{"type": "osvdb", "published": "2006-04-17T03:47:37", "href": "https://vulners.com/osvdb/OSVDB:24639", "hashmap": [{"key": "affectedSoftware", "hash": "55edc0ed64f255827f9f934f9b4b5149"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "6e494e91bb9f08b80c6f3a0a33583878"}, {"key": "cvss", "hash": "75acff42350108f057c8aa83b657d0ee"}, {"key": "description", "hash": "d3c222abf1525ce714b33bf622b5807e"}, {"key": "href", "hash": "db2cd6a532fbf12b6d25a4f061d2c7cd"}, {"key": "modified", "hash": "6411d1880a9af875c08f295b64be51e1"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "6411d1880a9af875c08f295b64be51e1"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e02a9803c863b6c6fd0d6c7ebfc801ca"}, {"key": "title", "hash": "e80e1e3e3be92b56081631f87e09b742"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/", "score": 4.9}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Asit B. Mallick(), Ernie Petrides()", "title": "Linux Kernel on Intel EM64T SYSRET Local DoS", "affectedSoftware": [{"operator": "eq", "version": "2.6.16.4", "name": "Kernel"}], "enchantments": {"score": {"value": 4.6, "vector": "NONE", "modified": "2017-04-28T13:20:21"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-0744"]}, {"type": "threatpost", "idList": ["THREATPOST:4FEC6728C18C88AB85DF2C74B02BB27C"]}, {"type": "nessus", "idList": ["ORACLEVM_OVMSA-2012-0020.NASL", "ORACLEVM_OVMSA-2012-0021.NASL", "FEDORA_2006-421.NASL", "FEDORA_2006-423.NASL", "CENTOS_RHSA-2006-0437.NASL", "MANDRAKE_MDKSA-2006-086.NASL", "REDHAT-RHSA-2006-0437.NASL", "REDHAT-RHSA-2006-0493.NASL", "UBUNTU_USN-302-1.NASL", "CENTOS_RHSA-2006-0493.NASL"]}, {"type": "cert", "idList": ["VU:649219"]}, {"type": "redhat", "idList": ["RHSA-2006:0437", "RHSA-2006:0493"]}, {"type": "centos", "idList": ["CESA-2006:0437", "CESA-2006:0493"]}, {"type": "suse", "idList": ["SUSE-SA:2006:047", "SUSE-SA:2006:042", "SUSE-SA:2006:028"]}, {"type": "openvas", "idList": ["OPENVAS:65035", "OPENVAS:136141256231065035", "OPENVAS:57028"]}, {"type": "ubuntu", "idList": ["USN-302-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1103-1:203B3"]}], "modified": "2017-04-28T13:20:21"}, "vulnersScore": 4.6}, "references": [], "id": "OSVDB:24639", "hash": "697588ca2a02ddafe60295856fa3401171e1e2700357b6501ccc3eb061f17216", "lastseen": "2017-04-28T13:20:21", "cvelist": ["CVE-2006-0744"], "modified": "2006-04-17T03:47:37", "description": "## Vulnerability Description\nThe Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when control is returned using SYSRET. The way Intel EM64T handles exceptions with uncanonical addresses might cause a Denial of Service, and will result in loss of availability for the platform.\n## Technical Description\nThe issue is only present on Intel EM64T CPUs.\n## Solution Description\nUpgrade to version 2.6.16.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nThe Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when control is returned using SYSRET. The way Intel EM64T handles exceptions with uncanonical addresses might cause a Denial of Service, and will result in loss of availability for the platform.\n## References:\nVendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm)\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006-05-31.html)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jul/0008.html)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:086)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-302-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Aug/0005.html)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm)\n[Secunia Advisory ID:21983](https://secuniaresearch.flexerasoftware.com/advisories/21983/)\n[Secunia Advisory ID:19639](https://secuniaresearch.flexerasoftware.com/advisories/19639/)\n[Secunia Advisory ID:20398](https://secuniaresearch.flexerasoftware.com/advisories/20398/)\n[Secunia Advisory ID:21179](https://secuniaresearch.flexerasoftware.com/advisories/21179/)\n[Secunia Advisory ID:21498](https://secuniaresearch.flexerasoftware.com/advisories/21498/)\n[Secunia Advisory ID:20157](https://secuniaresearch.flexerasoftware.com/advisories/20157/)\n[Secunia Advisory ID:20237](https://secuniaresearch.flexerasoftware.com/advisories/20237/)\n[Secunia Advisory ID:21136](https://secuniaresearch.flexerasoftware.com/advisories/21136/)\n[Secunia Advisory ID:21745](https://secuniaresearch.flexerasoftware.com/advisories/21745/)\n[Secunia Advisory ID:19735](https://secuniaresearch.flexerasoftware.com/advisories/19735/)\n[Secunia Advisory ID:20716](https://secuniaresearch.flexerasoftware.com/advisories/20716/)\nRedHat RHSA: RHSA-2006:0493\nRedHat RHSA: RHSA-2006:0437\nISS X-Force ID: 25869\n[CVE-2006-0744](https://vulners.com/cve/CVE-2006-0744)\nBugtraq ID: 17541\n"}

{"cve": [{"lastseen": "2019-05-29T18:08:31", "bulletinFamily": "NVD", "description": "Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.", "modified": "2018-10-30T16:26:00", "id": "CVE-2006-0744", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0744", "published": "2006-04-18T10:02:00", "title": "CVE-2006-0744", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T23:02:48", "bulletinFamily": "info", "description": "[](<https://threatpost.com/intel-processor-sysret-vulnerability-affecting-some-64-bit-systems-061812/>)A flaw exists in the way that a specific instruction is handled on some types of Intel 64-bit chips that could open up some operating systems and types of virtualization software to attacks, according to an alert issued last week but revised today by the United States Computer Emergency Readiness Team (US-CERT).\n\nAttackers could execute malicious code via kernel privileges or launch a local privilege escalation attack, [according to the alert](<http://www.kb.cert.org/vuls/id/649219>), by Jared Allar of US-CERT.\n\nThe flaw has already been exploited on 64-bit versions of Microsoft Windows 7, FreeBSD, NetBSD and there\u2019s a chance Apple\u2019s OS X may also be vulnerable, [according to a blog](<http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/>) on Xen.org, an open source community for users of the virtual service.\n\nThe Xen post goes on to claim the vulnerability stems from a difference in the way that Intel\u2019s processors implemented error handling in its version of AMD\u2019s SYSRET instruction. Written by AMD, but used on Intel hardware, the SYSRET instruction contains a bug that could allow a local user to write executable malicious code. The flaw is in the instruction and not in the Intel chips themselves.\n\nMicrosoft [patched the hole last week](<https://threatpost.com/seven-bulletins-microsoft-s-june-patch-061212/>) ([MS12-042](<http://technet.microsoft.com/en-us/security/bulletin/MS12-042>)), shortly after US-CERT\u2019s announcement, while FreeBSD [warned customers in a message](<http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>) the flaw could cause kernel data corruption or crash computers and encouraged users to update their system or apply the requisite binary or source code patches.\n\nFor more on this, head to [US-CERT\u2019s alert](<http://www.kb.cert.org/vuls/id/649219>) and [Xen\u2019s Community blog](<http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/>), which further breaks down the vulnerability and points out that Linux patched the hole in [one form or another](<http://marc.info/?l=git-commits-head&m=114223318030280&w=2>), back in [2006](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0744>).\n", "modified": "2013-04-17T16:32:00", "published": "2012-06-18T19:14:58", "id": "THREATPOST:4FEC6728C18C88AB85DF2C74B02BB27C", "href": "https://threatpost.com/intel-processor-sysret-vulnerability-affecting-some-64-bit-systems-061812/76705/", "type": "threatpost", "title": "Intel Processor SYSRET Vulnerability Affecting Some 64-Bit Systems", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-11-01T03:18:44", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86-64: detect processors subject to AMD erratum #121\n and refuse to boot(CVE-2006-0744)\n\n - guest denial of service on syscall/sysenter exception\n generation (CVE-2012-0217)\n\n - Remove unnecessary balloon retries on vm create. This is\n a backport from fix for bug 14143327.\n\n - This backport from 3.1.1: Author: amisherf Put back the\n patch that prevent older guest that uses kudzu from\n hanging on a reboot. Fixed the patch to prevent\n excessive watcher writes which causes xend, xenstored to\n run at a 100% cpu usage. Now the watch is written only\n if console in Initialising, InitWait, Initialised states\n which happen once at boot time. [bug 13523487]\n\n - Backport from upstream changeset 20968 xend: notify\n xenpv device model that console info is ready Sometimes\n PV domain with vfb doesn", "modified": "2019-11-02T00:00:00", "id": "ORACLEVM_OVMSA-2012-0020.NASL", "href": "https://www.tenable.com/plugins/nessus/79476", "published": "2014-11-26T00:00:00", "title": "OracleVM 3.0 : xen (OVMSA-2012-0020)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2012-0020.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79476);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/27 13:00:34\");\n\n script_cve_id(\"CVE-2006-0744\", \"CVE-2012-0217\");\n script_bugtraq_id(53856);\n\n script_name(english:\"OracleVM 3.0 : xen (OVMSA-2012-0020)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86-64: detect processors subject to AMD erratum #121\n and refuse to boot(CVE-2006-0744)\n\n - guest denial of service on syscall/sysenter exception\n generation (CVE-2012-0217)\n\n - Remove unnecessary balloon retries on vm create. This is\n a backport from fix for bug 14143327.\n\n - This backport from 3.1.1: Author: amisherf Put back the\n patch that prevent older guest that uses kudzu from\n hanging on a reboot. Fixed the patch to prevent\n excessive watcher writes which causes xend, xenstored to\n run at a 100% cpu usage. Now the watch is written only\n if console in Initialising, InitWait, Initialised states\n which happen once at boot time. [bug 13523487]\n\n - Backport from upstream changeset 20968 xend: notify\n xenpv device model that console info is ready Sometimes\n PV domain with vfb doesn't boot up. /sbin/kudzu is\n stuck. After investigation, I've found that the evtchn\n for console is not bound at all. Normal sequence of\n evtchn initialization in qemu-dm for xenpv is: 1) watch\n xenstore backpath\n (/local/domain/0/backend/console/<domid>/0) 2) read\n console info (/local/domain/<domid>/console/[type,\n ring-ref, port..= ]) 3) bind the evtchn to the port. But\n in some case, xend writes to the backpath before the\n console info is prepared, and never write to the\n backpath again. So the qemu-dm fails at 2) and never\n reach to 3). When this happens, manually xenstore-write\n command on Domain-0 resumes the guest.\n\n - Set max cstate to 1. This is a backport requirement for\n bug 13703504. We have several bugs that cstate made\n system unstable, both for ovm2 and ovm3: For OVM3.x: Bug\n 13703504 - unexplained network disconnect causes ocfs to\n fence the server For OVM2.x\"\n );\n # https://bug.oraclecorp.com/pls/bug/webbug_edit.edit_info_top?rptno=10631565\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc519774\"\n );\n # https://bug.oraclecorp.com/pls/bug/webbug_edit.edit_info_top?rptno=13494054\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f23ffdff\"\n );\n # https://forums.oracle.com/forums/thread.jspa?threadID=2347014&amp;tstart=0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a21b79d3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2012-June/000083.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-devel / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.0\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.0\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.0\", reference:\"xen-4.0.0-81.el5.7\")) flag++;\nif (rpm_check(release:\"OVS3.0\", reference:\"xen-devel-4.0.0-81.el5.7\")) flag++;\nif (rpm_check(release:\"OVS3.0\", reference:\"xen-tools-4.0.0-81.el5.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:18:45", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86-64: detect processors subject to AMD erratum #121\n and refuse to boot(CVE-2006-0744)\n\n - guest denial of service on syscall/sysenter exception\n generation (CVE-2012-0217),(CVE-2012-0218)\n\n - Remove unnecessary balloon retries on vm create. This is\n a backport from fix for bug 14143327.", "modified": "2019-11-02T00:00:00", "id": "ORACLEVM_OVMSA-2012-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/79477", "published": "2014-11-26T00:00:00", "title": "OracleVM 3.1 : xen (OVMSA-2012-0021)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2012-0021.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79477);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:34\");\n\n script_cve_id(\"CVE-2006-0744\", \"CVE-2012-0217\", \"CVE-2012-0218\");\n script_bugtraq_id(53856, 53955);\n\n script_name(english:\"OracleVM 3.1 : xen (OVMSA-2012-0021)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86-64: detect processors subject to AMD erratum #121\n and refuse to boot(CVE-2006-0744)\n\n - guest denial of service on syscall/sysenter exception\n generation (CVE-2012-0217),(CVE-2012-0218)\n\n - Remove unnecessary balloon retries on vm create. This is\n a backport from fix for bug 14143327.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2012-June/000082.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-devel / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.1\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.1\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.1\", reference:\"xen-4.1.2-18.el5.3\")) flag++;\nif (rpm_check(release:\"OVS3.1\", reference:\"xen-devel-4.1.2-18.el5.3\")) flag++;\nif (rpm_check(release:\"OVS3.1\", reference:\"xen-tools-4.1.2-18.el5.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:26:31", "bulletinFamily": "scanner", "description": "This update includes a number of security issues that have been fixed\nupstream over the last week or so.\n\ni386/x86-64: Fix x87 information leak between processes\n(CVE-2006-1056) ip_route_input panic fix (CVE-2006-1525) fix\nMADV_REMOVE vulnerability (CVE-2006-1524) shmat: stop mprotect from\ngiving write permission to a readonly attachment (CVE-2006-1524) Fix\nMPBL0010 driver insecure sysfs permissions x86_64: When user could\nhave changed RIP always force IRET (CVE-2006-0744) Fix RCU signal\nhandling Keys: Fix oops when adding key to non-keyring (CVE-2006-1522)\nsysfs: zero terminate sysfs write buffers (CVE-2006-1055)\n\nIt also includes various other fixes from the -stable tree. Full\nchangelogs are available from :\n\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.7\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.4\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2006-423.NASL", "href": "https://www.tenable.com/plugins/nessus/21253", "published": "2006-04-21T00:00:00", "title": "Fedora Core 4 : kernel-2.6.16-1.2096_FC4 (2006-423)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-423.