioctl inverted logic flaw (Eugene Teo) \n\n - CVE-2009-0778 - not required\n\n - CVE-2009-0269 - not required\n\n - Enable enic\n\n - Finish porting infrastructure for fnic but disable it on 32bit\n\n - Add netconsole support for bonding in dom0 (Tina Yang) [orabug 8231228]\n\n - Add Cisco fnic/enic support, requires fc infrastructure from el5u3", "cvss3": {}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 2.1 : kernel (OVMSA-2009-0004)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3528", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0778"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-BOOT", "p-cpe:/a:oracle:vm:kernel-BOOT-devel", "p-cpe:/a:oracle:vm:kernel-kdump", "p-cpe:/a:oracle:vm:kernel-kdump-devel", "p-cpe:/a:oracle:vm:kernel-ovs", "p-cpe:/a:oracle:vm:kernel-ovs-devel", "cpe:/o:oracle:vm_server:2.1"], "id": "ORACLEVM_OVMSA-2009-0004.NASL", "href": "https://www.tenable.com/plugins/nessus/79453", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2009-0004.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79453);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3528\", \"CVE-2008-5700\", \"CVE-2009-0028\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0778\");\n script_bugtraq_id(33846);\n\n script_name(english:\"OracleVM 2.1 : kernel (OVMSA-2009-0004)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\nCVE-2008-3528 The error-reporting functionality in (1) fs/ext2/dir.c,\n(2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel\n2.6.26.5 does not limit the number of printk console messages that\nreport directory corruption, which allows physically proximate\nattackers to cause a denial of service (temporary system hang) by\nmounting a filesystem that has corrupted dir->i_size and dir->i_blocks\nvalues and performing (a) read or (b) write operations. NOTE: there\nare limited scenarios in which this crosses privilege boundaries.\n\nCVE-2008-5700 libata in the Linux kernel before 2.6.27.9 does not set\nminimum timeouts for SG_IO requests, which allows local users to cause\na denial of service (Programmed I/O mode on drives) via multiple\nsimultaneous invocations of an unspecified test program.\n\nCVE-2009-0028 The clone system call in the Linux kernel 2.6.28 and\nearlier allows local users to send arbitrary signals to a parent\nprocess from an unprivileged child process by launching an additional\nchild process with the CLONE_PARENT flag, and then letting this new\nprocess exit. CVE-2009-0322 drivers/firmware/dell_rbu.c in the Linux\nkernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local\nusers to cause a denial of service (system crash) via a read system\ncall that specifies zero bytes from the (1) image_type or (2)\npacket_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0675 The\nskfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel\nbefore 2.6.28.6 permits SKFP_CLR_STATS requests only when the\nCAP_NET_ADMIN capability is absent, instead of when this capability is\npresent, which allows local users to reset the driver statistics,\nrelated to an 'inverted logic' issue. CVE-2009-0676 The\nsock_getsockopt function in net/core/sock.c in the Linux kernel before\n2.6.28.6 does not initialize a certain structure member, which allows\nlocal users to obtain potentially sensitive information from kernel\nmemory via an SO_BSDCOMPAT getsockopt request.\n\n - CVE-2008-3528 - [fs] ext[234]: directory corruption DoS\n (Eugene Teo) \n\n - CVE-2008-5700 - [block] enforce a minimum SG_IO timeout\n (Eugene Teo) \n\n - CVE-2009-0322 - [firmware] dell_rbu: prevent oops (Don\n Howard) \n\n - CVE-2009-0028 - [misc] minor signal handling\n vulnerability (Oleg Nesterov) [479963 479964]\n\n - CVE-2009-0676 - [net] memory disclosure in SO_BSDCOMPAT\n gsopt (Eugene Teo) [486517 486518]\n\n - CVE-2009-0675 - [net] skfp_ioctl inverted logic flaw\n (Eugene Teo) \n\n - CVE-2009-0778 - not required\n\n - CVE-2009-0269 - not required\n\n - Enable enic\n\n - Finish porting infrastructure for fnic but disable it on\n 32bit\n\n - Add netconsole support for bonding in dom0 (Tina Yang)\n [orabug 8231228]\n\n - Add Cisco fnic/enic support, requires fc infrastructure\n from el5u3\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2009-April/000017.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a2723e7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-BOOT-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.1\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.1\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-BOOT-2.6.18-8.1.15.1.30.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-BOOT-devel-2.6.18-8.1.15.1.30.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-kdump-2.6.18-8.1.15.1.30.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-kdump-devel-2.6.18-8.1.15.1.30.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-ovs-2.6.18-8.1.15.1.30.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-ovs-devel-2.6.18-8.1.15.1.30.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-BOOT / kernel-BOOT-devel / kernel-kdump / kernel-kdump-devel / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:10:30", "description": "The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.29 fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. (CVE-2009-2692)\n\n - A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible of ecryptfs is in use.\n (CVE-2009-2406)\n\n - A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible of ecryptfs is in use.\n (CVE-2009-2407)\n\nThe compiler option -fno-delete-null-pointer-checks was added to the kernel build, and the -fwrapv compiler option usage was fixed to be used everywhere. This works around the compiler removing checks too aggressively.\n\n - A crash in the r8169 driver when receiving large packets was fixed. This is probably exploitable only in the local network. (CVE-2009-1389)\n\nNo CVE yet: A sigaltstack kernel memory disclosure was fixed.\n\nThe NULL page protection using mmap_min_addr was enabled (was disabled before).\n\nThis update also adds the Microsoft Hyper-V drivers from upstream.\n\nAdditionaly a lot of bugs were fixed.", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1212 / 1218 / 1219)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1389", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-vmi", "p-cpe:/a:novell:suse_linux:11:kernel-vmi-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KERNEL-090816.NASL", "href": "https://www.tenable.com/plugins/nessus/41414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41414);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1389\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2692\");\n\n script_name(english:\"SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1212 / 1218 / 1219)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.29 fixing\nvarious bugs and security issues.\n\nThe following security issues were fixed :\n\n - A missing NULL pointer check in the socket sendpage\n function can be used by local attackers to gain root\n privileges. (CVE-2009-2692)\n\n - A kernel stack overflow when mounting eCryptfs\n filesystems in parse_tag_11_packet() was fixed. Code\n execution might be possible of ecryptfs is in use.\n (CVE-2009-2406)\n\n - A kernel heap overflow when mounting eCryptfs\n filesystems in parse_tag_3_packet() was fixed. Code\n execution might be possible of ecryptfs is in use.\n (CVE-2009-2407)\n\nThe compiler option -fno-delete-null-pointer-checks was added to the\nkernel build, and the -fwrapv compiler option usage was fixed to be\nused everywhere. This works around the compiler removing checks too\naggressively.\n\n - A crash in the r8169 driver when receiving large packets\n was fixed. This is probably exploitable only in the\n local network. (CVE-2009-1389)\n\nNo CVE yet: A sigaltstack kernel memory disclosure was fixed.\n\nThe NULL page protection using mmap_min_addr was enabled (was disabled\nbefore).\n\nThis update also adds the Microsoft Hyper-V drivers from upstream.\n\nAdditionaly a lot of bugs were fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=402922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=467846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=484306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=489105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=490030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=492324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=492658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=495259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=496871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=498358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=498402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=501160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=501663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=502092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=504646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=509407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=509495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=509497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=511079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=511306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=512070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=513437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=513954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=514265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=514375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=514767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=515266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=517098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=518291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=520975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=521190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=521578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=523719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=524347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=525903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=526514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=529188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=529369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=529660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=530151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=530535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=531533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1389.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2406.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2407.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2692.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 1212 / 1218 / 1219 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-default-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-default-base-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-default-extra-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-base-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-extra-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-source-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-syms-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-base-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-extra-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-default-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-default-base-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-default-extra-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-source-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-syms-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-extra-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"ext4dev-kmp-default-0_2.6.27.29_0.1-7.1.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"kernel-default-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"kernel-default-base-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"kernel-source-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"kernel-syms-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"ext4dev-kmp-pae-0_2.6.27.29_0.1-7.1.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"ext4dev-kmp-vmi-0_2.6.27.29_0.1-7.1.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"ext4dev-kmp-xen-0_2.6.27.29_0.1-7.1.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-pae-base-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-vmi-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-vmi-base-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"kernel-xen-base-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"kernel-default-man-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"ext4dev-kmp-xen-0_2.6.27.29_0.1-7.1.13\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-2.6.27.29-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.27.29-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:07:47", "description": "The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.29 fixing various bugs and security issues.\n\nFollowing security issues were fixed: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges.\n\nCVE-2009-2406: A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible of ecryptfs is in use.\n\nCVE-2009-2407: A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible of ecryptfs is in use.\n\nThe compiler option -fno-delete-null-pointer-checks was added to the kernel build, and the -fwrapv compiler option usage was fixed to be used everywhere. This works around the compiler removing checks too aggressively.\n\nCVE-2009-1389: A crash in the r8169 driver when receiving large packets was fixed. This is probably exploitable only in the local network.\n\nNo CVE yet: A sigaltstack kernel memory disclosure was fixed.\n\nThe NULL page protection using mmap_min_addr was enabled (was disabled before).\n\nThis update also adds the Microsoft Hyper-V drivers from upstream.", "cvss3": {}, "published": "2009-08-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (kernel-1214)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1389", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:aufs-kmp-debug", "p-cpe:/a:novell:opensuse:aufs-kmp-trace", "p-cpe:/a:novell:opensuse:brocade-bfa-kmp-debug", "p-cpe:/a:novell:opensuse:brocade-bfa-kmp-trace", "p-cpe:/a:novell:opensuse:dazuko-kmp-debug", "p-cpe:/a:novell:opensuse:dazuko-kmp-trace", "p-cpe:/a:novell:opensuse:drbd-kmp-debug", "p-cpe:/a:novell:opensuse:drbd-kmp-trace", "p-cpe:/a:novell:opensuse:intel-iamt-heci-kmp-debug", "p-cpe:/a:novell:opensuse:intel-iamt-heci-kmp-trace", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-debug", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-trace", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-extra", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-extra", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-extra", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-extra", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-extra", "p-cpe:/a:novell:opensuse:kqemu-kmp-debug", "p-cpe:/a:novell:opensuse:kqemu-kmp-trace", "p-cpe:/a:novell:opensuse:kvm-kmp-trace", "p-cpe:/a:novell:opensuse:lirc-kmp-trace", "p-cpe:/a:novell:opensuse:ofed-kmp-debug", "p-cpe:/a:novell:opensuse:ofed-kmp-trace", "p-cpe:/a:novell:opensuse:oracleasm-kmp-debug", "p-cpe:/a:novell:opensuse:oracleasm-kmp-trace", "p-cpe:/a:novell:opensuse:pcfclock-kmp-debug", "p-cpe:/a:novell:opensuse:pcfclock-kmp-trace", "p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug", "p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-trace", "p-cpe:/a:novell:opensuse:vmware-kmp-debug", "p-cpe:/a:novell:opensuse:vmware-kmp-trace", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_KERNEL-090816.NASL", "href": "https://www.tenable.com/plugins/nessus/40789", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-1214.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40789);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1389\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2692\");\n\n script_name(english:\"openSUSE Security Update : kernel (kernel-1214)\");\n script_summary(english:\"Check for the kernel-1214 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.29 fixing\nvarious bugs and security issues.\n\nFollowing security issues were fixed: CVE-2009-2692: A missing NULL\npointer check in the socket sendpage function can be used by local\nattackers to gain root privileges.\n\nCVE-2009-2406: A kernel stack overflow when mounting eCryptfs\nfilesystems in parse_tag_11_packet() was fixed. Code execution might\nbe possible of ecryptfs is in use.\n\nCVE-2009-2407: A kernel heap overflow when mounting eCryptfs\nfilesystems in parse_tag_3_packet() was fixed. Code execution might be\npossible of ecryptfs is in use.\n\nThe compiler option -fno-delete-null-pointer-checks was added to the\nkernel build, and the -fwrapv compiler option usage was fixed to be\nused everywhere. This works around the compiler removing checks too\naggressively.\n\nCVE-2009-1389: A crash in the r8169 driver when receiving large\npackets was fixed. This is probably exploitable only in the local\nnetwork.\n\nNo CVE yet: A sigaltstack kernel memory disclosure was fixed.\n\nThe NULL page protection using mmap_min_addr was enabled (was disabled\nbefore).\n\nThis update also adds the Microsoft Hyper-V drivers from upstream.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=402922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=467846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=484306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=489105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=490030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=492324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=492658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=495259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=496871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=498358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=498402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=501160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=501663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=502092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=504646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=509407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=509495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=509497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=511079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=511306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=512070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=513437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=513954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=514265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=514375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=514767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=515266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=517098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=518291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=520975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=521190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=521578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=522914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=523719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=524347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=525903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=526514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=529188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=529369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=529660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=530151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=530535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=531533\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:aufs-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:aufs-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:brocade-bfa-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:brocade-bfa-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dazuko-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dazuko-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:intel-iamt-heci-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:intel-iamt-heci-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kqemu-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kqemu-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvm-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lirc-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ofed-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ofed-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:oracleasm-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:oracleasm-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vmware-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vmware-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"aufs-kmp-debug-cvs20081020_2.6.27.29_0.1-1.32.14\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"aufs-kmp-trace-cvs20081020_2.6.27.29_0.1-1.32.14\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"brocade-bfa-kmp-debug-1.1.0.2_2.6.27.29_0.1-1.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"brocade-bfa-kmp-trace-1.1.0.2_2.6.27.29_0.1-1.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"dazuko-kmp-debug-2.3.6_2.6.27.29_0.1-1.49.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"dazuko-kmp-trace-2.3.6_2.6.27.29_0.1-1.49.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"drbd-kmp-debug-8.2.7_2.6.27.29_0.1-1.19.25\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"drbd-kmp-trace-8.2.7_2.6.27.29_0.1-1.19.25\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"intel-iamt-heci-kmp-debug-3.1.0.31_2.6.27.29_0.1-2.40.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"intel-iamt-heci-kmp-trace-3.1.0.31_2.6.27.29_0.1-2.40.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"iscsitarget-kmp-debug-0.4.15_2.6.27.29_0.1-89.11.18\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"iscsitarget-kmp-trace-0.4.15_2.6.27.29_0.1-89.11.18\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-debug-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-debug-base-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-debug-extra-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-default-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-default-base-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-default-extra-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-ec2-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-ec2-base-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-ec2-extra-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-pae-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-pae-base-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-pae-extra-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-source-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-syms-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-trace-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-trace-base-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-trace-extra-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-vanilla-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-xen-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-xen-base-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kernel-xen-extra-2.6.27.29-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kqemu-kmp-debug-1.4.0pre1_2.6.27.29_0.1-2.1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kqemu-kmp-trace-1.4.0pre1_2.6.27.29_0.1-2.1.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"kvm-kmp-trace-78_2.6.27.29_0.1-6.7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"lirc-kmp-trace-0.8.4_2.6.27.29_0.1-0.1.14\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"ofed-kmp-debug-1.4_2.6.27.29_0.1-21.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"ofed-kmp-trace-1.4_2.6.27.29_0.1-21.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"oracleasm-kmp-debug-2.0.5_2.6.27.29_0.1-2.36.14\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"oracleasm-kmp-trace-2.0.5_2.6.27.29_0.1-2.36.14\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"pcfclock-kmp-debug-0.44_2.6.27.29_0.1-227.56.14\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"pcfclock-kmp-trace-0.44_2.6.27.29_0.1-227.56.14\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"virtualbox-ose-kmp-debug-2.0.6_2.6.27.29_0.1-2.8.55\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"virtualbox-ose-kmp-trace-2.0.6_2.6.27.29_0.1-2.8.55\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vmware-kmp-debug-2008.09.03_2.6.27.29_0.1-5.50.37\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"vmware-kmp-trace-2008.09.03_2.6.27.29_0.1-5.50.37\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aufs-kmp-debug / aufs-kmp-trace / brocade-bfa-kmp-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-05T14:11:09", "description": "Security fixes :\n\n - several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. (CVE-2009-1439, CVE-2009-1633, Important)\n\n - the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users.\n This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate)\n\n - Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations.\n This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems.\n (CVE-2009-1630, Moderate)\n\n - a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel.\n (CVE-2009-1758, Moderate)\n\n - a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak. (CVE-2009-1192, Low)\n\nBug fixes :\n\n - a race in the NFS client between destroying cached access rights and unmounting an NFS file system could have caused a system crash. 'Busy inodes' messages may have been logged. (BZ#498653)\n\n - nanosleep() could sleep several milliseconds less than the specified time on Intel Itanium®-based systems.\n (BZ#500349)\n\n - LEDs for disk drives in AHCI mode may have displayed a fault state when there were no faults. (BZ#500120)\n\n - ptrace_do_wait() reported tasks were stopped each time the process doing the trace called wait(), instead of reporting it once. (BZ#486945)\n\n - epoll_wait() may have caused a system lockup and problems for applications. (BZ#497322)\n\n - missing capabilities could possibly allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented.\n (BZ#497271)\n\n - on NFS mounted file systems, heavy write loads may have blocked nfs_getattr() for long periods, causing commands that use stat(2), such as ls, to hang. (BZ#486926)\n\n - in rare circumstances, if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2), the buffer storing the result of the I/O may have ended up with invalid data. (BZ#486921)\n\n - when using GFS2, gfs2_quotad may have entered an uninterpretable sleep state. (BZ#501742)\n\n - with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned.\n (BZ#499783)\n\n - the '-fwrapv' flag was added to the gcc build options to prevent gcc from optimizing away wrapping. (BZ#501751)\n\n - a kernel panic when enabling and disabling iSCSI paths.\n (BZ#502916)\n\n - using the Broadcom NetXtreme BCM5704 network device with the tg3 driver caused high system load and very bad performance. (BZ#502837)\n\n - '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by processes able to use the ptrace() call on a given process; however, certain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan' could be used to reconstruct memory maps. (BZ#499546)\n\nThe system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1072", "CVE-2009-1192", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1758"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090616_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60599);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1072\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1758\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes :\n\n - several flaws were found in the way the Linux kernel\n CIFS implementation handles Unicode strings. CIFS\n clients convert Unicode strings sent by a server to\n their local character sets, and then write those strings\n into memory. If a malicious server sent a long enough\n string, it could write past the end of the target memory\n region and corrupt other memory areas, possibly leading\n to a denial of service or privilege escalation on the\n client mounting the CIFS share. (CVE-2009-1439,\n CVE-2009-1633, Important)\n\n - the Linux kernel Network File System daemon (nfsd)\n implementation did not drop the CAP_MKNOD capability\n when handling requests from local, unprivileged users.\n This flaw could possibly lead to an information leak or\n privilege escalation. (CVE-2009-1072, Moderate)\n\n - Frank Filz reported the NFSv4 client was missing a file\n permission check for the execute bit in some situations.\n This could allow local, unprivileged users to run\n non-executable files on NFSv4 mounted file systems.\n (CVE-2009-1630, Moderate)\n\n - a missing check was found in the hypervisor_callback()\n function in the Linux kernel provided by the kernel-xen\n package. This could cause a denial of service of a\n 32-bit guest if an application running in that guest\n accesses a certain memory location in the kernel.\n (CVE-2009-1758, Moderate)\n\n - a flaw was found in the AGPGART driver. The\n agp_generic_alloc_page() and agp_generic_alloc_pages()\n functions did not zero out the memory pages they\n allocate, which may later be available to user-space\n processes. This flaw could possibly lead to an\n information leak. (CVE-2009-1192, Low)\n\nBug fixes :\n\n - a race in the NFS client between destroying cached\n access rights and unmounting an NFS file system could\n have caused a system crash. 'Busy inodes' messages may\n have been logged. (BZ#498653)\n\n - nanosleep() could sleep several milliseconds less than\n the specified time on Intel Itanium®-based systems.\n (BZ#500349)\n\n - LEDs for disk drives in AHCI mode may have displayed a\n fault state when there were no faults. (BZ#500120)\n\n - ptrace_do_wait() reported tasks were stopped each time\n the process doing the trace called wait(), instead of\n reporting it once. (BZ#486945)\n\n - epoll_wait() may have caused a system lockup and\n problems for applications. (BZ#497322)\n\n - missing capabilities could possibly allow users with an\n fsuid other than 0 to perform actions on some file\n system types that would otherwise be prevented.\n (BZ#497271)\n\n - on NFS mounted file systems, heavy write loads may have\n blocked nfs_getattr() for long periods, causing commands\n that use stat(2), such as ls, to hang. (BZ#486926)\n\n - in rare circumstances, if an application performed\n multiple O_DIRECT reads per virtual memory page and also\n performed fork(2), the buffer storing the result of the\n I/O may have ended up with invalid data. (BZ#486921)\n\n - when using GFS2, gfs2_quotad may have entered an\n uninterpretable sleep state. (BZ#501742)\n\n - with this update, get_random_int() is more random and no\n longer uses a common seed value, reducing the\n possibility of predicting the values returned.\n (BZ#499783)\n\n - the '-fwrapv' flag was added to the gcc build options to\n prevent gcc from optimizing away wrapping. (BZ#501751)\n\n - a kernel panic when enabling and disabling iSCSI paths.\n (BZ#502916)\n\n - using the Broadcom NetXtreme BCM5704 network device with\n the tg3 driver caused high system load and very bad\n performance. (BZ#502837)\n\n - '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be\n read by processes able to use the ptrace() call on a\n given process; however, certain information from\n '/proc/[pid]/stat' and '/proc/[pid]/wchan' could be used\n to reconstruct memory maps. (BZ#499546)\n\nThe system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=486921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=486926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=486945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=497271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=497322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=498653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=499546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=499783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=500120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=500349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=502837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=502916\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0906&L=scientific-linux-errata&T=0&P=1325\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40c09254\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(16, 119, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-128.1.14.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-07T14:28:59", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\nCVE-2009-1192 The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.\n\nCVE-2009-1072 nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.\n\nCVE-2009-1758 The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in 'certain address ranges.'\n\nCVE-2009-1439 Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.\n\nCVE-2009-1633 Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.\n\nCVE-2009-1630 The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.\n\n - [agp] zero pages before sending to userspace (Jiri Olsa) [497025 497026] (CVE-2009-1192)\n\n - [misc] add some long-missing capabilities to CAP_FS_MASK (Eric Paris) [499075 497271 499076 497272] (CVE-2009-1072)\n\n - [x86] xen: fix local denial of service (Chris Lalancette) [500950 500951] (CVE-2009-1758)\n\n - [fs] cifs: unicode alignment and buffer sizing problems (Jeff Layton) [494279 494280] (CVE-2009-1439)\n\n - [fs] cifs: buffer overruns when converting strings (Jeff Layton) [496576 496577] (CVE-2009-1633)\n\n - [fs] cifs: fix error handling in parse_DFS_referrals (Jeff Layton) [496576 496577] (CVE-2009-1633)\n\n - [fs] cifs: fix pointer and checks in cifs_follow_symlink (Jeff Layton) [496576 496577] (CVE-2009-1633)\n\n - [nfs] v4: client handling of MAY_EXEC in nfs_permission (Peter Staubach) [500301 500302] (CVE-2009-1630)\n\n - backport cifs support from OEL5U3", "cvss3": {}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 2.1 : kernel (OVMSA-2009-0014)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1072", "CVE-2009-1192", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1758"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-BOOT", "p-cpe:/a:oracle:vm:kernel-BOOT-devel", "p-cpe:/a:oracle:vm:kernel-kdump", "p-cpe:/a:oracle:vm:kernel-kdump-devel", "p-cpe:/a:oracle:vm:kernel-ovs", "p-cpe:/a:oracle:vm:kernel-ovs-devel", "cpe:/o:oracle:vm_server:2.1"], "id": "ORACLEVM_OVMSA-2009-0014.NASL", "href": "https://www.tenable.com/plugins/nessus/79460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2009-0014.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79460);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1072\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1758\");\n script_bugtraq_id(34205, 34453, 34612, 34673, 34934, 34957);\n\n script_name(english:\"OracleVM 2.1 : kernel (OVMSA-2009-0014)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\nCVE-2009-1192 The (1) agp_generic_alloc_page and (2)\nagp_generic_alloc_pages functions in drivers/char/agp/generic.c in the\nagp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out\npages that may later be available to a user-space process, which\nallows local users to obtain sensitive information by reading these\npages.