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21253);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:24\");\n\n script_cve_id(\"CVE-2006-0744\", \"CVE-2006-1055\", \"CVE-2006-1056\", \"CVE-2006-1522\", \"CVE-2006-1524\", \"CVE-2006-1525\");\n script_xref(name:\"FEDORA\", value:\"2006-423\");\n\n script_name(english:\"Fedora Core 4 : kernel-2.6.16-1.2096_FC4 (2006-423)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes a number of security issues that have been fixed\nupstream over the last week or so.\n\ni386/x86-64: Fix x87 information leak between processes\n(CVE-2006-1056) ip_route_input panic fix (CVE-2006-1525) fix\nMADV_REMOVE vulnerability (CVE-2006-1524) shmat: stop mprotect from\ngiving write permission to a readonly attachment (CVE-2006-1524) Fix\nMPBL0010 driver insecure sysfs permissions x86_64: When user could\nhave changed RIP always force IRET (CVE-2006-0744) Fix RCU signal\nhandling Keys: Fix oops when adding key to non-keyring (CVE-2006-1522)\nsysfs: zero terminate sysfs write buffers (CVE-2006-1055)\n\nIt also includes various other fixes from the -stable tree. Full\nchangelogs are available from :\n\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.7\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.4\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2006-April/002128.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ec807f2\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2006-April/002129.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1f77789\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"kernel-2.6.16-1.2096_FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"kernel-debuginfo-2.6.16-1.2096_FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"kernel-devel-2.6.16-1.2096_FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"kernel-doc-2.6.16-1.2096_FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"kernel-smp-2.6.16-1.2096_FC4\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"kernel-smp-devel-2.6.16-1.2096_FC4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-devel / kernel-doc / kernel-smp / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:26:31", "bulletinFamily": "scanner", "description": "This update includes a number of security issues that have been fixed\nupstream over the last week or so.\n\ni386/x86-64: Fix x87 information leak between processes\n(CVE-2006-1056) ip_route_input panic fix (CVE-2006-1525) fix\nMADV_REMOVE vulnerability (CVE-2006-1524) shmat: stop mprotect from\ngiving write permission to a readonly attachment (CVE-2006-1524) Fix\nMPBL0010 driver insecure sysfs permissions x86_64: When user could\nhave changed RIP always force IRET (CVE-2006-0744) Fix RCU signal\nhandling Keys: Fix oops when adding key to non-keyring (CVE-2006-1522)\nsysfs: zero terminate sysfs write buffers (CVE-2006-1055)\n\nIt also includes various other fixes from the -stable tree. Full\nchangelogs are available from :\n\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.7\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.4\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2006-421.NASL", "href": "https://www.tenable.com/plugins/nessus/21252", "published": "2006-04-21T00:00:00", "title": "Fedora Core 5 : kernel-2.6.16-1.2096_FC5 (2006-421)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-421.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21252);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:24\");\n\n script_xref(name:\"FEDORA\", value:\"2006-421\");\n\n script_name(english:\"Fedora Core 5 : kernel-2.6.16-1.2096_FC5 (2006-421)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes a number of security issues that have been fixed\nupstream over the last week or so.\n\ni386/x86-64: Fix x87 information leak between processes\n(CVE-2006-1056) ip_route_input panic fix (CVE-2006-1525) fix\nMADV_REMOVE vulnerability (CVE-2006-1524) shmat: stop mprotect from\ngiving write permission to a readonly attachment (CVE-2006-1524) Fix\nMPBL0010 driver insecure sysfs permissions x86_64: When user could\nhave changed RIP always force IRET (CVE-2006-0744) Fix RCU signal\nhandling Keys: Fix oops when adding key to non-keyring (CVE-2006-1522)\nsysfs: zero terminate sysfs write buffers (CVE-2006-1055)\n\nIt also includes various other fixes from the -stable tree. Full\nchangelogs are available from :\n\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.7\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.4\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3\nhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2006-April/002127.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e8daedf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-xen0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-xen0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-xenU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-xenU-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"kernel-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"kernel-debuginfo-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"kernel-devel-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"kernel-doc-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"kernel-kdump-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"kernel-kdump-devel-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", cpu:\"i386\", reference:\"kernel-smp-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"kernel-xen0-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"kernel-xen0-devel-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"kernel-xenU-2.6.16-1.2096_FC5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"kernel-xenU-devel-2.6.16-1.2096_FC5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-devel / kernel-doc / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T03:20:12", "bulletinFamily": "scanner", "description": "Updated kernel packages are now available as part of ongoing support\nand maintenance of Red Hat Enterprise Linux version 3. This is the\neighth regular update.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThis is the eighth regular kernel update to Red Hat Enterprise Linux\n3.\n\nNew features introduced by this update include :\n\n - addition of the adp94xx and dcdbas device drivers -\n diskdump support on megaraid_sas, qlogic, and swap\n partitions - support for new hardware via driver and\n SCSI white-list updates\n\nThere were many bug fixes in various parts of the kernel. The ongoing\neffort to resolve these problems has resulted in a marked improvement\nin the reliability and scalability of Red Hat Enterprise Linux 3.\n\nThere were numerous driver updates and security fixes (elaborated\nbelow). Other key areas affected by fixes in this update include the\nnetworking subsystem, the NFS and autofs4 file systems, the SCSI and\nUSB subsystems, and architecture-specific handling affecting AMD\nOpteron and Intel EM64T processors.\n\nThe following device drivers have been added or upgraded to new\nversions :\n\nadp94xx -------- 1.0.8 (new) bnx2 ----------- 1.4.38 cciss ----------\n2.4.60.RH1 dcdbas --------- 5.6.0-1 (new) e1000 ---------- 7.0.33-k2\nemulex --------- 7.3.6 forcedeth ------ 0.30 ipmi ----------- 35.13\nqlogic --------- 7.07.04b6 tg3 ------------ 3.52RH\n\nThe following security bugs were fixed in this update :\n\n - a flaw in the USB devio handling of device removal that\n allowed a local user to cause a denial of service\n (crash) (CVE-2005-3055, moderate)\n\n - a flaw in the exec() handling of multi-threaded tasks\n using ptrace() that allowed a local user to cause a\n denial of service (hang of a user process)\n (CVE-2005-3107, low)\n\n - a difference in ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2006-0437.NASL", "href": "https://www.tenable.com/plugins/nessus/22086", "published": "2006-07-21T00:00:00", "title": "RHEL 3 : kernel (RHSA-2006:0437)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0437. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22086);\n script_version (\"1.28\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2005-3055\", \"CVE-2005-3107\", \"CVE-2006-0741\", \"CVE-2006-0742\", \"CVE-2006-0744\", \"CVE-2006-1056\", \"CVE-2006-1242\", \"CVE-2006-1343\", \"CVE-2006-2444\");\n script_bugtraq_id(17600, 18081);\n script_xref(name:\"RHSA\", value:\"2006:0437\");\n\n script_name(english:\"RHEL 3 : kernel (RHSA-2006:0437)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages are now available as part of ongoing support\nand maintenance of Red Hat Enterprise Linux version 3. This is the\neighth regular update.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThis is the eighth regular kernel update to Red Hat Enterprise Linux\n3.\n\nNew features introduced by this update include :\n\n - addition of the adp94xx and dcdbas device drivers -\n diskdump support on megaraid_sas, qlogic, and swap\n partitions - support for new hardware via driver and\n SCSI white-list updates\n\nThere were many bug fixes in various parts of the kernel. The ongoing\neffort to resolve these problems has resulted in a marked improvement\nin the reliability and scalability of Red Hat Enterprise Linux 3.\n\nThere were numerous driver updates and security fixes (elaborated\nbelow). Other key areas affected by fixes in this update include the\nnetworking subsystem, the NFS and autofs4 file systems, the SCSI and\nUSB subsystems, and architecture-specific handling affecting AMD\nOpteron and Intel EM64T processors.\n\nThe following device drivers have been added or upgraded to new\nversions :\n\nadp94xx -------- 1.0.8 (new) bnx2 ----------- 1.4.38 cciss ----------\n2.4.60.RH1 dcdbas --------- 5.6.0-1 (new) e1000 ---------- 7.0.33-k2\nemulex --------- 7.3.6 forcedeth ------ 0.30 ipmi ----------- 35.13\nqlogic --------- 7.07.04b6 tg3 ------------ 3.52RH\n\nThe following security bugs were fixed in this update :\n\n - a flaw in the USB devio handling of device removal that\n allowed a local user to cause a denial of service\n (crash) (CVE-2005-3055, moderate)\n\n - a flaw in the exec() handling of multi-threaded tasks\n using ptrace() that allowed a local user to cause a\n denial of service (hang of a user process)\n (CVE-2005-3107, low)\n\n - a difference in 'sysretq' operation of EM64T (as opposed\n to Opteron) processors that allowed a local user to\n cause a denial of service (crash) upon return from\n certain system calls (CVE-2006-0741 and CVE-2006-0744,\n important)\n\n - a flaw in unaligned accesses handling on Intel Itanium\n processors that allowed a local user to cause a denial\n of service (crash) (CVE-2006-0742, important)\n\n - an info leak on AMD-based x86 and x86_64 systems that\n allowed a local user to retrieve the floating point\n exception state of a process run by a different user\n (CVE-2006-1056, important)\n\n - a flaw in IPv4 packet output handling that allowed a\n remote user to bypass the zero IP ID countermeasure on\n systems with a disabled firewall (CVE-2006-1242, low)\n\n - a minor info leak in socket option handling in the\n network code (CVE-2006-1343, low)\n\n - a flaw in IPv4 netfilter handling for the unlikely use\n of SNMP NAT processing that allowed a remote user to\n cause a denial of service (crash) or potential memory\n corruption (CVE-2006-2444, moderate)\n\nNote: The kernel-unsupported package contains various drivers and\nmodules that are unsupported and therefore might contain security\nproblems that have not been addressed.\n\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0437\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2005-3055\", \"CVE-2005-3107\", \"CVE-2006-0741\", \"CVE-2006-0742\", \"CVE-2006-0744\", \"CVE-2006-1056\", \"CVE-2006-1242\", \"CVE-2006-1343\", \"CVE-2006-2444\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2006:0437\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0437\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-doc-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-hugemem-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-hugemem-unsupported-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-smp-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-smp-unsupported-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-source-2.4.21-47.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-unsupported-2.4.21-47.EL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:54:58", "bulletinFamily": "scanner", "description": "A number of vulnerabilities were discovered and corrected in the Linux\n2.6 kernel :\n\nPrior to Linux kernel 2.6.16.5, the kernel does not properly handle\nuncanonical return addresses on Intel EM64T CPUs which causes the\nkernel exception handler to run on the user stack with the wrong GS\n(CVE-2006-0744).\n\nThe selinux_ptrace logic hooks in SELinux for 2.6.6 allow local users\nwith ptrace permissions to change the tracer SID to an SID of another\nprocess (CVE-2006-1052).\n\nPrior to 2.6.16, the ip_push_pending_frames function increments the IP\nID field when sending a RST after receiving unsolicited TCP SYN-ACK\npackets, which allows a remote attacker to conduct an idle scan\nattack, bypassing any intended protection against such an attack\n(CVE-2006-1242).\n\nIn kernel 2.6.16.1 and some earlier versions, the sys_add_key function\nin the keyring code allows local users to cause a DoS (OOPS) via\nkeyctl requests that add a key to a user key instead of a keyring key,\ncausing an invalid dereference (CVE-2006-1522).\n\nPrior to 2.6.16.8, the ip_route_input function allows local users to\ncause a DoS (panic) via a request for a route for a multicast IP\naddress, which triggers a null dereference (CVE-2006-1525).\n\nPrior to 2.6.16.13, the SCTP-netfilter code allows remote attackers to\ncause a DoS (infinite loop) via unknown vectors that cause an invalid\nSCTP chunk size to be processed (CVE-2006-1527).\n\nPrior to 2.6.16, local users can bypass IPC permissions and modify a\nread-only attachment of shared memory by using mprotect to give write\npermission to the attachment (CVE-2006-2071).\n\nPrior to 2.6.17, the ECNE chunk handling in SCTP (lksctp) allows\nremote attackers to cause a DoS (kernel panic) via an unexpected\nchucnk when the session is in CLOSED state (CVE-2006-2271).\n\nPrior to 2.6.17, SCTP (lksctp) allows remote attacker to cause a DoS\n(kernel panic) via incoming IP fragmented COOKIE_ECHO and HEARTBEAT\nSCTP control chunks (CVE-2006-2272).\n\nIn addition to these security fixes, other fixes have been included\nsuch as :\n\n - fix a scheduler deadlock\n\n - Yenta oops fix\n\n - ftdi_sio: adds support for iPlus devices\n\n - enable kprobes on i386 and x86_64\n\n - avoid a panic on bind mount of autofs owned directory\n\n - fix a kernel OOPs when booting with ", "modified": "2019-11-02T00:00:00", "id": "MANDRAKE_MDKSA-2006-086.NASL", "href": "https://www.tenable.com/plugins/nessus/21575", "published": "2006-05-19T00:00:00", "title": "Mandrake Linux Security Advisory : kernel (MDKSA-2006:086)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:086. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21575);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:48\");\n\n script_cve_id(\"CVE-2006-0744\", \"CVE-2006-1052\", \"CVE-2006-1242\", \"CVE-2006-1522\", \"CVE-2006-1525\", \"CVE-2006-1527\", \"CVE-2006-2071\", \"CVE-2006-2271\", \"CVE-2006-2272\");\n script_xref(name:\"MDKSA\", value:\"2006:086\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kernel (MDKSA-2006:086)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities were discovered and corrected in the Linux\n2.6 kernel :\n\nPrior to Linux kernel 2.6.16.5, the kernel does not properly handle\nuncanonical return addresses on Intel EM64T CPUs which causes the\nkernel exception handler to run on the user stack with the wrong GS\n(CVE-2006-0744).\n\nThe selinux_ptrace logic hooks in SELinux for 2.6.6 allow local users\nwith ptrace permissions to change the tracer SID to an SID of another\nprocess (CVE-2006-1052).\n\nPrior to 2.6.16, the ip_push_pending_frames function increments the IP\nID field when sending a RST after receiving unsolicited TCP SYN-ACK\npackets, which allows a remote attacker to conduct an idle scan\nattack, bypassing any intended protection against such an attack\n(CVE-2006-1242).\n\nIn kernel 2.6.16.1 and some earlier versions, the sys_add_key function\nin the keyring code allows local users to cause a DoS (OOPS) via\nkeyctl requests that add a key to a user key instead of a keyring key,\ncausing an invalid dereference (CVE-2006-1522).\n\nPrior to 2.6.16.8, the ip_route_input function allows local users to\ncause a DoS (panic) via a request for a route for a multicast IP\naddress, which triggers a null dereference (CVE-2006-1525).\n\nPrior to 2.6.16.13, the SCTP-netfilter code allows remote attackers to\ncause a DoS (infinite loop) via unknown vectors that cause an invalid\nSCTP chunk size to be processed (CVE-2006-1527).\n\nPrior to 2.6.16, local users can bypass IPC permissions and modify a\nread-only attachment of shared memory by using mprotect to give write\npermission to the attachment (CVE-2006-2071).\n\nPrior to 2.6.17, the ECNE chunk handling in SCTP (lksctp) allows\nremote attackers to cause a DoS (kernel panic) via an unexpected\nchucnk when the session is in CLOSED state (CVE-2006-2271).\n\nPrior to 2.6.17, SCTP (lksctp) allows remote attacker to cause a DoS\n(kernel panic) via incoming IP fragmented COOKIE_ECHO and HEARTBEAT\nSCTP control chunks (CVE-2006-2272).\n\nIn addition to these security fixes, other fixes have been included\nsuch as :\n\n - fix a scheduler deadlock\n\n - Yenta oops fix\n\n - ftdi_sio: adds support for iPlus devices\n\n - enable kprobes on i386 and x86_64\n\n - avoid a panic on bind mount of autofs owned directory\n\n - fix a kernel OOPs when booting with 'console=ttyUSB0'\n but without a USB-serial dongle plugged in\n\n - make dm-mirror not issue invalid resync requests\n\n - fix media change detection on scsi removable devices\n\n - add support for the realtek 8168 chipset\n\n - update hfsplus driver to 2.6.16 state\n\n - backport 'Gilgal' support from e1000 7.0.33\n\n - selected ACPI video fixes\n\n - update 3w-9xxx to 2.26.02.005 (9550SX support)\n\n - fix a deadlock in the ext2 filesystem\n\n - fix usbserial use-after-free bug\n\n - add i945GM DRI support\n\n - S3 resume fixes\n\n - add ECS PF22 hda model support\n\n - SMP suspend\n\n - CPU hotplug\n\n - miscellaneous AGP fixes\n\n - added sata-suspend patch for 2.6.12 for Napa platform\n\nThe provided packages are patched to fix these vulnerabilities. All\nusers are encouraged to upgrade to these updated kernels.\n\nAs well, updated mkinitrd and bootsplash packages are provided to fix\nminor issues; users should upgrade both packages prior to installing a\nnew kernel.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bootsplash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-2.6.12.21mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-BOOT-2.6.12.21mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.12.21mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.12.21mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.21mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.21mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.21mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.12.21mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mkinitrd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"bootsplash-3.1.12-0.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-2.6.12.21mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-BOOT-2.6.12.21mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-i586-up-1GB-2.6.12.21mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-i686-up-4GB-2.6.12.21mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-smp-2.6.12.21mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-source-2.6-2.6.12-21mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-source-stripped-2.6-2.6.12-21mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-xbox-2.6.12.21mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-xen0-2.6.12.21mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-xenU-2.6.12.21mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"mkinitrd-4.2.17-17.2.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T02:15:04", "bulletinFamily": "scanner", "description": "Updated kernel packages are now available as part of ongoing support\nand maintenance of Red Hat Enterprise Linux version 3. This is the\neighth regular update.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThis is the eighth regular kernel update to Red Hat Enterprise Linux\n3.\n\nNew features introduced by this update include :\n\n - addition of the adp94xx and dcdbas device drivers -\n diskdump support on megaraid_sas, qlogic, and swap\n partitions - support for new hardware via driver and\n SCSI white-list updates\n\nThere were many bug fixes in various parts of the kernel. The ongoing\neffort to resolve these problems has resulted in a marked improvement\nin the reliability and scalability of Red Hat Enterprise Linux 3.\n\nThere were numerous driver updates and security fixes (elaborated\nbelow). Other key areas affected by fixes in this update include the\nnetworking subsystem, the NFS and autofs4 file systems, the SCSI and\nUSB subsystems, and architecture-specific handling affecting AMD\nOpteron and Intel EM64T processors.\n\nThe following device drivers have been added or upgraded to new\nversions :\n\nadp94xx -------- 1.0.8 (new) bnx2 ----------- 1.4.38 cciss ----------\n2.4.60.RH1 dcdbas --------- 5.6.0-1 (new) e1000 ---------- 7.0.33-k2\nemulex --------- 7.3.6 forcedeth ------ 0.30 ipmi ----------- 35.13\nqlogic --------- 7.07.04b6 tg3 ------------ 3.52RH\n\nThe following security bugs were fixed in this update :\n\n - a flaw in the USB devio handling of device removal that\n allowed a local user to cause a denial of service\n (crash) (CVE-2005-3055, moderate)\n\n - a flaw in the exec() handling of multi-threaded tasks\n using ptrace() that allowed a local user to cause a\n denial of service (hang of a user process)\n (CVE-2005-3107, low)\n\n - a difference in ", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2006-0437.NASL", "href": "https://www.tenable.com/plugins/nessus/22135", "published": "2006-08-04T00:00:00", "title": "CentOS 3 : kernel (CESA-2006:0437)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0437 and \n# CentOS Errata and Security Advisory 2006:0437 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22135);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/10/25 13:36:03\");\n\n script_cve_id(\"CVE-2005-3055\", \"CVE-2005-3107\", \"CVE-2006-0741\", \"CVE-2006-0742\", \"CVE-2006-0744\", \"CVE-2006-1056\", \"CVE-2006-1242\", \"CVE-2006-1343\", \"CVE-2006-2444\");\n script_bugtraq_id(17600, 18081);\n script_xref(name:\"RHSA\", value:\"2006:0437\");\n\n script_name(english:\"CentOS 3 : kernel (CESA-2006:0437)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages are now available as part of ongoing support\nand maintenance of Red Hat Enterprise Linux version 3. This is the\neighth regular update.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThis is the eighth regular kernel update to Red Hat Enterprise Linux\n3.\n\nNew features introduced by this update include :\n\n - addition of the adp94xx and dcdbas device drivers -\n diskdump support on megaraid_sas, qlogic, and swap\n partitions - support for new hardware via driver and\n SCSI white-list updates\n\nThere were many bug fixes in various parts of the kernel. The ongoing\neffort to resolve these problems has resulted in a marked improvement\nin the reliability and scalability of Red Hat Enterprise Linux 3.\n\nThere were numerous driver updates and security fixes (elaborated\nbelow). Other key areas affected by fixes in this update include the\nnetworking subsystem, the NFS and autofs4 file systems, the SCSI and\nUSB subsystems, and architecture-specific handling affecting AMD\nOpteron and Intel EM64T processors.\n\nThe following device drivers have been added or upgraded to new\nversions :\n\nadp94xx -------- 1.0.8 (new) bnx2 ----------- 1.4.38 cciss ----------\n2.4.60.RH1 dcdbas --------- 5.6.0-1 (new) e1000 ---------- 7.0.33-k2\nemulex --------- 7.3.6 forcedeth ------ 0.30 ipmi ----------- 35.13\nqlogic --------- 7.07.04b6 tg3 ------------ 3.52RH\n\nThe following security bugs were fixed in this update :\n\n - a flaw in the USB devio handling of device removal that\n allowed a local user to cause a denial of service\n (crash) (CVE-2005-3055, moderate)\n\n - a flaw in the exec() handling of multi-threaded tasks\n using ptrace() that allowed a local user to cause a\n denial of service (hang of a user process)\n (CVE-2005-3107, low)\n\n - a difference in 'sysretq' operation of EM64T (as opposed\n to Opteron) processors that allowed a local user to\n cause a denial of service (crash) upon return from\n certain system calls (CVE-2006-0741 and CVE-2006-0744,\n important)\n\n - a flaw in unaligned accesses handling on Intel Itanium\n processors that allowed a local user to cause a denial\n of service (crash) (CVE-2006-0742, important)\n\n - an info leak on AMD-based x86 and x86_64 systems that\n allowed a local user to retrieve the floating point\n exception state of a process run by a different user\n (CVE-2006-1056, important)\n\n - a flaw in IPv4 packet output handling that allowed a\n remote user to bypass the zero IP ID countermeasure on\n systems with a disabled firewall (CVE-2006-1242, low)\n\n - a minor info leak in socket option handling in the\n network code (CVE-2006-1343, low)\n\n - a flaw in IPv4 netfilter handling for the unlikely use\n of SNMP NAT processing that allowed a remote user to\n cause a denial of service (crash) or potential memory\n corruption (CVE-2006-2444, moderate)\n\nNote: The kernel-unsupported package contains various drivers and\nmodules that are unsupported and therefore might contain security\nproblems that have not been addressed.\n\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013097.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f940410\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013098.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b07bc7df\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-July/013053.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3720e2d6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-doc-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-smp-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-smp-unsupported-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-source-2.4.21-47.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-unsupported-2.4.21-47.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T03:20:12", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix several security issues in the Red\nHat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n* a flaw in the IPv6 implementation that allowed a local user to cause\na denial of service (infinite loop and crash) (CVE-2005-2973,\nimportant)\n\n* a flaw in the bridge implementation that allowed a remote user to\ncause forwarding of spoofed packets via poisoning of the forwarding\ntable with already dropped frames (CVE-2005-3272, moderate)\n\n* a flaw in the atm module that allowed a local user to cause a denial\nof service (panic) via certain socket calls (CVE-2005-3359, important)\n\n* a flaw in the NFS client implementation that allowed a local user to\ncause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,\nimportant)\n\n* a difference in ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2006-0493.NASL", "href": "https://www.tenable.com/plugins/nessus/21592", "published": "2006-05-24T00:00:00", "title": "RHEL 4 : kernel (RHSA-2006:0493)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0493. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21592);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2005-2973\", \"CVE-2005-3272\", \"CVE-2005-3359\", \"CVE-2006-0555\", \"CVE-2006-0741\", \"CVE-2006-0744\", \"CVE-2006-1522\", \"CVE-2006-1525\", \"CVE-2006-1527\", \"CVE-2006-1528\", \"CVE-2006-1855\", \"CVE-2006-1856\", \"CVE-2006-1862\", \"CVE-2006-1864\", \"CVE-2006-2271\", \"CVE-2006-2272\", \"CVE-2006-2274\");\n script_xref(name:\"RHSA\", value:\"2006:0493\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2006:0493)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues in the Red\nHat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n* a flaw in the IPv6 implementation that allowed a local user to cause\na denial of service (infinite loop and crash) (CVE-2005-2973,\nimportant)\n\n* a flaw in the bridge implementation that allowed a remote user to\ncause forwarding of spoofed packets via poisoning of the forwarding\ntable with already dropped frames (CVE-2005-3272, moderate)\n\n* a flaw in the atm module that allowed a local user to cause a denial\nof service (panic) via certain socket calls (CVE-2005-3359, important)\n\n* a flaw in the NFS client implementation that allowed a local user to\ncause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,\nimportant)\n\n* a difference in 'sysretq' operation of EM64T (as opposed to Opteron)\nprocessors that allowed a local user to cause a denial of service\n(crash) upon return from certain system calls (CVE-2006-0741 and\nCVE-2006-0744, important)\n\n* a flaw in the keyring implementation that allowed a local user to\ncause a denial of service (OOPS) (CVE-2006-1522, important)\n\n* a flaw in IP routing implementation that allowed a local user to\ncause a denial of service (panic) via a request for a route for a\nmulticast IP (CVE-2006-1525, important)\n\n* a flaw in the SCTP-netfilter implementation that allowed a remote\nuser to cause a denial of service (infinite loop) (CVE-2006-1527,\nimportant)\n\n* a flaw in the sg driver that allowed a local user to cause a denial\nof service (crash) via a dio transfer to memory mapped (mmap) IO space\n(CVE-2006-1528, important)\n\n* a flaw in the threading implementation that allowed a local user to\ncause a denial of service (panic) (CVE-2006-1855, important)\n\n* two missing LSM hooks that allowed a local user to bypass the LSM by\nusing readv() or writev() (CVE-2006-1856, moderate)\n\n* a flaw in the virtual memory implementation that allowed local user\nto cause a denial of service (panic) by using the lsof command\n(CVE-2006-1862, important)\n\n* a directory traversal vulnerability in smbfs that allowed a local\nuser to escape chroot restrictions for an SMB-mounted filesystem via\n'..