\n\nCVE-2009-1072 nfsd in the Linux kernel before 2.6.28.9 does not drop\nthe CAP_MKNOD capability before handling a user request in a thread,\nwhich allows local users to create device nodes, as demonstrated on a\nfilesystem that has been exported with the root_squash option.\n\nCVE-2009-1758 The hypervisor_callback function in Xen, possibly before\n3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably\nother versions allows guest user applications to cause a denial of\nservice (kernel oops) of the guest OS by triggering a segmentation\nfault in 'certain address ranges.'\n\nCVE-2009-1439 Buffer overflow in fs/cifs/connect.c in CIFS in the\nLinux kernel 2.6.29 and earlier allows remote attackers to cause a\ndenial of service (crash) via a long nativeFileSystem field in a Tree\nConnect response to an SMB mount request.\n\nCVE-2009-1633 Multiple buffer overflows in the cifs subsystem in the\nLinux kernel before 2.6.29.4 allow remote CIFS servers to cause a\ndenial of service (memory corruption) and possibly have unspecified\nother impact via (1) a malformed Unicode string, related to Unicode\nstring area alignment in fs/cifs/sess.c or (2) long Unicode\ncharacters, related to fs/cifs/cifssmb.c and the cifs_readdir function\nin fs/cifs/readdir.c.\n\nCVE-2009-1630 The nfs_permission function in fs/nfs/dir.c in the NFS\nclient implementation in the Linux kernel 2.6.29.3 and earlier, when\natomic_open is available, does not check execute (aka EXEC or\nMAY_EXEC) permission bits, which allows local users to bypass\npermissions and execute files, as demonstrated by files on an NFSv4\nfileserver.\n\n - [agp] zero pages before sending to userspace (Jiri Olsa)\n [497025 497026] (CVE-2009-1192)\n\n - [misc] add some long-missing capabilities to CAP_FS_MASK\n (Eric Paris) [499075 497271 499076 497272]\n (CVE-2009-1072)\n\n - [x86] xen: fix local denial of service (Chris\n Lalancette) [500950 500951] (CVE-2009-1758)\n\n - [fs] cifs: unicode alignment and buffer sizing problems\n (Jeff Layton) [494279 494280] (CVE-2009-1439)\n\n - [fs] cifs: buffer overruns when converting strings (Jeff\n Layton) [496576 496577] (CVE-2009-1633)\n\n - [fs] cifs: fix error handling in parse_DFS_referrals\n (Jeff Layton) [496576 496577] (CVE-2009-1633)\n\n - [fs] cifs: fix pointer and checks in cifs_follow_symlink\n (Jeff Layton) [496576 496577] (CVE-2009-1633)\n\n - [nfs] v4: client handling of MAY_EXEC in nfs_permission\n (Peter Staubach) [500301 500302] (CVE-2009-1630)\n\n - backport cifs support from OEL5U3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2009-July/000027.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-BOOT-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-ovs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.1\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.1\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-BOOT-2.6.18-8.1.15.4.1.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-BOOT-devel-2.6.18-8.1.15.4.1.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-kdump-2.6.18-8.1.15.4.1.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-kdump-devel-2.6.18-8.1.15.4.1.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-ovs-2.6.18-8.1.15.4.1.el5\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"kernel-ovs-devel-2.6.18-8.1.15.4.1.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-BOOT / kernel-BOOT-devel / kernel-kdump / kernel-kdump-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:57:50", "description": "NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Ubuntu 8.10 was not affected.\n(CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. (CVE-2009-0028)\n\nThe kernel keyring did not free memory correctly. A local attacker could consume unlimited kernel memory, leading to a denial of service.\n(CVE-2009-0031)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065)\n\nThe eCryptfs filesystem did not correctly handle certain VFS return codes. A local attacker with write-access to an eCryptfs filesystem could cause a system crash, leading to a denial of service.\n(CVE-2009-0269)\n\nThe Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. (CVE-2009-0322)\n\nThe page fault handler could consume stack memory. A local attacker could exploit this to crash the system or gain root privileges with a Kprobe registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. (CVE-2009-0676)\n\nThe ext4 filesystem did not correctly clear group descriptors when resizing. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2009-0745)\n\nThe ext4 filesystem did not correctly validate certain fields. A local attacker could mount a malicious ext4 filesystem, causing a system crash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748)\n\nThe syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859)\n\nThe virtual consoles did not correctly handle certain UTF-8 sequences.\nA local attacker on the physical console could exploit this to cause a system crash, leading to a denial of service. (CVE-2009-1046).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.22 vulnerabilities (USN-751-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4307", "CVE-2008-6107", "CVE-2009-0028", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0605", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0834", "CVE-2009-0835", "CVE-2009-0859", "CVE-2009-1046"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-751-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-751-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37337);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0605\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1046\");\n script_bugtraq_id(33113, 33672, 33846, 33948, 33951, 34020);\n script_xref(name:\"USN\", value:\"751-1\");\n\n script_name(english:\"Ubuntu 7.10 / 8.04 LTS / 8.10 : linux, linux-source-2.6.22 vulnerabilities (USN-751-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NFS did not correctly handle races between fcntl and interrupts. A\nlocal attacker on an NFS mount could consume unlimited kernel memory,\nleading to a denial of service. Ubuntu 8.10 was not affected.\n(CVE-2008-4307)\n\nSparc syscalls did not correctly check mmap regions. A local attacker\ncould cause a system panic, leading to a denial of service. Ubuntu\n8.10 was not affected. (CVE-2008-6107)\n\nIn certain situations, cloned processes were able to send signals to\nparent processes, crossing privilege boundaries. A local attacker\ncould send arbitrary signals to parent processes, leading to a denial\nof service. (CVE-2009-0028)\n\nThe kernel keyring did not free memory correctly. A local attacker\ncould consume unlimited kernel memory, leading to a denial of service.\n(CVE-2009-0031)\n\nThe SCTP stack did not correctly validate FORWARD-TSN packets. A\nremote attacker could send specially crafted SCTP traffic causing a\nsystem crash, leading to a denial of service. (CVE-2009-0065)\n\nThe eCryptfs filesystem did not correctly handle certain VFS return\ncodes. A local attacker with write-access to an eCryptfs filesystem\ncould cause a system crash, leading to a denial of service.\n(CVE-2009-0269)\n\nThe Dell platform device did not correctly validate user parameters. A\nlocal attacker could perform specially crafted reads to crash the\nsystem, leading to a denial of service. (CVE-2009-0322)\n\nThe page fault handler could consume stack memory. A local attacker\ncould exploit this to crash the system or gain root privileges with a\nKprobe registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605)\n\nNetwork interfaces statistics for the SysKonnect FDDI driver did not\ncheck capabilities. A local user could reset statistics, potentially\ninterfering with packet accounting systems. (CVE-2009-0675)\n\nThe getsockopt function did not correctly clear certain parameters. A\nlocal attacker could read leaked kernel memory, leading to a loss of\nprivacy. (CVE-2009-0676)\n\nThe ext4 filesystem did not correctly clear group descriptors when\nresizing. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2009-0745)\n\nThe ext4 filesystem did not correctly validate certain fields. A local\nattacker could mount a malicious ext4 filesystem, causing a system\ncrash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747,\nCVE-2009-0748)\n\nThe syscall interface did not correctly validate parameters when\ncrossing the 64-bit/32-bit boundary. A local attacker could bypass\ncertain syscall restricts via crafted syscalls. (CVE-2009-0834,\nCVE-2009-0835)\n\nThe shared memory subsystem did not correctly handle certain shmctl\ncalls when CONFIG_SHMEM was disabled. Ubuntu kernels were not\nvulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859)\n\nThe virtual consoles did not correctly handle certain UTF-8 sequences.\nA local attacker on the physical console could exploit this to cause a\nsystem crash, leading to a denial of service. (CVE-2009-1046).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/751-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.27\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2008-4307\", \"CVE-2008-6107\", \"CVE-2009-0028\", \"CVE-2009-0031\", \"CVE-2009-0065\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0605\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-0834\", \"CVE-2009-0835\", \"CVE-2009-0859\", \"CVE-2009-1046\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-751-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-doc-2.6.22\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-386\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-generic\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-rt\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-server\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-ume\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-virtual\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-headers-2.6.22-16-xen\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-386\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-cell\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-generic\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-lpia\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-lpiacompat\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-rt\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-server\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-ume\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-virtual\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-2.6.22-16-xen\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-386\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-generic\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-server\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-image-debug-2.6.22-16-virtual\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"linux-source-2.6.22\", pkgver:\"2.6.22-16.62\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-doc-2.6.24\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-386\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-generic\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-openvz\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-rt\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-server\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-virtual\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-headers-2.6.24-23-xen\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-386\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-generic\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-lpia\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-lpiacompat\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-openvz\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-rt\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-server\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-virtual\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-23-xen\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-386\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-generic\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-server\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-debug-2.6.24-23-virtual\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-source-2.6.24\", pkgver:\"2.6.24-23.52\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-doc-2.6.27\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11-generic\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-headers-2.6.27-11-server\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-generic\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-server\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-image-2.6.27-11-virtual\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-libc-dev\", pkgver:\"2.6.27-11.31\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"linux-source-2.6.27\", pkgver:\"2.6.27-11.31\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.22 / linux-doc-2.6.24 / linux-doc-2.6.27 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T14:16:50", "description": "This update addresses the following security issues :\n\n - a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service. (CVE-2009-0031, Important)\n\n - a buffer overflow in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important)\n\n - a flaw when handling heavy network traffic on an SMP system with many cores. An attacker who could send a large amount of network traffic could create a denial of service. (CVE-2008-5713, Important)\n\n - the code for the HFS and HFS Plus (HFS+) file systems failed to properly handle corrupted data structures.\n This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n - a flaw was found in the HFS Plus (HFS+) file system implementation. This could, potentially, lead to a local denial of service when write operations are performed.\n (CVE-2008-4934, Low)\n\n - when fput() was called to close a socket, the\n __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a denial of service issue.\n (CVE-2008-5029, Important)\n\n - a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A local, unprivileged user could use the flaw to listen on the same socket more than once, possibly causing a denial of service. (CVE-2008-5079, Important)\n\n - a race condition was found in the Linux kernel 'inotify' watch removal and umount implementation. This could allow a local, unprivileged user to cause a privilege escalation or a denial of service. (CVE-2008-5182, Important)\n\n** Bug fixes and enhancements are provided for :\n\n - support for specific NICs, including products from the following manufacturers: Broadcom Chelsio Cisco Intel Marvell NetXen Realtek Sun\n\n - Fiber Channel support, including support for Qlogic qla2xxx, qla4xxx, and qla84xx HBAs and the FCoE, FCP, and zFCP protocols.\n\n - support for various CPUs, including: AMD Opteron processors with 45 nm SOI ('Shanghai') AMD Turion Ultra processors Cell processors Intel Core i7 processors\n\n - Xen support, including issues specific to the IA64 platform, systems using AMD processors, and Dell Optiplex GX280 systems\n\n - ext3, ext4, GFS2, NFS, and SPUFS\n\n - Infiniband (including eHCA, eHEA, and IPoIB) support\n\n - common I/O (CIO), direct I/O (DIO), and queued direct I/O (qdio) support\n\n - the kernel distributed lock manager (DLM)\n\n - hardware issues with: SCSI, IEEE 1394 (FireWire), RAID (including issues specific to Adaptec controllers), SATA (including NCQ), PCI, audio, serial connections, tape-drives, and USB\n\n - ACPI, some of a general nature and some related to specific hardware including: certain Lenovo Thinkpad notebooks, HP DC7700 systems, and certain machines based on Intel Centrino processor technology.\n\n - CIFS, including Kerberos support and a tech-preview of DFS support\n\n - networking support, including IPv6, PPPoE, and IPSec\n\n - support for Intel chipsets, including: Intel Cantiga chipsets Intel Eagle Lake chipsets Intel i915 chipsets Intel i965 chipsets Intel Ibex Peak chipsets Intel chipsets offering QuickPath Interconnects (QPI)\n\n - device mapping issues, including some in device mapper itself\n\n - various issues specific to IA64 and PPC\n\n - CCISS, including support for Compaq SMART Array controllers P711m and P712m and other new hardware\n\n - various issues affecting specific HP systems, including:\n DL785G5 XW4800 XW8600 XW8600 XW9400\n\n - IOMMU support, including specific issues with AMD and IBM Calgary hardware\n\n - the audit subsystem\n\n - DASD support\n\n - iSCSI support, including issues specific to Chelsio T3 adapters\n\n - LVM issues\n\n - SCTP management information base (MIB) support\n\n - issues with: autofs, kdump, kobject_add, libata, lpar, ptrace, and utrace\n\n - platforms using Intel Enhanced Error Handling (EEH)\n\n - EDAC issues for AMD K8 and Intel i5000\n\n - ALSA, including support for new hardware\n\n - futex support\n\n - hugepage support\n\n - Intelligent Platform Management Interface (IPMI) support\n\n - issues affecting NEC/Stratus servers\n\n - OFED support\n\n - SELinux\n\n - various Virtio issues\n\n - when using the nfsd daemon in a clustered setup, kernel panics appeared seemingly at random. These panics were caused by a race condition in the device-mapper mirror target.\n\n - the clock_gettime(CLOCK_THREAD_CPUTIME_ID, ) syscall returned a smaller timespec value than the result of previous clock_gettime() function execution, which resulted in a negative, and nonsensical, elapsed time value.\n\n - nfs_create_rpc_client was called with a 'flavor' parameter which was usually ignored and ended up unconditionally creating the RPC client with an AUTH_UNIX flavor. This caused problems on AUTH_GSS mounts when the credentials needed to be refreshed. The credops did not match the authorization type, which resulted in the credops dereferencing an incorrect part of the AUTH_UNIX rpc_auth struct.