\\\\' sequences (CVE-2006-1864, moderate)\n\n* a flaw in the ECNE chunk handling of SCTP that allowed a remote user\nto cause a denial of service (panic) (CVE-2006-2271, moderate)\n\n* a flaw in the handling of COOKIE_ECHO and HEARTBEAT control chunks\nof SCTP that allowed a remote user to cause a denial of service\n(panic) (CVE-2006-2272, moderate)\n\n* a flaw in the handling of DATA fragments of SCTP that allowed a\nremote user to cause a denial of service (infinite recursion and\ncrash) (CVE-2006-2274, moderate)\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0493\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2005-2973\", \"CVE-2005-3272\", \"CVE-2005-3359\", \"CVE-2006-0555\", \"CVE-2006-0741\", \"CVE-2006-0744\", \"CVE-2006-1522\", \"CVE-2006-1525\", \"CVE-2006-1527\", \"CVE-2006-1528\", \"CVE-2006-1855\", \"CVE-2006-1856\", \"CVE-2006-1862\", \"CVE-2006-1864\", \"CVE-2006-2271\", \"CVE-2006-2272\", \"CVE-2006-2274\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2006:0493\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0493\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-34.0.1.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-34.0.1.EL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-03T12:31:06", "bulletinFamily": "scanner", "description": "An integer overflow was discovered in the do_replace() function. A\nlocal user process with the CAP_NET_ADMIN capability could exploit\nthis to execute arbitrary commands with full root privileges. However,\nnone of Ubuntu", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-302-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27877", "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/2.6.12/2.6.15 vulnerabilities (USN-302-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-302-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27877);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2006-0038\", \"CVE-2006-0744\", \"CVE-2006-1055\", \"CVE-2006-1056\", \"CVE-2006-1522\", \"CVE-2006-1527\", \"CVE-2006-1528\", \"CVE-2006-1855\", \"CVE-2006-1856\", \"CVE-2006-1857\", \"CVE-2006-1858\", \"CVE-2006-1859\", \"CVE-2006-1860\", \"CVE-2006-1863\", \"CVE-2006-1864\", \"CVE-2006-2071\", \"CVE-2006-2271\", \"CVE-2006-2272\", \"CVE-2006-2274\", \"CVE-2006-2275\", \"CVE-2006-2444\");\n script_bugtraq_id(17600, 18081);\n script_xref(name:\"USN\", value:\"302-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/2.6.12/2.6.15 vulnerabilities (USN-302-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow was discovered in the do_replace() function. A\nlocal user process with the CAP_NET_ADMIN capability could exploit\nthis to execute arbitrary commands with full root privileges. However,\nnone of Ubuntu's supported packages use this capability with any\nnon-root user, so this only affects you if you use some third party\nsoftware like the OpenVZ virtualization system. (CVE-2006-0038)\n\nOn EMT64 CPUs, the kernel did not properly handle uncanonical return\naddresses. A local user could exploit this to trigger a kernel crash.\n(CVE-2006-0744)\n\nAl Viro discovered a local Denial of Service in the sysfs write buffer\nhandling. By writing a block with a length exactly equal to the\nprocessor's page size to any writable file in /sys, a local attacker\ncould cause a kernel crash. (CVE-2006-1055)\n\nJan Beulich discovered an information leak in the handling of\nregisters for the numeric coprocessor when running on AMD processors.\nThis allowed processes to see the coprocessor execution state of other\nprocesses, which could reveal sensitive data in the case of\ncryptographic computations. (CVE-2006-1056)\n\nMarcel Holtmann discovered that the sys_add_key() did not check that a\nnew user key is added to a proper keyring. By attempting to add a key\nto a normal user key (which is not a keyring), a local attacker could\nexploit this to crash the kernel. (CVE-2006-1522)\n\nIngo Molnar discovered that the SCTP protocol connection tracking\nmodule in netfilter got stuck in an infinite loop on certain empty\npacket chunks. A remote attacker could exploit this to cause the\ncomputer to hang. (CVE-2006-1527)\n\nThe SCSI I/O driver did not correctly handle the VM_IO flag for memory\nmapped pages used for data transfer. A local user could exploit this\nto cause a kernel crash. (CVE-2006-1528)\n\nThe choose_new_parent() contained obsolete debugging code. A local\nuser could exploit this to cause a kernel crash. (CVE-2006-1855)\n\nKostik Belousov discovered that the readv() and writev() functions did\nnot query LSM modules for access permission. This could be exploited\nto circumvent access restrictions defined by LSM modules such as\nSELinux or AppArmor. (CVE-2006-1856)\n\nThe SCTP driver did not properly verify certain parameters when\nreceiving a HB-ACK chunk. By sending a specially crafted packet to an\nSCTP socket, a remote attacker could exploit this to trigger a buffer\noverflow, which could lead to a crash or possibly even arbitrary code\nexecution. (CVE-2006-1857)\n\nThe sctp_walk_params() function in the SCTP driver incorrectly used\nrounded values for bounds checking instead of the precise values. By\nsending a specially crafted packet to an SCTP socket, a remote\nattacker could exploit this to crash the kernel. (CVE-2006-1858)\n\nBjoern Steinbrink reported a memory leak in the __setlease() function.\nA local attacker could exploit this to exhaust kernel memory and\nrender the computer unusable (Denial of Service). (CVE-2006-1859)\n\nDaniel Hokka Zakrisson discovered that the lease_init() did not\nproperly handle locking. A local attacker could exploit this to cause\na kernel deadlock (Denial of Service). (CVE-2006-1860)\n\nMark Moseley discovered that the CIFS file system driver did not\nfilter out '..\\\\' path components. A local attacker could exploit this\nto break out of a chroot environment on a mounted SMB share.\n(CVE-2006-1863) The same vulnerability applies to the older smb file\nsystem. (CVE-2006-1864)\n\nHugh Dickins discovered that the mprotect() function allowed an user\nto change a read-only shared memory attachment to become writable,\nwhich bypasses IPC (inter-process communication) permissions.\n(CVE-2006-2071)\n\nThe SCTP (Stream Control Transmission Protocol) driver triggered a\nkernel panic on unexpected packets while the session was in the CLOSED\nstate, instead of silently ignoring the packets. A remote attacker\ncould exploit this to crash the computer. (CVE-2006-2271)\n\nThe SCTP driver did not handle control chunks if they arrived in\nfragmented packets. By sending specially crafted packets to an SCTP\nsocket, a remote attacker could exploit this to crash the target\nmachine. (CVE-2006-2272)\n\nThe SCTP driver did not correctly handle packets containing more than\none DATA fragment. By sending specially crafted packets to an SCTP\nsocket, a remote attacker could exploit this to crash the target\nmachine. (CVE-2006-2274)\n\nThe SCTP driver did not correcly buffer incoming packets. By sending a\nlarge number of small messages to a receiver application that cannot\nprocess the messages quickly enough, a remote attacker could exploit\nthis to cause a deadlock in the target machine (Denial of Service).\n(CVE-2006-2275)\n\nPatrick McHardy discovered that the snmp_trap_decode() function did\nnot correctly handle memory allocation in some error conditions. By\nsending specially crafted packets to a machine which uses the SNMP\nnetwork address translation (NAT), a remote attacker could exploit\nthis to crash that machine. (CVE-2006-2444)\n\nIn addition, the Ubuntu 6.06 LTS update fixes a range of bugs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/302-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-25\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fglrx-control\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-686-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2006-0038\", \"CVE-2006-0744\", \"CVE-2006-1055\", \"CVE-2006-1056\", \"CVE-2006-1522\", \"CVE-2006-1527\", \"CVE-2006-1528\", \"CVE-2006-1855\", \"CVE-2006-1856\", \"CVE-2006-1857\", \"CVE-2006-1858\", \"CVE-2006-1859\", \"CVE-2006-1860\", \"CVE-2006-1863\", \"CVE-2006-1864\", \"CVE-2006-2071\", \"CVE-2006-2271\", \"CVE-2006-2272\", \"CVE-2006-2274\", \"CVE-2006-2275\", \"CVE-2006-2444\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-302-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-doc-2.6.10\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-386\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-686\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-686-smp\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-amd64-generic\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-amd64-k8\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-amd64-k8-smp\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-amd64-xeon\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-386\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-686\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-686-smp\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-amd64-generic\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-amd64-k8\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-amd64-k8-smp\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-amd64-xeon\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-patch-ubuntu-2.6.10\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-source-2.6.10\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-tree-2.6.10\", pkgver:\"2.6.10-34.20\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-doc-2.6.12\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-386\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-686\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-686-smp\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-amd64-generic\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-amd64-k8\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-amd64-k8-smp\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-amd64-xeon\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-386\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-686\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-686-smp\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-amd64-generic\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-amd64-k8\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-amd64-k8-smp\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-amd64-xeon\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-patch-ubuntu-2.6.12\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-source-2.6.12\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-tree-2.6.12\", pkgver:\"2.6.12-10.34\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-firmware\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-firmware-2.6.15-25\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"avm-fritz-kernel-source\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fglrx-control\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"fglrx-kernel-source\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-386\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-686\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-686-smp\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-generic\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-k8\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-k8-smp\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-server\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-amd64-xeon\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-doc\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-doc-2.6.15\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-25\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-25-386\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-25-686\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-25-amd64-generic\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-25-amd64-k8\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-25-amd64-server\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-25-amd64-xeon\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-25-server\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-386\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-686\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-amd64-generic\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-amd64-k8\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-amd64-server\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-amd64-xeon\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-server\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-25-386\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-25-686\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-25-amd64-generic\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-25-amd64-k8\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-25-amd64-server\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-25-amd64-xeon\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-25-server\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-386\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-686\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-amd64-generic\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-amd64-k8\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-amd64-server\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-amd64-xeon\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-server\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-25-386\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-25-686\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-25-amd64-generic\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-25-amd64-k8\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-2.6.15-25-amd64-xeon\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-386\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-686\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-amd64-generic\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-amd64-k8\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-amd64-xeon\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-restricted-modules-common\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-server\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-source\", pkgver:\"2.6.15.23\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-source-2.6.15\", pkgver:\"2.6.15-25.43\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-dev\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-legacy\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-glx-legacy-dev\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-kernel-source\", pkgver:\"1.0.8762+2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nvidia-legacy-kernel-source\", pkgver:\"1.0.7174+2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"xorg-driver-fglrx\", pkgver:\"2.6.15.11-2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"xorg-driver-fglrx-dev\", pkgver:\"2.6.15.11-2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"avm-fritz-firmware / avm-fritz-firmware-2.6.15-25 / etc\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-11-01T02:15:04", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix several security issues in the Red\nHat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n* a flaw in the IPv6 implementation that allowed a local user to cause\na denial of service (infinite loop and crash) (CVE-2005-2973,\nimportant)\n\n* a flaw in the bridge implementation that allowed a remote user to\ncause forwarding of spoofed packets via poisoning of the forwarding\ntable with already dropped frames (CVE-2005-3272, moderate)\n\n* a flaw in the atm module that allowed a local user to cause a denial\nof service (panic) via certain socket calls (CVE-2005-3359, important)\n\n* a flaw in the NFS client implementation that allowed a local user to\ncause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,\nimportant)\n\n* a difference in ", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2006-0493.NASL", "href": "https://www.tenable.com/plugins/nessus/21997", "published": "2006-07-05T00:00:00", "title": "CentOS 4 : kernel (CESA-2006:0493)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0493 and \n# CentOS Errata and Security Advisory 2006:0493 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21997);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/10/25 13:36:03\");\n\n script_cve_id(\"CVE-2005-2973\", \"CVE-2005-3272\", \"CVE-2005-3359\", \"CVE-2006-0555\", \"CVE-2006-0741\", \"CVE-2006-0744\", \"CVE-2006-1522\", \"CVE-2006-1525\", \"CVE-2006-1527\", \"CVE-2006-1528\", \"CVE-2006-1855\", \"CVE-2006-1856\", \"CVE-2006-1862\", \"CVE-2006-1864\", \"CVE-2006-2271\", \"CVE-2006-2272\", \"CVE-2006-2274\");\n script_xref(name:\"RHSA\", value:\"2006:0493\");\n\n script_name(english:\"CentOS 4 : kernel (CESA-2006:0493)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues in the Red\nHat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n* a flaw in the IPv6 implementation that allowed a local user to cause\na denial of service (infinite loop and crash) (CVE-2005-2973,\nimportant)\n\n* a flaw in the bridge implementation that allowed a remote user to\ncause forwarding of spoofed packets via poisoning of the forwarding\ntable with already dropped frames (CVE-2005-3272, moderate)\n\n* a flaw in the atm module that allowed a local user to cause a denial\nof service (panic) via certain socket calls (CVE-2005-3359, important)\n\n* a flaw in the NFS client implementation that allowed a local user to\ncause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,\nimportant)\n\n* a difference in 'sysretq' operation of EM64T (as opposed to Opteron)\nprocessors that allowed a local user to cause a denial of service\n(crash) upon return from certain system calls (CVE-2006-0741 and\nCVE-2006-0744, important)\n\n* a flaw in the keyring implementation that allowed a local user to\ncause a denial of service (OOPS) (CVE-2006-1522, important)\n\n* a flaw in IP routing implementation that allowed a local user to\ncause a denial of service (panic) via a request for a route for a\nmulticast IP (CVE-2006-1525, important)\n\n* a flaw in the SCTP-netfilter implementation that allowed a remote\nuser to cause a denial of service (infinite loop) (CVE-2006-1527,\nimportant)\n\n* a flaw in the sg driver that allowed a local user to cause a denial\nof service (crash) via a dio transfer to memory mapped (mmap) IO space\n(CVE-2006-1528, important)\n\n* a flaw in the threading implementation that allowed a local user to\ncause a denial of service (panic) (CVE-2006-1855, important)\n\n* two missing LSM hooks that allowed a local user to bypass the LSM by\nusing readv() or writev() (CVE-2006-1856, moderate)\n\n* a flaw in the virtual memory implementation that allowed local user\nto cause a denial of service (panic) by using the lsof command\n(CVE-2006-1862, important)\n\n* a directory traversal vulnerability in smbfs that allowed a local\nuser to escape chroot restrictions for an SMB-mounted filesystem via\n'..\\\\' sequences (CVE-2006-1864, moderate)\n\n* a flaw in the ECNE chunk handling of SCTP that allowed a remote user\nto cause a denial of service (panic) (CVE-2006-2271, moderate)\n\n* a flaw in the handling of COOKIE_ECHO and HEARTBEAT control chunks\nof SCTP that allowed a remote user to cause a denial of service\n(panic) (CVE-2006-2272, moderate)\n\n* a flaw in the handling of DATA fragments of SCTP that allowed a\nremote user to cause a denial of service (infinite recursion and\ncrash) (CVE-2006-2274, moderate)\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-May/012919.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a724db4a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-May/012923.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b2e1e9f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-May/012924.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59695178\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"kernel-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"kernel-devel-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-doc-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-doc-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-34.0.1.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-34.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cert": [{"lastseen": "2019-10-09T19:49:53", "bulletinFamily": "info", "description": "### Overview \n\nSome 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.\n\nIntel claims that this vulnerability is a software implementation issue, as their processors are functioning as per their documented specifications. However, software that fails to take the Intel-specific SYSRET behavior into account may be vulnerable.\n\n### Description \n\nA [ring3 attacker](<http://en.wikipedia.org/wiki/Ring_3>) may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker's chosen RSP causing a privilege escalation. \n \n**Details from Xen** \n \n[_CVE-2012-0217 / XSA-7 - 64-bit PV guest privilege escalation vulnerability_](<http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html>) \n \n_A vulnerability which can allow a 64-bit PV guest kernel running on a 64-bit hypervisor to escalate privileges to that of the host by arranging for a system call to return via sysret to a non-canonical RIP. Intel CPUs deliver the resulting exception in an undesirable processor state._ \n \n**Details from FreeBSD** \n \n[_FreeBSD-SA-12:04.sysret:__ __Privilege escalation when returning from kernel_](<http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>) \n \n_FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash._ \n \n**Details from Microsoft** \n \n[_User Mode Scheduler Memory Corruption Vulnerability - __MS12-042 - Important_](<http://technet.microsoft.com/en-us/security/bulletin/MS12-042>) \n \n_An elevation of privilege vulnerability exists in the way that the Windows User Mode Scheduler handles system requests. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights._ \n \n_Mitigating Factors for User Mode Scheduler Memory Corruption Vulnerability_ \n \n_Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation: _\n\n * _An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users._\n * _This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2._\n * _Systems with AMD or ARM-based CPUs are not affected by this vulnerability._\n \n**Details from Red Hat** \n \n[_RHSA-2012:0720-1_](<https://rhn.redhat.com/errata/RHSA-2012-0720.html>)_ &amp; _[_RHSA-2012:0721-1_](<https://rhn.redhat.com/errata/RHSA-2012-0721.html>)_: __It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important)_ \n \nDetails from some affected vendors were not available at the time of publication. \n--- \n \n### Impact \n\nA local authenticated attacker may exploit this vulnerability for operating system privilege escalation or for a guest-to-host virtual machine escape. \n \n--- \n \n### Solution \n\n**Apply an Update** \nPlease review the Vendor Information section of this document for vendor-specific patch and workaround details. \n \n--- \n \n### Vendor Information\n\n649219\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ __ Citrix\n\nUpdated: June 18, 2012 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nA number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.0.2.\n\nThe following issues have been addressed: \n \n\u2022 64-bit PV guest to host privilege escalation vulnerability. This issue only impacts servers running on Intel processors and could permit a 64-bit PV guest to compromise the XenServer host (CVE-2012-0217). \n \n\u2022 Guest denial of service on syscall/sysenter exception generation. This issue could permit user code within a PV guest to crash the guest operating system (CVE-2012-0218). \n \n\u2022 Administrative connections to VM consoles through XAPI or XenCenter could be routed to the wrong VM.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.citrix.com/article/CTX133161>\n\n### __ FreeBSD Project\n\nNotified: May 01, 2012 Updated: June 12, 2012 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>\n\n### __ __ Intel Corporation\n\nNotified: May 01, 2012 Updated: June 13, 2012 \n\n**Statement Date: June 13, 2012**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nThis is a software implementation issue. Intel processors are functioning as per specifications and this behavior is correctly documented in the IntelR64 Software Developers Manual, Volume 2B Pages 4-598-599.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Joyent\n\nUpdated: June 14, 2012 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nWe have an illumos-derived system, SmartOS -- it (and every other illumos derivative) was affected by this vulnerability. illumos issue: <https://www.illumos.org/issues/2873>\n\nPatch is in hg changeset: 13724:7740792727e0. This can also be found on the github bridge: <https://github.com/illumos/illumos-gate/commit/6ba2dbf5e79c7fc6e1221844ddaa2c88a42a3fc1> \n \nJoyent's cloud customers are unaffected. Joyent's SmartDataCenter customers will be receiving an updated platform, versioned joyent_20120614T001014Z.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.illumos.org/issues/2873>\n * <https://github.com/illumos/illumos-gate/commit/6ba2dbf5e79c7fc6e1221844ddaa2c88a42a3fc1>\n\n### __ __ Microsoft Corporation\n\nNotified: May 01, 2012 Updated: June 18, 2012 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThis security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.\n\n### Vendor References\n\n * <https://technet.microsoft.com/en-us/security/bulletin/MS12-042>\n\n### __ NetBSD\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Oracle Corporation\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n**Statement Date: May 11, 2012**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Red Hat, Inc.\n\nNotified: May 01, 2012 Updated: June 12, 2012 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=813428>\n * <https://access.redhat.com/security/cve/CVE-2012-0217>\n * <https://rhn.redhat.com/errata/RHSA-2012-0720.html>\n * <https://rhn.redhat.com/errata/RHSA-2012-0721.html>\n\n### __ SUSE Linux\n\nNotified: May 02, 2012 Updated: June 12, 2012 \n\n**Statement Date: May 02, 2012**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.novell.com/security/cve/CVE-2012-0217.html>\n\n### __ Xen\n\nNotified: May 02, 2012 Updated: June 12, 2012 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html>\n\n### __ __ AMD\n\nUpdated: June 13, 2012 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nSystems using AMD CPUs are not vulnerable to this privilege escalation. AMD have issued the following statement:\n\n \n_ AMD processors' SYSRET behavior is such that a non-canonical address in RCX does not generate a #GP while in CPL0. We have verified this with our architecture team, with our design team, and have performed tests that verified this on silicon. Therefore, this privilege escalation exposure is not applicable to any AMD processor._ \nThis statement comes from the Xen security advisory. \n\n### __ Apple Inc.\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n**Statement Date: May 15, 2012**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ OpenBSD\n\nUpdated: June 25, 2012 \n\n**Statement Date: June 25, 2012**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ VMware\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n**Statement Date: June 08, 2012**\n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nThe VMware Security Response Center has reviewed the technical details of CVE-2012-0217, the \"#GP in sysret\" vulnerability. The \"sysret\" instruction is not used in VMware hypervisor code, therefore VMware products are not affected by this issue. Please note that guest operating systems that are installed as virtual machines may be affected and should be patched based on the recommendation of their respective OS vendors.\n\nFor further questions on this or any security vulnerability, please contact the VSRC at security@vmware.com.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Debian GNU/Linux\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Fedora Project\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Gentoo Linux\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Hewlett-Packard Company\n\nNotified: May 01, 2012 Updated: May 01, 2012 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ IBM Corporation\n\nNotified: May 01, 2012 Updated: May 01, 2012 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Parallels Holdings Ltd\n\nNotified: May 21, 2012 Updated: May 21, 2012 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Slackware Linux Inc.\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Ubuntu\n\nNotified: May 01, 2012 Updated: May 01, 2012 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 22 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.6 | AV:L/AC:M/Au:S/C:C/I:C/A:C \nTemporal | 5.5 | E:F/RL:OF/RC:C \nEnvironmental | 5.5 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://en.wikipedia.org/wiki/Ring_3>\n * <http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html>\n * <http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=813428>\n * <http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>\n * <http://blog.gmane.org/gmane.linux.kernel.commits.2-4/month=20060401>\n * <http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html>\n * <http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php>\n\n### Acknowledgements\n\nThanks to Rafal Wojtczuk of Bromium, Inc. for reporting this vulnerability.\n\nThis document was written by Jared Allar.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2012-0217, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0217>) [CVE-2006-0744](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0744>) \n---|--- \n**Date Public:** | 2006-04-12 \n**Date First Published:** | 2012-06-12 \n**Date Last Updated: ** | 2012-09-04 20:47 UTC \n**Document Revision: ** | 85 \n", "modified": "2012-09-04T20:47:00", "published": "2012-06-12T00:00:00", "id": "VU:649219", "href": "https://www.kb.cert.org/vuls/id/649219", "type": "cert", "title": "SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:03", "bulletinFamily": "unix", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThis is the eighth regular kernel update to Red Hat Enterprise Linux 3.