\n\n - when copy_user_c terminated prematurely due to reading beyond the end of the user buffer and the kernel jumped to the exception table entry, the rsi register was not cleared. This resulted in exiting back to user code with garbage in the rsi register.\n\n - the hexdump data in s390dbf traces was incomplete. The length of the data traced was incorrect and the SAN payload was read from a different place then it was written to.\n\n - when using connected mode (CM) in IPoIB on ehca2 hardware, it was not possible to transmit any data.\n\n - when an application called fork() and pthread_create() many times and, at some point, a thread forked a child and then attempted to call the setpgid() function, then this function failed and returned and ESRCH error value.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5713", "CVE-2009-0031", "CVE-2009-0065"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090210_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60532);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4933\", \"CVE-2008-4934\", \"CVE-2008-5025\", \"CVE-2008-5029\", \"CVE-2008-5079\", \"CVE-2008-5182\", \"CVE-2008-5713\", \"CVE-2009-0031\", \"CVE-2009-0065\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following security issues :\n\n - a memory leak in keyctl handling. A local user could use\n this flaw to deplete kernel memory, eventually leading\n to a denial of service. (CVE-2009-0031, Important)\n\n - a buffer overflow in the Linux kernel Partial Reliable\n Stream Control Transmission Protocol (PR-SCTP)\n implementation. This could, potentially, lead to a\n denial of service if a Forward-TSN chunk is received\n with a large stream ID. (CVE-2009-0065, Important)\n\n - a flaw when handling heavy network traffic on an SMP\n system with many cores. An attacker who could send a\n large amount of network traffic could create a denial of\n service. (CVE-2008-5713, Important)\n\n - the code for the HFS and HFS Plus (HFS+) file systems\n failed to properly handle corrupted data structures.\n This could, potentially, lead to a local denial of\n service. (CVE-2008-4933, CVE-2008-5025, Low)\n\n - a flaw was found in the HFS Plus (HFS+) file system\n implementation. This could, potentially, lead to a local\n denial of service when write operations are performed.\n (CVE-2008-4934, Low)\n\n - when fput() was called to close a socket, the\n __scm_destroy() function in the Linux kernel could make\n indirect recursive calls to itself. This could,\n potentially, lead to a denial of service issue.\n (CVE-2008-5029, Important)\n\n - a flaw was found in the Asynchronous Transfer Mode (ATM)\n subsystem. A local, unprivileged user could use the flaw\n to listen on the same socket more than once, possibly\n causing a denial of service. (CVE-2008-5079, Important)\n\n - a race condition was found in the Linux kernel 'inotify'\n watch removal and umount implementation. This could\n allow a local, unprivileged user to cause a privilege\n escalation or a denial of service. (CVE-2008-5182,\n Important)\n\n** Bug fixes and enhancements are provided for :\n\n - support for specific NICs, including products from the\n following manufacturers: Broadcom Chelsio Cisco Intel\n Marvell NetXen Realtek Sun\n\n - Fiber Channel support, including support for Qlogic\n qla2xxx, qla4xxx, and qla84xx HBAs and the FCoE, FCP,\n and zFCP protocols.\n\n - support for various CPUs, including: AMD Opteron\n processors with 45 nm SOI ('Shanghai') AMD Turion Ultra\n processors Cell processors Intel Core i7 processors\n\n - Xen support, including issues specific to the IA64\n platform, systems using AMD processors, and Dell\n Optiplex GX280 systems\n\n - ext3, ext4, GFS2, NFS, and SPUFS\n\n - Infiniband (including eHCA, eHEA, and IPoIB) support\n\n - common I/O (CIO), direct I/O (DIO), and queued direct\n I/O (qdio) support\n\n - the kernel distributed lock manager (DLM)\n\n - hardware issues with: SCSI, IEEE 1394 (FireWire), RAID\n (including issues specific to Adaptec controllers), SATA\n (including NCQ), PCI, audio, serial connections,\n tape-drives, and USB\n\n - ACPI, some of a general nature and some related to\n specific hardware including: certain Lenovo Thinkpad\n notebooks, HP DC7700 systems, and certain machines based\n on Intel Centrino processor technology.\n\n - CIFS, including Kerberos support and a tech-preview of\n DFS support\n\n - networking support, including IPv6, PPPoE, and IPSec\n\n - support for Intel chipsets, including: Intel Cantiga\n chipsets Intel Eagle Lake chipsets Intel i915 chipsets\n Intel i965 chipsets Intel Ibex Peak chipsets Intel\n chipsets offering QuickPath Interconnects (QPI)\n\n - device mapping issues, including some in device mapper\n itself\n\n - various issues specific to IA64 and PPC\n\n - CCISS, including support for Compaq SMART Array\n controllers P711m and P712m and other new hardware\n\n - various issues affecting specific HP systems, including:\n DL785G5 XW4800 XW8600 XW8600 XW9400\n\n - IOMMU support, including specific issues with AMD and\n IBM Calgary hardware\n\n - the audit subsystem\n\n - DASD support\n\n - iSCSI support, including issues specific to Chelsio T3\n adapters\n\n - LVM issues\n\n - SCTP management information base (MIB) support\n\n - issues with: autofs, kdump, kobject_add, libata, lpar,\n ptrace, and utrace\n\n - platforms using Intel Enhanced Error Handling (EEH)\n\n - EDAC issues for AMD K8 and Intel i5000\n\n - ALSA, including support for new hardware\n\n - futex support\n\n - hugepage support\n\n - Intelligent Platform Management Interface (IPMI) support\n\n - issues affecting NEC/Stratus servers\n\n - OFED support\n\n - SELinux\n\n - various Virtio issues\n\n - when using the nfsd daemon in a clustered setup, kernel\n panics appeared seemingly at random. These panics were\n caused by a race condition in the device-mapper mirror\n target.\n\n - the clock_gettime(CLOCK_THREAD_CPUTIME_ID, ) syscall\n returned a smaller timespec value than the result of\n previous clock_gettime() function execution, which\n resulted in a negative, and nonsensical, elapsed time\n value.\n\n - nfs_create_rpc_client was called with a 'flavor'\n parameter which was usually ignored and ended up\n unconditionally creating the RPC client with an\n AUTH_UNIX flavor. This caused problems on AUTH_GSS\n mounts when the credentials needed to be refreshed. The\n credops did not match the authorization type, which\n resulted in the credops dereferencing an incorrect part\n of the AUTH_UNIX rpc_auth struct.\n\n - when copy_user_c terminated prematurely due to reading\n beyond the end of the user buffer and the kernel jumped\n to the exception table entry, the rsi register was not\n cleared. This resulted in exiting back to user code with\n garbage in the rsi register.\n\n - the hexdump data in s390dbf traces was incomplete. The\n length of the data traced was incorrect and the SAN\n payload was read from a different place then it was\n written to.\n\n - when using connected mode (CM) in IPoIB on ehca2\n hardware, it was not possible to transmit any data.\n\n - when an application called fork() and pthread_create()\n many times and, at some point, a thread forked a child\n and then attempted to call the setpgid() function, then\n this function failed and returned and ESRCH error value.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0902&L=scientific-linux-errata&T=0&P=2076\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4528f07\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-128.1.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-128.1.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-128.1.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-128.1.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-128.1.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-128.1.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-128.1.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-128.1.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T15:06:55", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-1385 Neil Horman discovered a missing fix from the e1000 network driver. A remote user may cause a denial of service by way of a kernel panic triggered by specially crafted frame sizes.\n\n - CVE-2009-1389 Michael Tokarev discovered an issue in the r8169 network driver. Remote users on the same LAN may cause a denial of service by way of a kernel panic triggered by receiving a large size frame.\n\n - CVE-2009-1630 Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount.\n\n - CVE-2009-1633 Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption.\n\n - CVE-2009-1895 Julien Tinnes and Tavis Ormandy reported an issue in the Linux personality code. Local users can take advantage of a setuid binary that can either be made to dereference a NULL pointer or drop privileges and return control to the user. This allows a user to bypass mmap_min_addr restrictions which can be exploited to execute arbitrary code.\n\n - CVE-2009-1914 Mikulas Patocka discovered an issue in sparc64 kernels that allows local users to cause a denial of service (crash) by reading the /proc/iomem file.\n\n - CVE-2009-1961 Miklos Szeredi reported an issue in the ocfs2 filesystem. Local users can create a denial of service (filesystem deadlock) using a particular sequence of splice system calls.\n\n - CVE-2009-2406 CVE-2009-2407 Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility.\n A local user with permissions to perform an eCryptfs mount may modify the contents of a eCryptfs file, overflowing the stack and potentially gaining elevated privileges.", "cvss3": {}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1844-1 : linux-2.6.24 - denial of service/privilege escalation", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1385", "CVE-2009-1389", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1895", "CVE-2009-1914", "CVE-2009-1961", "CVE-2009-2406", "CVE-2009-2407"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6.24", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1844.NASL", "href": "https://www.tenable.com/plugins/nessus/44709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1844. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44709);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1385\", \"CVE-2009-1389\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1895\", \"CVE-2009-1914\", \"CVE-2009-1961\", \"CVE-2009-2406\", \"CVE-2009-2407\");\n script_bugtraq_id(34612, 34934, 35143, 35185, 35281, 35647, 35850, 35851);\n script_xref(name:\"DSA\", value:\"1844\");\n\n script_name(english:\"Debian DSA-1844-1 : linux-2.6.24 - denial of service/privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-1385\n Neil Horman discovered a missing fix from the e1000\n network driver. A remote user may cause a denial of\n service by way of a kernel panic triggered by specially\n crafted frame sizes.\n\n - CVE-2009-1389\n Michael Tokarev discovered an issue in the r8169 network\n driver. Remote users on the same LAN may cause a denial\n of service by way of a kernel panic triggered by\n receiving a large size frame.\n\n - CVE-2009-1630\n Frank Filz discovered that local users may be able to\n execute files without execute permission when accessed\n via an nfs4 mount.\n\n - CVE-2009-1633\n Jeff Layton and Suresh Jayaraman fixed several buffer\n overflows in the CIFS filesystem which allow remote\n servers to cause memory corruption.\n\n - CVE-2009-1895\n Julien Tinnes and Tavis Ormandy reported an issue in the\n Linux personality code. Local users can take advantage\n of a setuid binary that can either be made to\n dereference a NULL pointer or drop privileges and return\n control to the user. This allows a user to bypass\n mmap_min_addr restrictions which can be exploited to\n execute arbitrary code.\n\n - CVE-2009-1914\n Mikulas Patocka discovered an issue in sparc64 kernels\n that allows local users to cause a denial of service\n (crash) by reading the /proc/iomem file.\n\n - CVE-2009-1961\n Miklos Szeredi reported an issue in the ocfs2\n filesystem. Local users can create a denial of service\n (filesystem deadlock) using a particular sequence of\n splice system calls.\n\n - CVE-2009-2406 CVE-2009-2407\n Ramon de Carvalho Valle discovered two issues with the\n eCryptfs layered filesystem using the fsfuzzer utility.\n A local user with permissions to perform an eCryptfs\n mount may modify the contents of a eCryptfs file,\n overflowing the stack and potentially gaining elevated\n privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1844\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6.24 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch2.\n\nNote: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch' concludes.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, lower severity 2.6.18 and 2.6.24 updates will\ntypically release in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 119, 189, 264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6.24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"linux-doc-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-486\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-4kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-5kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-686\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-686-bigmem\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-alpha\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-amd64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-arm\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-hppa\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-i386\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-ia64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-mips\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-mipsel\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-powerpc\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-s390\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-all-sparc\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-generic\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-legacy\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-alpha-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-amd64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-common\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-footbridge\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-iop32x\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-itanium\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-ixp4xx\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-mckinley\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-parisc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-powerpc64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r4k-ip22\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-r5k-ip32\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-s390\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-s390x\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sparc64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-headers-2.6.24-etchnhalf.1-sparc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-486\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-4kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-5kc-malta\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-686\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-686-bigmem\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-generic\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-legacy\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-alpha-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-amd64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-footbridge\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-iop32x\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-itanium\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-ixp4xx\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-mckinley\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-parisc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc-miboot\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-powerpc64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r4k-ip22\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r5k-cobalt\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-r5k-ip32\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390-tape\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-s390x\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sparc64\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-image-2.6.24-etchnhalf.1-sparc64-smp\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-manual-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-patch-debian-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-source-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-support-2.6.24-etchnhalf.1\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"linux-tree-2.6.24\", reference:\"2.6.24-6~etchnhalf.8etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-04T14:17:28", "description": "Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share.\n(CVE-2009-1439, CVE-2009-1633, Important)\n\n* the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users. This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate)\n\n* Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations. This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems. (CVE-2009-1630, Moderate)\n\n* a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel.\n(CVE-2009-1758, Moderate)\n\n* a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak.\n(CVE-2009-1192, Low)\n\nBug fixes :\n\n* a race in the NFS client between destroying cached access rights and unmounting an NFS file system could have caused a system crash. 'Busy inodes' messages may have been logged. (BZ#498653)\n\n* nanosleep() could sleep several milliseconds less than the specified time on Intel Itanium(r)-based systems. (BZ#500349)\n\n* LEDs for disk drives in AHCI mode may have displayed a fault state when there were no faults. (BZ#500120)\n\n* ptrace_do_wait() reported tasks were stopped each time the process doing the trace called wait(), instead of reporting it once.\n(BZ#486945)\n\n* epoll_wait() may have caused a system lockup and problems for applications. (BZ#497322)\n\n* missing capabilities could possibly allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented. (BZ#497271)\n\n* on NFS mounted file systems, heavy write loads may have blocked nfs_getattr() for long periods, causing commands that use stat(2), such as ls, to hang. (BZ#486926)\n\n* in rare circumstances, if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2), the buffer storing the result of the I/O may have ended up with invalid data.\n(BZ#486921)\n\n* when using GFS2, gfs2_quotad may have entered an uninterpretable sleep state. (BZ#501742)\n\n* with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned. (BZ#499783)\n\n* the '-fwrapv' flag was added to the gcc build options to prevent gcc from optimizing away wrapping. (BZ#501751)\n\n* a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)\n\n* using the Broadcom NetXtreme BCM5704 network device with the tg3 driver caused high system load and very bad performance. (BZ#502837)\n\n* '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by processes able to use the ptrace() call on a given process; however, certain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan' could be used to reconstruct memory maps. (BZ#499546)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2009:1106)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1072", "CVE-2009-1192", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1758", "CVE-2009-3238"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1106.NASL", "href": "https://www.tenable.com/plugins/nessus/43757", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1106 and \n# CentOS Errata and Security Advisory 2009:1106 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43757);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1072\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1758\", \"CVE-2009-3238\");\n script_bugtraq_id(34205, 34453, 34612, 34673, 34934, 34957);\n script_xref(name:\"RHSA\", value:\"2009:1106\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2009:1106)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* several flaws were found in the way the Linux kernel CIFS\nimplementation handles Unicode strings. CIFS clients convert Unicode\nstrings sent by a server to their local character sets, and then write\nthose strings into memory. If a malicious server sent a long enough\nstring, it could write past the end of the target memory region and\ncorrupt other memory areas, possibly leading to a denial of service or\nprivilege escalation on the client mounting the CIFS share.\n(CVE-2009-1439, CVE-2009-1633, Important)\n\n* the Linux kernel Network File System daemon (nfsd) implementation\ndid not drop the CAP_MKNOD capability when handling requests from\nlocal, unprivileged users. This flaw could possibly lead to an\ninformation leak or privilege escalation. (CVE-2009-1072, Moderate)\n\n* Frank Filz reported the NFSv4 client was missing a file permission\ncheck for the execute bit in some situations. This could allow local,\nunprivileged users to run non-executable files on NFSv4 mounted file\nsystems. (CVE-2009-1630, Moderate)\n\n* a missing check was found in the hypervisor_callback() function in\nthe Linux kernel provided by the kernel-xen package. This could cause\na denial of service of a 32-bit guest if an application running in\nthat guest accesses a certain memory location in the kernel.\n(CVE-2009-1758, Moderate)\n\n* a flaw was found in the AGPGART driver. The agp_generic_alloc_page()\nand agp_generic_alloc_pages() functions did not zero out the memory\npages they allocate, which may later be available to user-space\nprocesses. This flaw could possibly lead to an information leak.\n(CVE-2009-1192, Low)\n\nBug fixes :\n\n* a race in the NFS client between destroying cached access rights and\nunmounting an NFS file system could have caused a system crash. 'Busy\ninodes' messages may have been logged. (BZ#498653)\n\n* nanosleep() could sleep several milliseconds less than the specified\ntime on Intel Itanium(r)-based systems. (BZ#500349)\n\n* LEDs for disk drives in AHCI mode may have displayed a fault state\nwhen there were no faults. (BZ#500120)\n\n* ptrace_do_wait() reported tasks were stopped each time the process\ndoing the trace called wait(), instead of reporting it once.\n(BZ#486945)\n\n* epoll_wait() may have caused a system lockup and problems for\napplications. (BZ#497322)\n\n* missing capabilities could possibly allow users with an fsuid other\nthan 0 to perform actions on some file system types that would\notherwise be prevented. (BZ#497271)\n\n* on NFS mounted file systems, heavy write loads may have blocked\nnfs_getattr() for long periods, causing commands that use stat(2),\nsuch as ls, to hang. (BZ#486926)\n\n* in rare circumstances, if an application performed multiple O_DIRECT\nreads per virtual memory page and also performed fork(2), the buffer\nstoring the result of the I/O may have ended up with invalid data.\n(BZ#486921)\n\n* when using GFS2, gfs2_quotad may have entered an uninterpretable\nsleep state. (BZ#501742)\n\n* with this update, get_random_int() is more random and no longer uses\na common seed value, reducing the possibility of predicting the values\nreturned. (BZ#499783)\n\n* the '-fwrapv' flag was added to the gcc build options to prevent gcc\nfrom optimizing away wrapping. (BZ#501751)\n\n* a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)\n\n* using the Broadcom NetXtreme BCM5704 network device with the tg3\ndriver caused high system load and very bad performance. (BZ#502837)\n\n* '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by\nprocesses able to use the ptrace() call on a given process; however,\ncertain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan'\ncould be used to reconstruct memory maps. (BZ#499546)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-June/015975.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09ca528f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-June/015976.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1c586af\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-128.1.14.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-128.1.14.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-05T14:17:13", "description": "Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share.\n(CVE-2009-1439, CVE-2009-1633, Important)\n\n* the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users. This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate)\n\n* Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations. This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems. (CVE-2009-1630, Moderate)\n\n* a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel.\n(CVE-2009-1758, Moderate)\n\n* a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak.\n(CVE-2009-1192, Low)\n\nBug fixes :\n\n* a race in the NFS client between destroying cached access rights and unmounting an NFS file system could have caused a system crash. 'Busy inodes' messages may have been logged. (BZ#498653)\n\n* nanosleep() could sleep several milliseconds less than the specified time on Intel Itanium(r)-based systems. (BZ#500349)\n\n* LEDs for disk drives in AHCI mode may have displayed a fault state when there were no faults. (BZ#500120)\n\n* ptrace_do_wait() reported tasks were stopped each time the process doing the trace called wait(), instead of reporting it once.\n(BZ#486945)\n\n* epoll_wait() may have caused a system lockup and problems for applications. (BZ#497322)\n\n* missing capabilities could possibly allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented. (BZ#497271)\n\n* on NFS mounted file systems, heavy write loads may have blocked nfs_getattr() for long periods, causing commands that use stat(2), such as ls, to hang. (BZ#486926)\n\n* in rare circumstances, if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2), the buffer storing the result of the I/O may have ended up with invalid data.\n(BZ#486921)\n\n* when using GFS2, gfs2_quotad may have entered an uninterpretable sleep state. (BZ#501742)\n\n* with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned. (BZ#499783)\n\n* the '-fwrapv' flag was added to the gcc build options to prevent gcc from optimizing away wrapping. (BZ#501751)\n\n* a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)\n\n* using the Broadcom NetXtreme BCM5704 network device with the tg3 driver caused high system load and very bad performance. (BZ#502837)\n\n* '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by processes able to use the ptrace() call on a given process; however, certain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan' could be used to reconstruct memory maps. (BZ#499546)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-06-17T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2009:1106)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1072", "CVE-2009-1192", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1758", "CVE-2009-3238"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1106.NASL", "href": "https://www.tenable.com/plugins/nessus/39430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1106. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39430);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1072\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1758\", \"CVE-2009-3238\");\n script_bugtraq_id(34205, 34453, 34612, 34673, 34934, 34957);\n script_xref(name:\"RHSA\", value:\"2009:1106\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2009:1106)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* several flaws were found in the way the Linux kernel CIFS\nimplementation handles Unicode strings. CIFS clients convert Unicode\nstrings sent by a server to their local character sets, and then write\nthose strings into memory. If a malicious server sent a long enough\nstring, it could write past the end of the target memory region and\ncorrupt other memory areas, possibly leading to a denial of service or\nprivilege escalation on the client mounting the CIFS share.\n(CVE-2009-1439, CVE-2009-1633, Important)\n\n* the Linux kernel Network File System daemon (nfsd) implementation\ndid not drop the CAP_MKNOD capability when handling requests from\nlocal, unprivileged users. This flaw could possibly lead to an\ninformation leak or privilege escalation. (CVE-2009-1072, Moderate)\n\n* Frank Filz reported the NFSv4 client was missing a file permission\ncheck for the execute bit in some situations. This could allow local,\nunprivileged users to run non-executable files on NFSv4 mounted file\nsystems. (CVE-2009-1630, Moderate)\n\n* a missing check was found in the hypervisor_callback() function in\nthe Linux kernel provided by the kernel-xen package. This could cause\na denial of service of a 32-bit guest if an application running in\nthat guest accesses a certain memory location in the kernel.\n(CVE-2009-1758, Moderate)\n\n* a flaw was found in the AGPGART driver. The agp_generic_alloc_page()\nand agp_generic_alloc_pages() functions did not zero out the memory\npages they allocate, which may later be available to user-space\nprocesses. This flaw could possibly lead to an information leak.\n(CVE-2009-1192, Low)\n\nBug fixes :\n\n* a race in the NFS client between destroying cached access rights and\nunmounting an NFS file system could have caused a system crash. 'Busy\ninodes' messages may have been logged. (BZ#498653)\n\n* nanosleep() could sleep several milliseconds less than the specified\ntime on Intel Itanium(r)-based systems. (BZ#500349)\n\n* LEDs for disk drives in AHCI mode may have displayed a fault state\nwhen there were no faults. (BZ#500120)\n\n* ptrace_do_wait() reported tasks were stopped each time the process\ndoing the trace called wait(), instead of reporting it once.\n(BZ#486945)\n\n* epoll_wait() may have caused a system lockup and problems for\napplications. (BZ#497322)\n\n* missing capabilities could possibly allow users with an fsuid other\nthan 0 to perform actions on some file system types that would\notherwise be prevented. (BZ#497271)\n\n* on NFS mounted file systems, heavy write loads may have blocked\nnfs_getattr() for long periods, causing commands that use stat(2),\nsuch as ls, to hang. (BZ#486926)\n\n* in rare circumstances, if an application performed multiple O_DIRECT\nreads per virtual memory page and also performed fork(2), the buffer\nstoring the result of the I/O may have ended up with invalid data.\n(BZ#486921)\n\n* when using GFS2, gfs2_quotad may have entered an uninterpretable\nsleep state. (BZ#501742)\n\n* with this update, get_random_int() is more random and no longer uses\na common seed value, reducing the possibility of predicting the values\nreturned. (BZ#499783)\n\n* the '-fwrapv' flag was added to the gcc build options to prevent gcc\nfrom optimizing away wrapping. (BZ#501751)\n\n* a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)\n\n* using the Broadcom NetXtreme BCM5704 network device with the tg3\ndriver caused high system load and very bad performance. (BZ#502837)\n\n* '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by\nprocesses able to use the ptrace() call on a given process; however,\ncertain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan'\ncould be used to reconstruct memory maps. (BZ#499546)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1106\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2009-1072\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1758\", \"CVE-2009-3238\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2009:1106\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1106\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-128.1.14.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-128.1.14.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-05T14:16:51", "description": "From Red Hat Security Advisory 2009:1106 :\n\nUpdated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share.\n(CVE-2009-1439, CVE-2009-1633, Important)\n\n* the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users. This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate)\n\n* Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations. This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems. (CVE-2009-1630, Moderate)\n\n* a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel.\n(CVE-2009-1758, Moderate)\n\n* a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak.\n(CVE-2009-1192, Low)\n\nBug fixes :\n\n* a race in the NFS client between destroying cached access rights and unmounting an NFS file system could have caused a system crash. 'Busy inodes' messages may have been logged. (BZ#498653)\n\n* nanosleep() could sleep several milliseconds less than the specified time on Intel Itanium(r)-based systems. (BZ#500349)\n\n* LEDs for disk drives in AHCI mode may have displayed a fault state when there were no faults. (BZ#500120)\n\n* ptrace_do_wait() reported tasks were stopped each time the process doing the trace called wait(), instead of reporting it once.\n(BZ#486945)\n\n* epoll_wait() may have caused a system lockup and problems for applications. (BZ#497322)\n\n* missing capabilities could possibly allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented. (BZ#497271)\n\n* on NFS mounted file systems, heavy write loads may have blocked nfs_getattr() for long periods, causing commands that use stat(2), such as ls, to hang. (BZ#486926)\n\n* in rare circumstances, if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2), the buffer storing the result of the I/O may have ended up with invalid data.\n(BZ#486921)\n\n* when using GFS2, gfs2_quotad may have entered an uninterpretable sleep state. (BZ#501742)\n\n* with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned. (BZ#499783)\n\n* the '-fwrapv' flag was added to the gcc build options to prevent gcc from optimizing away wrapping. (BZ#501751)\n\n* a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)\n\n* using the Broadcom NetXtreme BCM5704 network device with the tg3 driver caused high system load and very bad performance. (BZ#502837)\n\n* '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by processes able to use the ptrace() call on a given process; however, certain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan' could be used to reconstruct memory maps. (BZ#499546)\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2009-1106)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1072", "CVE-2009-1192", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1758", "CVE-2009-3238"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-1106.NASL", "href": "https://www.tenable.com/plugins/nessus/67874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1106 and \n# Oracle Linux Security Advisory ELSA-2009-1106 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67874);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2009-1072\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1758\", \"CVE-2009-3238\");\n script_bugtraq_id(34205, 34453, 34612, 34673, 34934, 34957);\n script_xref(name:\"RHSA\", value:\"2009:1106\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2009-1106)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1106 :\n\nUpdated kernel packages that fix several security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* several flaws were found in the way the Linux kernel CIFS\nimplementation handles Unicode strings. CIFS clients convert Unicode\nstrings sent by a server to their local character sets, and then write\nthose strings into memory. If a malicious server sent a long enough\nstring, it could write past the end of the target memory region and\ncorrupt other memory areas, possibly leading to a denial of service or\nprivilege escalation on the client mounting the CIFS share.