\r\n\r\nNew features introduced by this update include:\r\n\r\n - addition of the adp94xx and dcdbas device drivers\r\n - diskdump support on megaraid_sas, qlogic, and swap partitions\r\n - support for new hardware via driver and SCSI white-list updates\r\n\r\nThere were many bug fixes in various parts of the kernel. The ongoing\r\neffort to resolve these problems has resulted in a marked improvement in\r\nthe reliability and scalability of Red Hat Enterprise Linux 3.\r\n\r\nThere were numerous driver updates and security fixes (elaborated below).\r\nOther key areas affected by fixes in this update include the networking\r\nsubsystem, the NFS and autofs4 file systems, the SCSI and USB subsystems,\r\nand architecture-specific handling affecting AMD Opteron and Intel EM64T\r\nprocessors.\r\n\r\nThe following device drivers have been added or upgraded to new versions:\r\n\r\n adp94xx -------- 1.0.8 (new)\r\n bnx2 ----------- 1.4.38\r\n cciss ---------- 2.4.60.RH1\r\n dcdbas --------- 5.6.0-1 (new)\r\n e1000 ---------- 7.0.33-k2\r\n emulex --------- 7.3.6\r\n forcedeth ------ 0.30\r\n ipmi ----------- 35.13\r\n qlogic --------- 7.07.04b6\r\n tg3 ------------ 3.52RH\r\n\r\nThe following security bugs were fixed in this update:\r\n\r\n - a flaw in the USB devio handling of device removal that allowed a\r\n local user to cause a denial of service (crash) (CVE-2005-3055,\r\n moderate)\r\n\r\n - a flaw in the exec() handling of multi-threaded tasks using ptrace()\r\n that allowed a local user to cause a denial of service (hang of a\r\n user process) (CVE-2005-3107, low)\r\n\r\n - a difference in \"sysretq\" operation of EM64T (as opposed to Opteron)\r\n processors that allowed a local user to cause a denial of service\r\n (crash) upon return from certain system calls (CVE-2006-0741 and\r\n CVE-2006-0744, important)\r\n\r\n - a flaw in unaligned accesses handling on Intel Itanium processors\r\n that allowed a local user to cause a denial of service (crash)\r\n (CVE-2006-0742, important)\r\n\r\n - an info leak on AMD-based x86 and x86_64 systems that allowed a local\r\n user to retrieve the floating point exception state of a process\r\n run by a different user (CVE-2006-1056, important)\r\n\r\n - a flaw in IPv4 packet output handling that allowed a remote user to\r\n bypass the zero IP ID countermeasure on systems with a disabled\r\n firewall (CVE-2006-1242, low)\r\n\r\n - a minor info leak in socket option handling in the network code\r\n (CVE-2006-1343, low)\r\n\r\n - a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\r\n processing that allowed a remote user to cause a denial of service\r\n (crash) or potential memory corruption (CVE-2006-2444, moderate)\r\n\r\nNote: The kernel-unsupported package contains various drivers and modules\r\nthat are unsupported and therefore might contain security problems that\r\nhave not been addressed.\r\n\r\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their\r\nkernels to the packages associated with their machine architectures\r\nand configurations as listed in this erratum.", "modified": "2017-07-29T20:32:40", "published": "2006-07-20T13:25:51", "id": "RHSA-2006:0437", "href": "https://access.redhat.com/errata/RHSA-2006:0437", "type": "redhat", "title": "(RHSA-2006:0437) Updated kernel packages for Red Hat Enterprise Linux 3 Update 8", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:47:13", "bulletinFamily": "unix", "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues\r\ndescribed below:\r\n\r\n* a flaw in the IPv6 implementation that allowed a local user to cause a\r\ndenial of service (infinite loop and crash) (CVE-2005-2973, important)\r\n\r\n* a flaw in the bridge implementation that allowed a remote user to\r\ncause forwarding of spoofed packets via poisoning of the forwarding\r\ntable with already dropped frames (CVE-2005-3272, moderate)\r\n\r\n* a flaw in the atm module that allowed a local user to cause a denial\r\nof service (panic) via certain socket calls (CVE-2005-3359, important)\r\n\r\n* a flaw in the NFS client implementation that allowed a local user to\r\ncause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,\r\nimportant)\r\n\r\n* a difference in \"sysretq\" operation of EM64T (as opposed to Opteron)\r\nprocessors that allowed a local user to cause a denial of service\r\n(crash) upon return from certain system calls (CVE-2006-0741 and\r\nCVE-2006-0744, important)\r\n\r\n* a flaw in the keyring implementation that allowed a local user to\r\ncause a denial of service (OOPS) (CVE-2006-1522, important)\r\n\r\n* a flaw in IP routing implementation that allowed a local user to cause\r\na denial of service (panic) via a request for a route for a multicast IP\r\n(CVE-2006-1525, important)\r\n\r\n* a flaw in the SCTP-netfilter implementation that allowed a remote user\r\nto cause a denial of service (infinite loop) (CVE-2006-1527, important)\r\n\r\n* a flaw in the sg driver that allowed a local user to cause a denial of\r\nservice (crash) via a dio transfer to memory mapped (mmap) IO space\r\n(CVE-2006-1528, important)\r\n\r\n* a flaw in the threading implementation that allowed a local user to\r\ncause a denial of service (panic) (CVE-2006-1855, important)\r\n\r\n* two missing LSM hooks that allowed a local user to bypass the LSM by\r\nusing readv() or writev() (CVE-2006-1856, moderate)\r\n\r\n* a flaw in the virtual memory implementation that allowed local user to\r\ncause a denial of service (panic) by using the lsof command\r\n(CVE-2006-1862, important)\r\n\r\n* a directory traversal vulnerability in smbfs that allowed a local user\r\nto escape chroot restrictions for an SMB-mounted filesystem via \"..\\\\\"\r\nsequences (CVE-2006-1864, moderate)\r\n\r\n* a flaw in the ECNE chunk handling of SCTP that allowed a remote user\r\nto cause a denial of service (panic) (CVE-2006-2271, moderate)\r\n\r\n* a flaw in the handling of COOKIE_ECHO and HEARTBEAT control chunks of\r\nSCTP that allowed a remote user to cause a denial of service (panic)\r\n(CVE-2006-2272, moderate)\r\n\r\n* a flaw in the handling of DATA fragments of SCTP that allowed a remote\r\nuser to cause a denial of service (infinite recursion and crash)\r\n(CVE-2006-2274, moderate)\r\n\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.", "modified": "2017-09-08T12:14:24", "published": "2006-05-24T04:00:00", "id": "RHSA-2006:0493", "href": "https://access.redhat.com/errata/RHSA-2006:0493", "type": "redhat", "title": "(RHSA-2006:0493) kernel security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2006:0437\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThis is the eighth regular kernel update to Red Hat Enterprise Linux 3.\r\n\r\nNew features introduced by this update include:\r\n\r\n - addition of the adp94xx and dcdbas device drivers\r\n - diskdump support on megaraid_sas, qlogic, and swap partitions\r\n - support for new hardware via driver and SCSI white-list updates\r\n\r\nThere were many bug fixes in various parts of the kernel. The ongoing\r\neffort to resolve these problems has resulted in a marked improvement in\r\nthe reliability and scalability of Red Hat Enterprise Linux 3.\r\n\r\nThere were numerous driver updates and security fixes (elaborated below).\r\nOther key areas affected by fixes in this update include the networking\r\nsubsystem, the NFS and autofs4 file systems, the SCSI and USB subsystems,\r\nand architecture-specific handling affecting AMD Opteron and Intel EM64T\r\nprocessors.\r\n\r\nThe following device drivers have been added or upgraded to new versions:\r\n\r\n adp94xx -------- 1.0.8 (new)\r\n bnx2 ----------- 1.4.38\r\n cciss ---------- 2.4.60.RH1\r\n dcdbas --------- 5.6.0-1 (new)\r\n e1000 ---------- 7.0.33-k2\r\n emulex --------- 7.3.6\r\n forcedeth ------ 0.30\r\n ipmi ----------- 35.13\r\n qlogic --------- 7.07.04b6\r\n tg3 ------------ 3.52RH\r\n\r\nThe following security bugs were fixed in this update:\r\n\r\n - a flaw in the USB devio handling of device removal that allowed a\r\n local user to cause a denial of service (crash) (CVE-2005-3055,\r\n moderate)\r\n\r\n - a flaw in the exec() handling of multi-threaded tasks using ptrace()\r\n that allowed a local user to cause a denial of service (hang of a\r\n user process) (CVE-2005-3107, low)\r\n\r\n - a difference in \"sysretq\" operation of EM64T (as opposed to Opteron)\r\n processors that allowed a local user to cause a denial of service\r\n (crash) upon return from certain system calls (CVE-2006-0741 and\r\n CVE-2006-0744, important)\r\n\r\n - a flaw in unaligned accesses handling on Intel Itanium processors\r\n that allowed a local user to cause a denial of service (crash)\r\n (CVE-2006-0742, important)\r\n\r\n - an info leak on AMD-based x86 and x86_64 systems that allowed a local\r\n user to retrieve the floating point exception state of a process\r\n run by a different user (CVE-2006-1056, important)\r\n\r\n - a flaw in IPv4 packet output handling that allowed a remote user to\r\n bypass the zero IP ID countermeasure on systems with a disabled\r\n firewall (CVE-2006-1242, low)\r\n\r\n - a minor info leak in socket option handling in the network code\r\n (CVE-2006-1343, low)\r\n\r\n - a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\r\n processing that allowed a remote user to cause a denial of service\r\n (crash) or potential memory corruption (CVE-2006-2444, moderate)\r\n\r\nNote: The kernel-unsupported package contains various drivers and modules\r\nthat are unsupported and therefore might contain security problems that\r\nhave not been addressed.\r\n\r\nAll Red Hat Enterprise Linux 3 users are advised to upgrade their\r\nkernels to the packages associated with their machine architectures\r\nand configurations as listed in this erratum.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013097.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013098.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013053.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-July/013054.html\n\n**Affected packages:**\nkernel\nkernel-BOOT\nkernel-doc\nkernel-hugemem\nkernel-hugemem-unsupported\nkernel-smp\nkernel-smp-unsupported\nkernel-source\nkernel-unsupported\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0437.html", "modified": "2006-08-03T14:05:39", "published": "2006-07-20T16:09:23", "href": "http://lists.centos.org/pipermail/centos-announce/2006-July/013053.html", "id": "CESA-2006:0437", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:49", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2006:0493\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues\r\ndescribed below:\r\n\r\n* a flaw in the IPv6 implementation that allowed a local user to cause a\r\ndenial of service (infinite loop and crash) (CVE-2005-2973, important)\r\n\r\n* a flaw in the bridge implementation that allowed a remote user to\r\ncause forwarding of spoofed packets via poisoning of the forwarding\r\ntable with already dropped frames (CVE-2005-3272, moderate)\r\n\r\n* a flaw in the atm module that allowed a local user to cause a denial\r\nof service (panic) via certain socket calls (CVE-2005-3359, important)\r\n\r\n* a flaw in the NFS client implementation that allowed a local user to\r\ncause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,\r\nimportant)\r\n\r\n* a difference in \"sysretq\" operation of EM64T (as opposed to Opteron)\r\nprocessors that allowed a local user to cause a denial of service\r\n(crash) upon return from certain system calls (CVE-2006-0741 and\r\nCVE-2006-0744, important)\r\n\r\n* a flaw in the keyring implementation that allowed a local user to\r\ncause a denial of service (OOPS) (CVE-2006-1522, important)\r\n\r\n* a flaw in IP routing implementation that allowed a local user to cause\r\na denial of service (panic) via a request for a route for a multicast IP\r\n(CVE-2006-1525, important)\r\n\r\n* a flaw in the SCTP-netfilter implementation that allowed a remote user\r\nto cause a denial of service (infinite loop) (CVE-2006-1527, important)\r\n\r\n* a flaw in the sg driver that allowed a local user to cause a denial of\r\nservice (crash) via a dio transfer to memory mapped (mmap) IO space\r\n(CVE-2006-1528, important)\r\n\r\n* a flaw in the threading implementation that allowed a local user to\r\ncause a denial of service (panic) (CVE-2006-1855, important)\r\n\r\n* two missing LSM hooks that allowed a local user to bypass the LSM by\r\nusing readv() or writev() (CVE-2006-1856, moderate)\r\n\r\n* a flaw in the virtual memory implementation that allowed local user to\r\ncause a denial of service (panic) by using the lsof command\r\n(CVE-2006-1862, important)\r\n\r\n* a directory traversal vulnerability in smbfs that allowed a local user\r\nto escape chroot restrictions for an SMB-mounted filesystem via \"..\\\\\"\r\nsequences (CVE-2006-1864, moderate)\r\n\r\n* a flaw in the ECNE chunk handling of SCTP that allowed a remote user\r\nto cause a denial of service (panic) (CVE-2006-2271, moderate)\r\n\r\n* a flaw in the handling of COOKIE_ECHO and HEARTBEAT control chunks of\r\nSCTP that allowed a remote user to cause a denial of service (panic)\r\n(CVE-2006-2272, moderate)\r\n\r\n* a flaw in the handling of DATA fragments of SCTP that allowed a remote\r\nuser to cause a denial of service (infinite recursion and crash)\r\n(CVE-2006-2274, moderate)\r\n\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012919.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012920.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012922.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012923.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-May/012924.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0493.html", "modified": "2006-05-24T22:13:10", "published": "2006-05-24T16:31:10", "href": "http://lists.centos.org/pipermail/centos-announce/2006-May/012919.html", "id": "CESA-2006:0493", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2017-07-26T08:55:41", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n kernel-source\n kernel-syms\n um-host-install-initrd\n kernel-um\n kernel-default\n kernel-debug\n kernel-bigsmp\n kernel-smp\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020521 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65035", "id": "OPENVAS:65035", "title": "SLES9: Security update for Linux kernel", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020521.