\n(CVE-2009-1439, CVE-2009-1633, Important)\n\n* the Linux kernel Network File System daemon (nfsd) implementation\ndid not drop the CAP_MKNOD capability when handling requests from\nlocal, unprivileged users. This flaw could possibly lead to an\ninformation leak or privilege escalation. (CVE-2009-1072, Moderate)\n\n* Frank Filz reported the NFSv4 client was missing a file permission\ncheck for the execute bit in some situations. This could allow local,\nunprivileged users to run non-executable files on NFSv4 mounted file\nsystems. (CVE-2009-1630, Moderate)\n\n* a missing check was found in the hypervisor_callback() function in\nthe Linux kernel provided by the kernel-xen package. This could cause\na denial of service of a 32-bit guest if an application running in\nthat guest accesses a certain memory location in the kernel.\n(CVE-2009-1758, Moderate)\n\n* a flaw was found in the AGPGART driver. The agp_generic_alloc_page()\nand agp_generic_alloc_pages() functions did not zero out the memory\npages they allocate, which may later be available to user-space\nprocesses. This flaw could possibly lead to an information leak.\n(CVE-2009-1192, Low)\n\nBug fixes :\n\n* a race in the NFS client between destroying cached access rights and\nunmounting an NFS file system could have caused a system crash. 'Busy\ninodes' messages may have been logged. (BZ#498653)\n\n* nanosleep() could sleep several milliseconds less than the specified\ntime on Intel Itanium(r)-based systems. (BZ#500349)\n\n* LEDs for disk drives in AHCI mode may have displayed a fault state\nwhen there were no faults. (BZ#500120)\n\n* ptrace_do_wait() reported tasks were stopped each time the process\ndoing the trace called wait(), instead of reporting it once.\n(BZ#486945)\n\n* epoll_wait() may have caused a system lockup and problems for\napplications. (BZ#497322)\n\n* missing capabilities could possibly allow users with an fsuid other\nthan 0 to perform actions on some file system types that would\notherwise be prevented. (BZ#497271)\n\n* on NFS mounted file systems, heavy write loads may have blocked\nnfs_getattr() for long periods, causing commands that use stat(2),\nsuch as ls, to hang. (BZ#486926)\n\n* in rare circumstances, if an application performed multiple O_DIRECT\nreads per virtual memory page and also performed fork(2), the buffer\nstoring the result of the I/O may have ended up with invalid data.\n(BZ#486921)\n\n* when using GFS2, gfs2_quotad may have entered an uninterpretable\nsleep state. (BZ#501742)\n\n* with this update, get_random_int() is more random and no longer uses\na common seed value, reducing the possibility of predicting the values\nreturned. (BZ#499783)\n\n* the '-fwrapv' flag was added to the gcc build options to prevent gcc\nfrom optimizing away wrapping. (BZ#501751)\n\n* a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)\n\n* using the Broadcom NetXtreme BCM5704 network device with the tg3\ndriver caused high system load and very bad performance. (BZ#502837)\n\n* '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by\nprocesses able to use the ptrace() call on a given process; however,\ncertain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan'\ncould be used to reconstruct memory maps. (BZ#499546)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-June/001049.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2009-1072\", \"CVE-2009-1192\", \"CVE-2009-1439\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1758\", \"CVE-2009-3238\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2009-1106\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-128.1.14.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-128.1.14.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-128.1.14.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-128.1.14.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-128.1.14.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-128.1.14.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-128.1.14.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-128.1.14.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-128.1.14.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-128.1.14.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:36:36", "description": "These updated packages fix the following security issues :\n\n - the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important)\n\n - the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate)\n\n - a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service. (CVE-2009-1385, Important)\n\n - the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users.\n This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate)\n\n - Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations.\n This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems.\n (CVE-2009-1630, Moderate)\n\n - a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel.\n (CVE-2009-1758, Moderate)\n\n - a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak. (CVE-2009-1192, Low)\n\nThese updated packages also fix the following bugs :\n\n - '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by processes able to use the ptrace() call on a given process; however, certain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan' could be used to reconstruct memory maps, making it possible to bypass the Address Space Layout Randomization (ASLR) security feature. This update addresses this issue. (BZ#499549)\n\n - in some situations, the link count was not decreased when renaming unused files on NFS mounted file systems.\n This may have resulted in poor performance. With this update, the link count is decreased in these situations, the same as is done for other file operations, such as unlink and rmdir. (BZ#501802)\n\n - tcp_ack() cleared the probes_out variable even if there were outstanding packets. When low TCP keepalive intervals were used, this bug may have caused problems, such as connections terminating, when using remote tools such as rsh and rlogin. (BZ#501754)\n\n - off-by-one errors in the time normalization code could have caused clock_gettime() to return one billion nanoseconds, rather than adding an extra second. This bug could have caused the name service cache daemon (nscd) to consume excessive CPU resources. (BZ#501800)\n\n - a system panic could occur when one thread read '/proc/bus/input/devices' while another was removing a device. With this update, a mutex has been added to protect the input_dev_list and input_handler_list variables, which resolves this issue. (BZ#501804)\n\n - using netdump may have caused a kernel deadlock on some systems. (BZ#504565)\n\n - the file system mask, which lists capabilities for users with a file system user ID (fsuid) of 0, was missing the CAP_MKNOD and CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented. This update adds these capabilities. (BZ#497269)\n\nKernel Feature Support :\n\n - added a new allowable value to '/proc/sys/kernel/wake_balance' to allow the scheduler to run the thread on any available CPU rather than scheduling it on the optimal CPU.\n\n - added 'max_writeback_pages' tunable parameter to /proc/sys/vm/ to allow the maximum number of modified pages kupdate writes to disk, per iteration per run.\n\n - added 'swap_token_timeout' tunable parameter to /proc/sys/vm/ to provide a valid hold time for the swap out protection token.\n\n - added diskdump support to sata_svw driver.\n\n - limited physical memory to 64GB for 32-bit kernels running on systems with more than 64GB of physical memory to prevent boot failures.\n\n - improved reliability of autofs.\n\n - added support for 'rdattr_error' in NFSv4 readdir requests.\n\n - fixed various short packet handling issues for NFSv4 readdir and sunrpc.\n\n - fixed several CIFS bugs.\n\nNetworking and IPv6 Enablement :\n\n - added router solicitation support.\n\n - enforced sg requires tx csum in ethtool.\n\nPlatform Support :\n\nx86, AMD64, Intel 64\n\n - added support for a new Intel chipset.\n\n - added initialization vendor info in boot_cpu_data.\n\n - added support for N_Port ID Virtualization (NPIV) for IBM System z guests using zFCP.\n\n - added HDMI support for some AMD and ATI chipsets.\n\n - updated HDA driver in ALSA to latest upstream as of 2008-07-22.\n\n - added support for affected_cpus for cpufreq.\n\n - removed polling timer from i8042.\n\n - fixed PM-Timer when using the ASUS A8V Deluxe motherboard.\n\n - backported usbfs_mutex in usbfs.\n\nNetwork Driver Updates :\n\n - updated forcedeth driver to latest upstream version 0.61.\n\n - fixed various e1000 issues when using Intel ESB2 hardware.\n\n - updated e1000e driver to upstream version 0.3.3.3-k6.\n\n - updated igb to upstream version 1.2.45-k2.\n\n - updated tg3 to upstream version 3.96.\n\n - updated ixgbe to upstream version 1.3.18-k4.\n\n - updated bnx2 to upstream version 1.7.9.\n\n - updated bnx2x to upstream version 1.45.23.\n\n - fixed bugs and added enhancements for the NetXen NX2031 and NX3031 products.\n\n - updated Realtek r8169 driver to support newer network chipsets. All variants of RTL810x/RTL8168(9) are now supported.\n\nStorage Driver Updates :\n\n - fixed various SCSI issues. Also, the SCSI sd driver now calls the revalidate_disk wrapper.\n\n - fixed a dmraid reduced I/O delay bug in certain configurations.\n\n - removed quirk aac_quirk_scsi_32 for some aacraid controllers.\n\n - updated FCP driver on IBM System z systems with support for point-to-point connections.\n\n - updated lpfc to version 8.0.16.46.\n\n - updated megaraid_sas to version 4.01-RH1.\n\n - updated MPT Fusion driver to version 3.12.29.00rh.\n\n - updated qla2xxx firmware to 4.06.01 for 4GB/s and 8GB/s adapters.\n\n - updated qla2xxx driver to version 8.02.09.00.04.08-d.\n\n - fixed sata_nv in libsata to disable ADMA mode by default.\n\nMiscellaneous Updates :\n\n - upgraded OpenFabrics Alliance Enterprise Distribution (OFED) to version 1.4.\n\n - added driver support and fixes for various Wacom tablets.\n\nNote: The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1072", "CVE-2009-1192", "CVE-2009-1336", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1630", "CVE-2009-1758"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090630_KERNEL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60609", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60609);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1072\", \"CVE-2009-1192\", \"CVE-2009-1336\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1630\", \"CVE-2009-1758\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"These updated packages fix the following security issues :\n\n - the exit_notify() function in the Linux kernel did not\n properly reset the exit signal if a process executed a\n set user ID (setuid) application before exiting. This\n could allow a local, unprivileged user to elevate their\n privileges. (CVE-2009-1337, Important)\n\n - the Linux kernel implementation of the Network File\n System (NFS) did not properly initialize the file name\n limit in the nfs_server data structure. This flaw could\n possibly lead to a denial of service on a client\n mounting an NFS share. (CVE-2009-1336, Moderate)\n\n - a flaw was found in the Intel PRO/1000 network driver in\n the Linux kernel. Frames with sizes near the MTU of an\n interface may be split across multiple hardware receive\n descriptors. Receipt of such a frame could leak through\n a validation check, leading to a corruption of the\n length check. A remote attacker could use this flaw to\n send a specially crafted packet that would cause a\n denial of service. (CVE-2009-1385, Important)\n\n - the Linux kernel Network File System daemon (nfsd)\n implementation did not drop the CAP_MKNOD capability\n when handling requests from local, unprivileged users.\n This flaw could possibly lead to an information leak or\n privilege escalation. (CVE-2009-1072, Moderate)\n\n - Frank Filz reported the NFSv4 client was missing a file\n permission check for the execute bit in some situations.\n This could allow local, unprivileged users to run\n non-executable files on NFSv4 mounted file systems.\n (CVE-2009-1630, Moderate)\n\n - a missing check was found in the hypervisor_callback()\n function in the Linux kernel provided by the kernel-xen\n package. This could cause a denial of service of a\n 32-bit guest if an application running in that guest\n accesses a certain memory location in the kernel.\n (CVE-2009-1758, Moderate)\n\n - a flaw was found in the AGPGART driver. The\n agp_generic_alloc_page() and agp_generic_alloc_pages()\n functions did not zero out the memory pages they\n allocate, which may later be available to user-space\n processes. This flaw could possibly lead to an\n information leak. (CVE-2009-1192, Low)\n\nThese updated packages also fix the following bugs :\n\n - '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be\n read by processes able to use the ptrace() call on a\n given process; however, certain information from\n '/proc/[pid]/stat' and '/proc/[pid]/wchan' could be used\n to reconstruct memory maps, making it possible to bypass\n the Address Space Layout Randomization (ASLR) security\n feature. This update addresses this issue. (BZ#499549)\n\n - in some situations, the link count was not decreased\n when renaming unused files on NFS mounted file systems.\n This may have resulted in poor performance. With this\n update, the link count is decreased in these situations,\n the same as is done for other file operations, such as\n unlink and rmdir. (BZ#501802)\n\n - tcp_ack() cleared the probes_out variable even if there\n were outstanding packets. When low TCP keepalive\n intervals were used, this bug may have caused problems,\n such as connections terminating, when using remote tools\n such as rsh and rlogin. (BZ#501754)\n\n - off-by-one errors in the time normalization code could\n have caused clock_gettime() to return one billion\n nanoseconds, rather than adding an extra second. This\n bug could have caused the name service cache daemon\n (nscd) to consume excessive CPU resources. (BZ#501800)\n\n - a system panic could occur when one thread read\n '/proc/bus/input/devices' while another was removing a\n device. With this update, a mutex has been added to\n protect the input_dev_list and input_handler_list\n variables, which resolves this issue. (BZ#501804)\n\n - using netdump may have caused a kernel deadlock on some\n systems. (BZ#504565)\n\n - the file system mask, which lists capabilities for users\n with a file system user ID (fsuid) of 0, was missing the\n CAP_MKNOD and CAP_LINUX_IMMUTABLE capabilities. This\n could, potentially, allow users with an fsuid other than\n 0 to perform actions on some file system types that\n would otherwise be prevented. This update adds these\n capabilities. (BZ#497269)\n\nKernel Feature Support :\n\n - added a new allowable value to\n '/proc/sys/kernel/wake_balance' to allow the scheduler\n to run the thread on any available CPU rather than\n scheduling it on the optimal CPU.\n\n - added 'max_writeback_pages' tunable parameter to\n /proc/sys/vm/ to allow the maximum number of modified\n pages kupdate writes to disk, per iteration per run.\n\n - added 'swap_token_timeout' tunable parameter to\n /proc/sys/vm/ to provide a valid hold time for the swap\n out protection token.\n\n - added diskdump support to sata_svw driver.\n\n - limited physical memory to 64GB for 32-bit kernels\n running on systems with more than 64GB of physical\n memory to prevent boot failures.\n\n - improved reliability of autofs.\n\n - added support for 'rdattr_error' in NFSv4 readdir\n requests.\n\n - fixed various short packet handling issues for NFSv4\n readdir and sunrpc.\n\n - fixed several CIFS bugs.\n\nNetworking and IPv6 Enablement :\n\n - added router solicitation support.\n\n - enforced sg requires tx csum in ethtool.\n\nPlatform Support :\n\nx86, AMD64, Intel 64\n\n - added support for a new Intel chipset.\n\n - added initialization vendor info in boot_cpu_data.\n\n - added support for N_Port ID Virtualization (NPIV) for\n IBM System z guests using zFCP.\n\n - added HDMI support for some AMD and ATI chipsets.\n\n - updated HDA driver in ALSA to latest upstream as of\n 2008-07-22.\n\n - added support for affected_cpus for cpufreq.\n\n - removed polling timer from i8042.\n\n - fixed PM-Timer when using the ASUS A8V Deluxe\n motherboard.\n\n - backported usbfs_mutex in usbfs.\n\nNetwork Driver Updates :\n\n - updated forcedeth driver to latest upstream version\n 0.61.\n\n - fixed various e1000 issues when using Intel ESB2\n hardware.\n\n - updated e1000e driver to upstream version 0.3.3.3-k6.\n\n - updated igb to upstream version 1.2.45-k2.\n\n - updated tg3 to upstream version 3.96.\n\n - updated ixgbe to upstream version 1.3.18-k4.\n\n - updated bnx2 to upstream version 1.7.9.\n\n - updated bnx2x to upstream version 1.45.23.\n\n - fixed bugs and added enhancements for the NetXen NX2031\n and NX3031 products.\n\n - updated Realtek r8169 driver to support newer network\n chipsets. All variants of RTL810x/RTL8168(9) are now\n supported.\n\nStorage Driver Updates :\n\n - fixed various SCSI issues. Also, the SCSI sd driver now\n calls the revalidate_disk wrapper.\n\n - fixed a dmraid reduced I/O delay bug in certain\n configurations.\n\n - removed quirk aac_quirk_scsi_32 for some aacraid\n controllers.\n\n - updated FCP driver on IBM System z systems with support\n for point-to-point connections.\n\n - updated lpfc to version 8.0.16.46.\n\n - updated megaraid_sas to version 4.01-RH1.\n\n - updated MPT Fusion driver to version 3.12.29.00rh.\n\n - updated qla2xxx firmware to 4.06.01 for 4GB/s and 8GB/s\n adapters.\n\n - updated qla2xxx driver to version 8.02.09.00.04.08-d.\n\n - fixed sata_nv in libsata to disable ADMA mode by\n default.\n\nMiscellaneous Updates :\n\n - upgraded OpenFabrics Alliance Enterprise Distribution\n (OFED) to version 1.4.\n\n - added driver support and fixes for various Wacom\n tablets.\n\nNote: The system must be rebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=497269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=499549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=504565\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=75\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2857eca5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(16, 20, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kernel-2.6.9-89.0.3.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-devel-2.6.9-89.0.3.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-doc-2.6.9-89.0.3.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-largesmp-2.6.9-89.0.3.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-largesmp-devel-2.6.9-89.0.3.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-2.6.9-89.0.3.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-smp-devel-2.6.9-89.0.3.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-2.6.9-89.0.3.EL\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kernel-xenU-devel-2.6.9-89.0.3.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T15:13:24", "description": "Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel :\n\nBuffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.\n(CVE-2009-1389)\n\nThe inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. (CVE-2009-1961)\n\nThe nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. (CVE-2009-1630)\n\nInteger underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.\n(CVE-2009-1385)\n\nMultiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.\n(CVE-2009-1633)\n\nAdditionally, the kernel package was updated to the Linux upstream stable version 2.6.29.6.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate", "cvss3": {}, "published": "2010-07-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : kernel (MDVSA-2009:148)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1385", "CVE-2009-1389", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1961"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-server-latest", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:broadcom-wl-kernel-server-latest", "p-cpe:/a:mandriva:linux:em8300-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:em8300-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:em8300-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:em8300-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:em8300-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:em8300-kernel-server-latest", "p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest", "p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest", "p-cpe:/a:mandriva:linux:hso-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:hso-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:hso-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:hso-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:hso-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:hso-kernel-server-latest", "p-cpe:/a:mandriva:linux:kernel-2.6.29.6-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop-2.6.29.6-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.29.6-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest", "p-cpe:/a:mandriva:linux:kernel-desktop-latest", "p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.29.6-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.29.6-1mnb", "p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest", "p-cpe:/a:mandriva:linux:kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:kernel-doc", "p-cpe:/a:mandriva:linux:kernel-server-2.6.29.6-1mnb", "p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.29.6-1mnb", "p-cpe:/a:mandriva:linux:kernel-server-devel-latest", "p-cpe:/a:mandriva:linux:kernel-server-latest", "p-cpe:/a:mandriva:linux:kernel-source-2.6.29.6-1mnb", "p-cpe:/a:mandriva:linux:kernel-source-latest", "p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:kqemu-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:kqemu-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:kqemu-kernel-server-latest", "p-cpe:/a:mandriva:linux:libafs-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:libafs-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:libafs-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:libafs-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:libafs-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:libafs-kernel-server-latest", "p-cpe:/a:mandriva:linux:lirc-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:lirc-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:lirc-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:lirc-kernel-server-latest", "p-cpe:/a:mandriva:linux:lzma-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:lzma-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:lzma-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:lzma-kernel-server-latest", "p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest", "p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-server-latest", "p-cpe:/a:mandriva:linux:nouveau-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:nouveau-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:nouveau-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:nouveau-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nouveau-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nouveau-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest", "p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:opencbm-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:opencbm-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:opencbm-kernel-server-latest", "p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:rt2870-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:rt2870-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:rt2870-kernel-server-latest", "p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest", "p-cpe:/a:mandriva:linux:squashfs-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:squashfs-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:squashfs-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:squashfs-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:squashfs-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:squashfs-kernel-server-latest", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest", "p-cpe:/a:mandriva:linux:syntek-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:syntek-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:syntek-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:syntek-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:syntek-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:syntek-kernel-server-latest", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:tp_smapi-kernel-server-latest", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vboxadditions-kernel-server-latest", "p-cpe:/a:mandriva:linux:vhba-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:vhba-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:vhba-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:vhba-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:vhba-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vhba-kernel-server-latest", "p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest", "p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.29.6-desktop-1mnb", "p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.29.6-desktop586-1mnb", "p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.29.6-server-1mnb", "p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest", "p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest", "p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest", "cpe:/o:mandriva:linux:2009.1"], "id": "MANDRIVA_MDVSA-2009-148.NASL", "href": "https://www.tenable.com/plugins/nessus/48149", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:148. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48149);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1385\", \"CVE-2009-1389\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1961\");\n script_bugtraq_id(34612, 34934, 35143, 35185, 35281);\n script_xref(name:\"MDVSA\", value:\"2009:148\");\n\n script_name(english:\"Mandriva Linux Security Advisory : kernel (MDVSA-2009:148)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some vulnerabilities were discovered and corrected in the Linux 2.6\nkernel :\n\nBuffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the\nLinux kernel before 2.6.30 allows remote attackers to cause a denial\nof service (kernel memory corruption and crash) via a long packet.\n(CVE-2009-1389)\n\nThe inode double locking code in fs/ocfs2/file.c in the Linux kernel\n2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before\n2.6.29.4, and possibly other versions down to 2.6.19 allows local\nusers to cause a denial of service (prevention of file creation and\nremoval) via a series of splice system calls that trigger a deadlock\nbetween the generic_file_splice_write, splice_from_pipe, and\nocfs2_file_splice_write functions. (CVE-2009-1961)\n\nThe nfs_permission function in fs/nfs/dir.c in the NFS client\nimplementation in the Linux kernel 2.6.29.3 and earlier, when\natomic_open is available, does not check execute (aka EXEC or\nMAY_EXEC) permission bits, which allows local users to bypass\npermissions and execute files, as demonstrated by files on an NFSv4\nfileserver. (CVE-2009-1630)\n\nInteger underflow in the e1000_clean_rx_irq function in\ndrivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel\nbefore 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel\nWired Ethernet (aka e1000) before 7.5.5 allows remote attackers to\ncause a denial of service (panic) via a crafted frame size.\n(CVE-2009-1385)\n\nMultiple buffer overflows in the cifs subsystem in the Linux kernel\nbefore 2.6.29.4 allow remote CIFS servers to cause a denial of service\n(memory corruption) and possibly have unspecified other impact via (1)\na malformed Unicode string, related to Unicode string area alignment\nin fs/cifs/sess.c; or (2) long Unicode characters, related to\nfs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.\n(CVE-2009-1633)\n\nAdditionally, the kernel package was updated to the Linux upstream\nstable version 2.6.29.6.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:alsa_raoppcm-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:broadcom-wl-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:em8300-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fcpci-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fglrx-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hcfpcimodem-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hsfmodem-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hso-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-2.6.29.6-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-2.6.29.6-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-devel-2.6.29.6-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-devel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-2.6.29.6-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-2.6.29.6-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-devel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-2.6.29.6-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-devel-2.6.29.6-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-devel-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-2.6.29.6-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kqemu-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libafs-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lirc-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lzma-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:madwifi-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:netfilter-rtsp-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nouveau-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nouveau-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nouveau-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nouveau-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nouveau-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nouveau-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia-current-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia173-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nvidia96xx-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:opencbm-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rt2870-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:slmodem-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squashfs-lzma-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:syntek-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:syntek-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:syntek-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:syntek-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:syntek-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:syntek-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tp_smapi-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vboxadditions-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vhba-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:virtualbox-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.29.6-desktop-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.29.6-desktop586-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-2.6.29.6-server-1mnb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-desktop586-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vpnclient-kernel-server-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", reference:\"alsa_raoppcm-kernel-2.6.29.6-desktop-1mnb-0.5.1-2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"alsa_raoppcm-kernel-2.6.29.6-desktop586-1mnb-0.5.1-2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"alsa_raoppcm-kernel-2.6.29.6-server-1mnb-0.5.1-2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"alsa_raoppcm-kernel-desktop-latest-0.5.1-1.20090706.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"alsa_raoppcm-kernel-desktop586-latest-0.5.1-1.20090706.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"alsa_raoppcm-kernel-server-latest-0.5.1-1.20090706.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"broadcom-wl-kernel-2.6.29.6-desktop-1mnb-5.10.79.10-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"broadcom-wl-kernel-2.6.29.6-desktop586-1mnb-5.10.79.10-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"broadcom-wl-kernel-2.6.29.6-server-1mnb-5.10.79.10-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"broadcom-wl-kernel-desktop-latest-5.10.79.10-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"broadcom-wl-kernel-desktop586-latest-5.10.79.10-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"broadcom-wl-kernel-server-latest-5.10.79.10-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"em8300-kernel-2.6.29.6-desktop-1mnb-0.17.2-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"em8300-kernel-2.6.29.6-desktop586-1mnb-0.17.2-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"em8300-kernel-2.6.29.6-server-1mnb-0.17.2-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"em8300-kernel-desktop-latest-0.17.2-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"em8300-kernel-desktop586-latest-0.17.2-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"em8300-kernel-server-latest-0.17.2-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"fcpci-kernel-2.6.29.6-desktop-1mnb-3.11.07-7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"fcpci-kernel-2.6.29.6-desktop586-1mnb-3.11.07-7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"fcpci-kernel-2.6.29.6-server-1mnb-3.11.07-7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"fcpci-kernel-desktop-latest-3.11.07-1.20090706.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"fcpci-kernel-desktop586-latest-3.11.07-1.20090706.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"fcpci-kernel-server-latest-3.11.07-1.20090706.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"fglrx-kernel-2.6.29.6-desktop-1mnb-8.600-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"fglrx-kernel-2.6.29.6-desktop586-1mnb-8.600-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"fglrx-kernel-2.6.29.6-server-1mnb-8.600-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"fglrx-kernel-desktop-latest-8.600-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"fglrx-kernel-desktop586-latest-8.600-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"fglrx-kernel-server-latest-8.600-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-2.6.29.6-desktop-1mnb-1.18-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-2.6.29.6-desktop586-1mnb-1.18-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-2.6.29.6-server-1mnb-1.18-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-desktop-latest-1.18-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-desktop586-latest-1.18-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hcfpcimodem-kernel-server-latest-1.18-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"hsfmodem-kernel-2.6.29.6-desktop-1mnb-7.80.02.03-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hsfmodem-kernel-2.6.29.6-desktop586-1mnb-7.80.02.03-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"hsfmodem-kernel-2.6.29.6-server-1mnb-7.80.02.03-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"hsfmodem-kernel-desktop-latest-7.80.02.03-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hsfmodem-kernel-desktop586-latest-7.80.02.03-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"hsfmodem-kernel-server-latest-7.80.02.03-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"hso-kernel-2.6.29.6-desktop-1mnb-1.2-3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hso-kernel-2.6.29.6-desktop586-1mnb-1.2-3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"hso-kernel-2.6.29.6-server-1mnb-1.2-3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"hso-kernel-desktop-latest-1.2-1.20090706.