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Linux kernel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n kernel-source\n kernel-syms\n um-host-install-initrd\n kernel-um\n kernel-default\n kernel-debug\n kernel-bigsmp\n kernel-smp\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020521 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65035);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3626\", \"CVE-2006-2935\", \"CVE-2006-2934\", \"CVE-2006-2451\", \"CVE-2006-3085\", \"CVE-2006-2448\", \"CVE-2006-2444\", \"CVE-2006-1858\", \"CVE-2006-1857\", \"CVE-2006-1528\", \"CVE-2006-0744\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n script_name(\"SLES9: Security update for Linux kernel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"um-host-kernel\", rpm:\"um-host-kernel~2.6.5~7.276\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:38", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n kernel-source\n kernel-syms\n um-host-install-initrd\n kernel-um\n kernel-default\n kernel-debug\n kernel-bigsmp\n kernel-smp\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020521 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065035", "id": "OPENVAS:136141256231065035", "title": "SLES9: Security update for Linux kernel", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020521.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Linux kernel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n kernel-source\n kernel-syms\n um-host-install-initrd\n kernel-um\n kernel-default\n kernel-debug\n kernel-bigsmp\n kernel-smp\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020521 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65035\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3626\", \"CVE-2006-2935\", \"CVE-2006-2934\", \"CVE-2006-2451\", \"CVE-2006-3085\", \"CVE-2006-2448\", \"CVE-2006-2444\", \"CVE-2006-1858\", \"CVE-2006-1857\", \"CVE-2006-1528\", \"CVE-2006-0744\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n script_name(\"SLES9: Security update for Linux kernel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"um-host-kernel\", rpm:\"um-host-kernel~2.6.5~7.276\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update to kernel-source-2.6.8\nannounced via advisory DSA 1103-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57028", "id": "OPENVAS:57028", "title": "Debian Security Advisory DSA 1103-1 (kernel-source-2.6.8)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1103_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1103-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. For details on these issues, please visit the referenced advisories.\n\nThe following matrix explains which kernel version for which architecture\nfix the problems mentioned above:\n\nDebian 3.1 (sarge)\nSource 2.6.8-16sarge3\nAlpha architecture 2.6.8-16sarge3\nHP Precision architecture 2.6.8-6sarge3\nIntel IA-32 architecture 2.6.8-16sarge3\nIntel IA-64 architecture 2.6.8-14sarge3\nMotorola 680x0 architecture 2.6.8-4sarge3\nPowerPC architecture 2.6.8-12sarge3\nIBM S/390 architecture 2.6.8-5sarge3\nSun Sparc architecture 2.6.8-15sarge3\n\nDue to technical problems the built amd64 packages couldn't be processed\nby the archive script. Once this problem is resolved, an updated DSA 1103-2\nwill be sent out with the checksums for amd64.\n\nThe following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\nDebian 3.1 (sarge)\nfai-kernels 1.9.1sarge2\n\nWe recommend that you upgrade your kernel package immediately and reboot\";\ntag_summary = \"The remote host is missing an update to kernel-source-2.6.8\nannounced via advisory DSA 1103-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201103-1\";\n\nif(description)\n{\n script_id(57028);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3359\", \"CVE-2006-0038\", \"CVE-2006-0039\", \"CVE-2006-0456\", \"CVE-2006-0554\", \"CVE-2006-0555\", \"CVE-2006-0557\", \"CVE-2006-0558\", \"CVE-2006-0741\", \"CVE-2006-0742\", \"CVE-2006-0744\", \"CVE-2006-1056\", \"CVE-2006-1242\", \"CVE-2006-1368\", \"CVE-2006-1523\", \"CVE-2006-1524\", \"CVE-2006-1525\", \"CVE-2006-1857\", \"CVE-2006-1858\", \"CVE-2006-1863\", \"CVE-2006-1864\", \"CVE-2006-2271\", \"CVE-2006-2272\", \"CVE-2006-2274\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1103-1 (kernel-source-2.6.8)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kernel-doc-2.6.8\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-patch-debian-2.6.8\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-source-2.6.8\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-tree-2.6.8\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-patch-2.6.8-s390\", ver:\"2.6.8-5sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2\", ver:\"2.6.8-15sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-generic\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-smp\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3\", ver:\"2.6.8-15sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-generic\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-smp\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-generic\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-smp\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-generic\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-smp\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-32\", ver:\"2.6.8-6sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-32-smp\", ver:\"2.6.8-6sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-64\", ver:\"2.6.8-6sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-64-smp\", ver:\"2.6.8-6sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-32\", ver:\"2.6.8-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-32-smp\", ver:\"2.6.8-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-64\", ver:\"2.6.8-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-64-smp\", ver:\"2.6.8-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-32\", ver:\"2.6.8-6sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-32-smp\", ver:\"2.6.8-6sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-64\", ver:\"2.6.8-6sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-64-smp\", ver:\"2.6.8-6sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-32\", ver:\"2.6.8-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-32-smp\", ver:\"2.6.8-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-64\", ver:\"2.6.8-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-64-smp\", ver:\"2.6.8-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-386\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-686\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-686-smp\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-k7\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-k7-smp\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-386\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-686\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-686-smp\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-k7\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-k7-smp\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-386\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-686\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-686-smp\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-k7\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-k7-smp\", ver:\"2.6.8-16sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-386\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-686\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-686-smp\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-k7\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-k7-smp\", ver:\"2.6.8-16sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6-itanium\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6-itanium-smp\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6-mckinley\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6-mckinley-smp\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-itanium\", ver:\"2.6.8-14sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-itanium-smp\", ver:\"2.6.8-14sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-mckinley\", ver:\"2.6.8-14sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-mckinley-smp\", ver:\"2.6.8-14sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-itanium\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-itanium-smp\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-mckinley\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-mckinley-smp\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6-itanium\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6-itanium-smp\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6-mckinley\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6-mckinley-smp\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-itanium\", ver:\"2.6.8-14sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-itanium-smp\", ver:\"2.6.8-14sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-mckinley\", ver:\"2.6.8-14sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-mckinley-smp\", ver:\"2.6.8-14sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-itanium\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-itanium-smp\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-mckinley\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-mckinley-smp\", ver:\"2.6.8-14sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-amiga\", ver:\"2.6.8-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-atari\", ver:\"2.6.8-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-bvme6000\", ver:\"2.6.8-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-hp\", ver:\"2.6.8-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-mac\", ver:\"2.6.8-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-mvme147\", ver:\"2.6.8-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-mvme16x\", ver:\"2.6.8-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-q40\", ver:\"2.6.8-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-sun3\", ver:\"2.6.8-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-3-power3\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-3-power3-smp\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-3-power4\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-3-power4-smp\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-3-powerpc\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-3-powerpc-smp\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-power3\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-power3-smp\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-power4\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-power4-smp\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-powerpc\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-powerpc-smp\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-power3\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-power3-smp\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-power4\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-power4-smp\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-powerpc\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-powerpc-smp\", ver:\"2.6.8-12sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-power3\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-power3-smp\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-power4\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-power4-smp\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-powerpc\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-powerpc-smp\", ver:\"2.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-s390\", ver:\"2.6.8-5sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-s390-tape\", ver:\"2.6.8-5sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-s390x\", ver:\"2.6.8-5sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-s390\", ver:\"2.6.8-5sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-s390-tape\", ver:\"2.6.8-5sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-s390x\", ver:\"2.6.8-5sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-2\", ver:\"2.6.8-15sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-build-2.6.8-3\", ver:\"2.6.8-15sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-sparc32\", ver:\"2.6.8-15sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-sparc64\", ver:\"2.6.8-15sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-2-sparc64-smp\", ver:\"2.6.8-15sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-sparc32\", ver:\"2.6.8-15sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-sparc64\", ver:\"2.6.8-15sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-headers-2.6.8-3-sparc64-smp\", ver:\"2.6.8-15sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-sparc32\", ver:\"2.6.8-15sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-sparc64\", ver:\"2.6.8-15sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-2-sparc64-smp\", ver:\"2.6.8-15sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-sparc32\", ver:\"2.6.8-15sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-sparc64\", ver:\"2.6.8-15sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kernel-image-2.6.8-3-sparc64-smp\", ver:\"2.6.8-15sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:05:47", "bulletinFamily": "unix", "description": "The Linux kernel of the SUSE Linux Enterprise 9 products has been updated to fix the security problems list below.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2006-08-11T14:25:01", "published": "2006-08-11T14:25:01", "id": "SUSE-SA:2006:047", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-08/msg00012.html", "title": "local privilege escalation in kernel", "type": "suse", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:48", "bulletinFamily": "unix", "description": "The Linux kernel has been updated to fix several security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2006-07-26T14:31:45", "published": "2006-07-26T14:31:45", "id": "SUSE-SA:2006:042", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-07/msg00017.html", "type": "suse", "title": "local privilege escalation in kernel", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:32:29", "bulletinFamily": "unix", "description": "The Linux kernel has been updated to fix various security problems, listed below.