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"hso-kernel-desktop586-latest-1.2-1.20090706.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"hso-kernel-server-latest-1.2-1.20090706.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-2.6.29.6-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-desktop-2.6.29.6-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-desktop-devel-2.6.29.6-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-desktop-devel-latest-2.6.29.6-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-desktop-latest-2.6.29.6-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"kernel-desktop586-2.6.29.6-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"kernel-desktop586-devel-2.6.29.6-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"kernel-desktop586-devel-latest-2.6.29.6-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"kernel-desktop586-latest-2.6.29.6-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-doc-2.6.29.6-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-server-2.6.29.6-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-server-devel-2.6.29.6-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-server-devel-latest-2.6.29.6-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-server-latest-2.6.29.6-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-source-2.6.29.6-1mnb-1-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kernel-source-latest-2.6.29.6-1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kqemu-kernel-2.6.29.6-desktop-1mnb-1.4.0pre1-4\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"kqemu-kernel-2.6.29.6-desktop586-1mnb-1.4.0pre1-4\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kqemu-kernel-2.6.29.6-server-1mnb-1.4.0pre1-4\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kqemu-kernel-desktop-latest-1.4.0pre1-1.20090706.4\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"kqemu-kernel-desktop586-latest-1.4.0pre1-1.20090706.4\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"kqemu-kernel-server-latest-1.4.0pre1-1.20090706.4\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"libafs-kernel-2.6.29.6-desktop-1mnb-1.4.10-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libafs-kernel-2.6.29.6-desktop586-1mnb-1.4.10-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"libafs-kernel-2.6.29.6-server-1mnb-1.4.10-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"libafs-kernel-desktop-latest-1.4.10-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libafs-kernel-desktop586-latest-1.4.10-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"libafs-kernel-server-latest-1.4.10-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"lirc-kernel-2.6.29.6-desktop-1mnb-0.8.5-0.20090320.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"lirc-kernel-2.6.29.6-desktop586-1mnb-0.8.5-0.20090320.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"lirc-kernel-2.6.29.6-server-1mnb-0.8.5-0.20090320.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"lirc-kernel-desktop-latest-0.8.5-1.20090706.0.20090320.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"lirc-kernel-desktop586-latest-0.8.5-1.20090706.0.20090320.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"lirc-kernel-server-latest-0.8.5-1.20090706.0.20090320.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"lzma-kernel-2.6.29.6-desktop-1mnb-4.43-27.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"lzma-kernel-2.6.29.6-desktop586-1mnb-4.43-27.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"lzma-kernel-2.6.29.6-server-1mnb-4.43-27.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"lzma-kernel-desktop-latest-4.43-1.20090706.27.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"lzma-kernel-desktop586-latest-4.43-1.20090706.27.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"lzma-kernel-server-latest-4.43-1.20090706.27.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"madwifi-kernel-2.6.29.6-desktop-1mnb-0.9.4-4.r3998mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"madwifi-kernel-2.6.29.6-desktop586-1mnb-0.9.4-4.r3998mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"madwifi-kernel-2.6.29.6-server-1mnb-0.9.4-4.r3998mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"madwifi-kernel-desktop-latest-0.9.4-1.20090706.4.r3998mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"madwifi-kernel-desktop586-latest-0.9.4-1.20090706.4.r3998mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"madwifi-kernel-server-latest-0.9.4-1.20090706.4.r3998mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"netfilter-rtsp-kernel-2.6.29.6-desktop-1mnb-2.6.26-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"netfilter-rtsp-kernel-2.6.29.6-desktop586-1mnb-2.6.26-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"netfilter-rtsp-kernel-2.6.29.6-server-1mnb-2.6.26-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"netfilter-rtsp-kernel-desktop-latest-2.6.26-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"netfilter-rtsp-kernel-desktop586-latest-2.6.26-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"netfilter-rtsp-kernel-server-latest-2.6.26-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nouveau-kernel-2.6.29.6-desktop-1mnb-0.0.12-0.20090329.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"nouveau-kernel-2.6.29.6-desktop586-1mnb-0.0.12-0.20090329.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nouveau-kernel-2.6.29.6-server-1mnb-0.0.12-0.20090329.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nouveau-kernel-desktop-latest-0.0.12-1.20090706.0.20090329.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"nouveau-kernel-desktop586-latest-0.0.12-1.20090706.0.20090329.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nouveau-kernel-server-latest-0.0.12-1.20090706.0.20090329.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia-current-kernel-2.6.29.6-desktop-1mnb-180.51-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"nvidia-current-kernel-2.6.29.6-desktop586-1mnb-180.51-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia-current-kernel-2.6.29.6-server-1mnb-180.51-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia-current-kernel-desktop-latest-180.51-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"nvidia-current-kernel-desktop586-latest-180.51-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia-current-kernel-server-latest-180.51-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia173-kernel-2.6.29.6-desktop-1mnb-173.14.18-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"nvidia173-kernel-2.6.29.6-desktop586-1mnb-173.14.18-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia173-kernel-2.6.29.6-server-1mnb-173.14.18-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia173-kernel-desktop-latest-173.14.18-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"nvidia173-kernel-desktop586-latest-173.14.18-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia173-kernel-server-latest-173.14.18-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia96xx-kernel-2.6.29.6-desktop-1mnb-96.43.11-5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"nvidia96xx-kernel-2.6.29.6-desktop586-1mnb-96.43.11-5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia96xx-kernel-2.6.29.6-server-1mnb-96.43.11-5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia96xx-kernel-desktop-latest-96.43.11-1.20090706.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"nvidia96xx-kernel-desktop586-latest-96.43.11-1.20090706.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nvidia96xx-kernel-server-latest-96.43.11-1.20090706.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"opencbm-kernel-2.6.29.6-desktop-1mnb-0.4.2a-4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"opencbm-kernel-2.6.29.6-desktop586-1mnb-0.4.2a-4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"opencbm-kernel-2.6.29.6-server-1mnb-0.4.2a-4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"opencbm-kernel-desktop-latest-0.4.2a-1.20090706.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"opencbm-kernel-desktop586-latest-0.4.2a-1.20090706.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"opencbm-kernel-server-latest-0.4.2a-1.20090706.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rt2870-kernel-2.6.29.6-desktop-1mnb-1.4.0.0-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"rt2870-kernel-2.6.29.6-desktop586-1mnb-1.4.0.0-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rt2870-kernel-2.6.29.6-server-1mnb-1.4.0.0-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rt2870-kernel-desktop-latest-1.4.0.0-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"rt2870-kernel-desktop586-latest-1.4.0.0-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rt2870-kernel-server-latest-1.4.0.0-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"slmodem-kernel-2.6.29.6-desktop-1mnb-2.9.11-0.20080817.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"slmodem-kernel-2.6.29.6-desktop586-1mnb-2.9.11-0.20080817.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"slmodem-kernel-2.6.29.6-server-1mnb-2.9.11-0.20080817.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"slmodem-kernel-desktop-latest-2.9.11-1.20090706.0.20080817.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"slmodem-kernel-desktop586-latest-2.9.11-1.20090706.0.20080817.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"slmodem-kernel-server-latest-2.9.11-1.20090706.0.20080817.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"squashfs-kernel-2.6.29.6-desktop-1mnb-3.4-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"squashfs-kernel-2.6.29.6-desktop586-1mnb-3.4-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"squashfs-kernel-2.6.29.6-server-1mnb-3.4-1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"squashfs-kernel-desktop-latest-3.4-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"squashfs-kernel-desktop586-latest-3.4-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"squashfs-kernel-server-latest-3.4-1.20090706.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"squashfs-lzma-kernel-2.6.29.6-desktop-1mnb-3.3-10mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"squashfs-lzma-kernel-2.6.29.6-desktop586-1mnb-3.3-10mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"squashfs-lzma-kernel-2.6.29.6-server-1mnb-3.3-10mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"squashfs-lzma-kernel-desktop-latest-3.3-1.20090706.10mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"squashfs-lzma-kernel-desktop586-latest-3.3-1.20090706.10mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"squashfs-lzma-kernel-server-latest-3.3-1.20090706.10mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"syntek-kernel-2.6.29.6-desktop-1mnb-1.3.1-5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"syntek-kernel-2.6.29.6-desktop586-1mnb-1.3.1-5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"syntek-kernel-2.6.29.6-server-1mnb-1.3.1-5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"syntek-kernel-desktop-latest-1.3.1-1.20090706.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"syntek-kernel-desktop586-latest-1.3.1-1.20090706.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"syntek-kernel-server-latest-1.3.1-1.20090706.5mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tp_smapi-kernel-2.6.29.6-desktop-1mnb-0.40-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"tp_smapi-kernel-2.6.29.6-desktop586-1mnb-0.40-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tp_smapi-kernel-2.6.29.6-server-1mnb-0.40-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tp_smapi-kernel-desktop-latest-0.40-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"tp_smapi-kernel-desktop586-latest-0.40-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tp_smapi-kernel-server-latest-0.40-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vboxadditions-kernel-2.6.29.6-desktop-1mnb-2.2.0-4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"vboxadditions-kernel-2.6.29.6-desktop586-1mnb-2.2.0-4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vboxadditions-kernel-2.6.29.6-server-1mnb-2.2.0-4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vboxadditions-kernel-desktop-latest-2.2.0-1.20090706.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"vboxadditions-kernel-desktop586-latest-2.2.0-1.20090706.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vboxadditions-kernel-server-latest-2.2.0-1.20090706.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vhba-kernel-2.6.29.6-desktop-1mnb-1.2.1-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"vhba-kernel-2.6.29.6-desktop586-1mnb-1.2.1-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vhba-kernel-2.6.29.6-server-1mnb-1.2.1-2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vhba-kernel-desktop-latest-1.2.1-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"vhba-kernel-desktop586-latest-1.2.1-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vhba-kernel-server-latest-1.2.1-1.20090706.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"virtualbox-kernel-2.6.29.6-desktop-1mnb-2.2.0-4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"virtualbox-kernel-2.6.29.6-desktop586-1mnb-2.2.0-4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"virtualbox-kernel-2.6.29.6-server-1mnb-2.2.0-4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"virtualbox-kernel-desktop-latest-2.2.0-1.20090706.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"virtualbox-kernel-desktop586-latest-2.2.0-1.20090706.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"virtualbox-kernel-server-latest-2.2.0-1.20090706.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vpnclient-kernel-2.6.29.6-desktop-1mnb-4.8.01.0640-3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"vpnclient-kernel-2.6.29.6-desktop586-1mnb-4.8.01.0640-3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vpnclient-kernel-2.6.29.6-server-1mnb-4.8.01.0640-3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vpnclient-kernel-desktop-latest-4.8.01.0640-1.20090706.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"vpnclient-kernel-desktop586-latest-4.8.01.0640-1.20090706.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"vpnclient-kernel-server-latest-4.8.01.0640-1.20090706.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-13T14:57:16", "description": "Updated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated packages fix the following security issues :\n\n* a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service.\n(CVE-2009-1385, Important)\n\n* the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users. This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate)\n\n* Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations. This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems. (CVE-2009-1630, Moderate)\n\n* a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel.\n(CVE-2009-1758, Moderate)\n\n* a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak.\n(CVE-2009-1192, Low)\n\nThese updated packages also fix the following bugs :\n\n* '/proc/[pid]/maps' and '/proc/[pid]/smaps' can only be read by processes able to use the ptrace() call on a given process; however, certain information from '/proc/[pid]/stat' and '/proc/[pid]/wchan' could be used to reconstruct memory maps, making it possible to bypass the Address Space Layout Randomization (ASLR) security feature. This update addresses this issue. (BZ#499549)\n\n* in some situations, the link count was not decreased when renaming unused files on NFS mounted file systems. This may have resulted in poor performance. With this update, the link count is decreased in these situations, the same as is done for other file operations, such as unlink and rmdir. (BZ#501802)\n\n* tcp_ack() cleared the probes_out variable even if there were outstanding packets. When low TCP keepalive intervals were used, this bug may have caused problems, such as connections terminating, when using remote tools such as rsh and rlogin. (BZ#501754)\n\n* off-by-one errors in the time normalization code could have caused clock_gettime() to return one billion nanoseconds, rather than adding an extra second. This bug could have caused the name service cache daemon (nscd) to consume excessive CPU resources. (BZ#501800)\n\n* a system panic could occur when one thread read '/proc/bus/input/devices' while another was removing a device. With this update, a mutex has been added to protect the input_dev_list and input_handler_list variables, which resolves this issue. (BZ#501804)\n\n* using netdump may have caused a kernel deadlock on some systems.\n(BZ#504565)\n\n* the file system mask, which lists capabilities for users with a file system user ID (fsuid) of 0, was missing the CAP_MKNOD and CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented. This update adds these capabilities. (BZ#497269)\n\nAll Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues.\nNote: The system must be rebooted for this update to take effect.", "cvss3": {}, "published": "2009-07-01T00:00:00", "type": "nessus", "title": "RHEL 4 : kernel (RHSA-2009:1132)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["

Oracle Enterprise Linux 5.4 kernel security and bug fix update

Description

Related