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2006-05-31T15:47:21", "published": "2006-05-31T15:47:21", "id": "SUSE-SA:2006:028", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-05/msg00018.html", "type": "suse", "title": "remote denial of service in kernel", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:43", "bulletinFamily": "unix", "description": "An integer overflow was discovered in the do_replace() function. A local user process with the CAP_NET_ADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu\u2019s supported packages use this capability with any non-root user, so this only affects you if you use some third party software like the OpenVZ virtualization system. (CVE-2006-0038)\n\nOn EMT64 CPUs, the kernel did not properly handle uncanonical return addresses. A local user could exploit this to trigger a kernel crash. (CVE-2006-0744)\n\nAl Viro discovered a local Denial of Service in the sysfs write buffer handling. By writing a block with a length exactly equal to the processor\u2019s page size to any writable file in /sys, a local attacker could cause a kernel crash. (CVE-2006-1055)\n\nJan Beulich discovered an information leak in the handling of registers for the numeric coprocessor when running on AMD processors. This allowed processes to see the coprocessor execution state of other processes, which could reveal sensitive data in the case of cryptographic computations. (CVE-2006-1056)\n\nMarcel Holtmann discovered that the sys_add_key() did not check that a new user key is added to a proper keyring. By attempting to add a key to a normal user key (which is not a keyring), a local attacker could exploit this to crash the kernel. (CVE-2006-1522)\n\nIngo Molnar discovered that the SCTP protocol connection tracking module in netfilter got stuck in an infinite loop on certain empty packet chunks. A remote attacker could exploit this to cause the computer to hang. (CVE-2006-1527)\n\nThe SCSI I/O driver did not correctly handle the VM_IO flag for memory mapped pages used for data transfer. A local user could exploit this to cause a kernel crash. (CVE-2006-1528)\n\nThe choose_new_parent() contained obsolete debugging code. A local user could exploit this to cause a kernel crash. (CVE-2006-1855)\n\nKostik Belousov discovered that the readv() and writev() functions did not query LSM modules for access permission. This could be exploited to circumvent access restrictions defined by LSM modules such as SELinux or AppArmor. (CVE-2006-1856)\n\nThe SCTP driver did not properly verify certain parameters when receiving a HB-ACK chunk. By sending a specially crafted packet to an SCTP socket, a remote attacker could exploit this to trigger a buffer overflow, which could lead to a crash or possibly even arbitrary code execution. (CVE-2006-1857)\n\nThe sctp_walk_params() function in the SCTP driver incorrectly used rounded values for bounds checking instead of the precise values. By sending a specially crafted packet to an SCTP socket, a remote attacker could exploit this to crash the kernel. (CVE-2006-1858)\n\nBjoern Steinbrink reported a memory leak in the __setlease() function. A local attacker could exploit this to exhaust kernel memory and render the computer unusable (Denial of Service). (CVE-2006-1859)\n\nDaniel Hokka Zakrisson discovered that the lease_init() did not properly handle locking. A local attacker could exploit this to cause a kernel deadlock (Denial of Service). (CVE-2006-1860)\n\nMark Moseley discovered that the CIFS file system driver did not filter out \u201c..\\\u201d path components. A local attacker could exploit this to break out of a chroot environment on a mounted SMB share. (CVE-2006-1863) The same vulnerability applies to the older smb file system. (CVE-2006-1864)\n\nHugh Dickins discovered that the mprotect() function allowed an user to change a read-only shared memory attachment to become writable, which bypasses IPC (inter-process communication) permissions. (CVE-2006-2071)\n\nThe SCTP (Stream Control Transmission Protocol) driver triggered a kernel panic on unexpected packets while the session was in the CLOSED state, instead of silently ignoring the packets. A remote attacker could exploit this to crash the computer. (CVE-2006-2271)\n\nThe SCTP driver did not handle control chunks if they arrived in fragmented packets. By sending specially crafted packets to an SCTP socket, a remote attacker could exploit this to crash the target machine. (CVE-2006-2272)\n\nThe SCTP driver did not correctly handle packets containing more than one DATA fragment. By sending specially crafted packets to an SCTP socket, a remote attacker could exploit this to crash the target machine. (CVE-2006-2274)\n\nThe SCTP driver did not correcly buffer incoming packets. By sending a large number of small messages to a receiver application that cannot process the messages quickly enough, a remote attacker could exploit this to cause a deadlock in the target machine (Denial of Service). (CVE-2006-2275)\n\nPatrick McHardy discovered that the snmp_trap_decode() function did not correctly handle memory allocation in some error conditions. By sending specially crafted packets to a machine which uses the SNMP network address translation (NAT), a remote attacker could exploit this to crash that machine. (CVE-2006-2444)\n\nIn addition, the Ubuntu 6.06 LTS update fixes a range of bugs.", "modified": "2006-06-15T00:00:00", "published": "2006-06-15T00:00:00", "id": "USN-302-1", "href": "https://usn.ubuntu.com/302-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:42", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1103-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier, Troy Heber\nJune 27th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kernel-source-2.6.8\nVulnerability : several\nProblem-Type : local/remote\nDebian-specific: no\nCVE ID : CVE-2005-3359 CVE-2006-0038 CVE-2006-0039 CVE-2006-0456\n CVE-2006-0554 CVE-2006-0555 CVE-2006-0557 CVE-2006-0558\n CVE-2006-0741 CVE-2006-0742 CVE-2006-0744 CVE-2006-1056\n CVE-2006-1242 CVE-2006-1368 CVE-2006-1523 CVE-2006-1524\n CVE-2006-1525 CVE-2006-1857 CVE-2006-1858 CVE-2006-1863\n CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274\n\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2005-3359\n\n Franz Filz discovered that some socket calls permit causing inconsistent\n reference counts on loadable modules, which allows local users to cause\n a denial of service.\n \nCVE-2006-0038\n\n &quot;Solar Designer&quot; discovered that arithmetic computations in netfilter&#x27;s\n do_replace() function can lead to a buffer overflow and the execution of\n arbitrary code. However, the operation requires CAP_NET_ADMIN privileges,\n which is only an issue in virtualization systems or fine grained access\n control systems.\n\nCVE-2006-0039\n\n &quot;Solar Designer&quot; discovered a race condition in netfilter&#x27;s\n do_add_counters() function, which allows information disclosure of kernel\n memory by exploiting a race condition. Likewise, it requires CAP_NET_ADMIN\n privileges. \n\nCVE-2006-0456\n\n David Howells discovered that the s390 assembly version of the\n strnlen_user() function incorrectly returns some string size values.\n\nCVE-2006-0554\n\n It was discovered that the ftruncate() function of XFS can expose\n unallocated, which allows information disclosure of previously deleted\n files.\n\nCVE-2006-0555\n\n It was discovered that some NFS file operations on handles mounted with\n O_DIRECT can force the kernel into a crash.\n\nCVE-2006-0557\n\n It was discovered that the code to configure memory policies allows\n tricking the kernel into a crash, thus allowing denial of service.\n\nCVE-2006-0558\n\n It was discovered by Cliff Wickman that perfmon for the IA64\n architecture allows users to trigger a BUG() assert, which allows\n denial of service.\n\nCVE-2006-0741\n\n Intel EM64T systems were discovered to be susceptible to a local\n DoS due to an endless recursive fault related to a bad elf entry\n address.\n\nCVE-2006-0742\n\n Alan and Gareth discovered that the ia64 platform had an\n incorrectly declared die_if_kernel() function as &quot;does never\n return&quot; which could be exploited by a local attacker resulting in\n a kernel crash.\n\nCVE-2006-0744\n\n The Linux kernel did not properly handle uncanonical return\n addresses on Intel EM64T CPUs, reporting exceptions in the SYSRET\n instead of the next instruction, causing the kernel exception\n handler to run on the user stack with the wrong GS. This may result\n in a DoS due to a local user changing the frames.\n\nCVE-2006-1056\n\n AMD64 machines (and other 7th and 8th generation AuthenticAMD\n processors) were found to be vulnerable to sensitive information\n leakage, due to how they handle saving and restoring the FOP, FIP,\n and FDP x87 registers in FXSAVE/FXRSTOR when an exception is\n pending. This allows a process to determine portions of the state\n of floating point instructions of other processes.\n\nCVE-2006-1242\n\n Marco Ivaldi discovered that there was an unintended information\n disclosure allowing remote attackers to bypass protections against\n Idle Scans (nmap -sI) by abusing the ID field of IP packets and\n bypassing the zero IP ID in DF packet countermeasure. This was a\n result of the ip_push_pending_frames function improperly\n incremented the IP ID field when sending a RST after receiving\n unsolicited TCP SYN-ACK packets.\n\nCVE-2006-1368\n\n Shaun Tancheff discovered a buffer overflow (boundry condition\n error) in the USB Gadget RNDIS implementation allowing remote\n attackers to cause a DoS. While creating a reply message, the\n driver allocated memory for the reply data, but not for the reply\n structure. The kernel fails to properly bounds-check user-supplied\n data before copying it to an insufficiently sized memory\n buffer. Attackers could crash the system, or possibly execute\n arbitrary machine code.\n\nCVE-2006-1523\n\n Oleg Nesterov reported an unsafe BUG_ON call in signal.c which was\n introduced by RCU signal handling. The BUG_ON code is protected by\n siglock while the code in switch_exit_pids() uses tasklist_lock. It\n may be possible for local users to exploit this to initiate a denial\n of service attack (DoS).\n\nCVE-2006-1524\n\n Hugh Dickins discovered an issue in the madvise_remove function wherein\n file and mmap restrictions are not followed, allowing local users to\n bypass IPC permissions and replace portions of readonly tmpfs files with\n zeroes.\n\nCVE-2006-1525\n\n Alexandra Kossovsky reported a NULL pointer dereference condition in\n ip_route_input() that can be triggered by a local user by requesting\n a route for a multicast IP address, resulting in a denial of service\n (panic).\n\nCVE-2006-1857\n\n Vlad Yasevich reported a data validation issue in the SCTP subsystem\n that may allow a remote user to overflow a buffer using a badly formatted\n HB-ACK chunk, resulting in a denial of service.\n\nCVE-2006-1858\n\n Vlad Yasevich reported a bug in the bounds checking code in the SCTP\n subsystem that may allow a remote attacker to trigger a denial of service\n attack when rounded parameter lengths are used to calculate parameter\n lengths instead of the actual values.\n\nCVE-2006-1863\n\n Mark Mosely discovered that chroots residing on an CIFS share can be\n escaped with specially crafted &quot;cd&quot; sequences.\n\nCVE-2006-1864\n\n Mark Mosely discovered that chroots residing on an SMB share can be\n escaped with specially crafted &quot;cd&quot; sequences.\n\nCVE-2006-2271\n\n The &quot;Mu security team&quot; discovered that carefully crafted ECNE chunks can\n cause a kernel crash by accessing incorrect state stable entries in the\n SCTP networking subsystem, which allows denial of service.\n\nCVE-2006-2272\n\n The &quot;Mu security team&quot; discovered that fragmented SCTP control\n chunks can trigger kernel panics, which allows for denial of\n service attacks.\n\nCVE-2006-2274\n\n It was discovered that SCTP packets with two initial bundled data\n packets can lead to infinite recursion, which allows for denial of\n service attacks.\n\n\nThe following matrix explains which kernel version for which architecture\nfix the problems mentioned above:\n\n Debian 3.1 (sarge)\n Source 2.6.8-16sarge3\n Alpha architecture 2.6.8-16sarge3\n HP Precision architecture 2.6.8-6sarge3\n Intel IA-32 architecture 2.6.8-16sarge3\n Intel IA-64 architecture 2.6.8-14sarge3\n Motorola 680x0 architecture 2.6.8-4sarge3\n PowerPC architecture 2.6.8-12sarge3\n IBM S/390 architecture 2.6.8-5sarge3\n Sun Sparc architecture 2.6.8-15sarge3\n\nDue to technical problems the built amd64 packages couldn&#x27;t be processed\nby the archive script. Once this problem is resolved, an updated DSA 1103-2\nwill be sent out with the checksums for amd64.\n\nThe following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 3.1 (sarge)\n fai-kernels 1.9.1sarge2\n\nWe recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge3.dsc\n Size/MD5 checksum: 1002 c13d8ebcabab9477e9dbf7a5d66fa4d4\n http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge3.diff.gz\n Size/MD5 checksum: 1043822 9dc3ae088c90a7be470b9436ca317fcc\n http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz\n Size/MD5 checksum: 43929719 0393c05ffa4770c3c5178b74dc7a4282\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge3.dsc\n Size/MD5 checksum: 812 822e18074a76927a0a91c83916c991bb\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge3.tar.gz\n Size/MD5 checksum: 39108 45f3b6b40470a81768f113160754fdbd\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge3.dsc\n Size/MD5 checksum: 1008 6fa522a94872155497a0e057a05f8b61\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge3.tar.gz\n Size/MD5 checksum: 67361 863b56c6386182f58fda2054099e9e52\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge3.dsc\n Size/MD5 checksum: 1047 294c981159570b5253bc877ce0543b12\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge3.tar.gz\n Size/MD5 checksum: 90731 3215b0f2a0dc926db6e05b04ff5760ed\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge3.dsc\n Size/MD5 checksum: 1191 e26e2149236092d9227773a904eaed04\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge3.tar.gz\n Size/MD5 checksum: 64130 03de4cad1ccfa5ce38f5b4b97b71f5ad\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge3.dsc\n Size/MD5 checksum: 874 2e925606f9143b774ab2e86a12d62c44\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge3.tar.gz\n Size/MD5 checksum: 15464 7dfeb923284a92f3bca5e8ef62a52498\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge3.dsc\n Size/MD5 checksum: 1071 9e2657e0a79bd6b3cde0df2e5c9aa77e\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge3.tar.gz\n Size/MD5 checksum: 26926 5f6c84921c0f6041fdd269a6c66a0568\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge3.dsc\n Size/MD5 checksum: 846 89d3a1f59fb514c8c5a195e91eaa1997\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge3.tar.gz\n Size/MD5 checksum: 12972 e3c65e0b2998dad3c440a0c1af5cd99f\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge3.dsc\n Size/MD5 checksum: 1036 31e7168c06b98e03789c100b6a6fcf67\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge3.tar.gz\n Size/MD5 checksum: 24369 6c9e2b0e3a3f625cc4103b385f0c093c\n\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge3_all.deb\n Size/MD5 checksum: 6184022 54432fcfa3a56c502b0feabe6723c467\n http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge3_all.deb\n Size/MD5 checksum: 1079878 a2ca885ba3b9b30d211c26647524cbc9\n http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge3_all.deb\n Size/MD5 checksum: 34941458 74c1b17e994280ac14d7116a52b771bf\n http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge3_all.deb\n Size/MD5 checksum: 35082 7b08d82ec9046359cd85ea87aad96995\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge3_all.deb\n Size/MD5 checksum: 10934 0d1c81689deeaa145be9e4d3ae140a81\n\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2_2.6.8-16sarge1_alpha.deb\n Size/MD5 checksum: 2757876 e94cdb8d12552d293018c7ca24199f47\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2-generic_2.6.8-16sarge1_alpha.deb\n Size/MD5 checksum: 230608 fdf2cc6f010f2b618672422c3293f3b9\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2-smp_2.6.8-16sarge1_alpha.deb\n Size/MD5 checksum: 225502 2a21bf8197792a789420b1838526186f\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge3_alpha.deb\n Size/MD5 checksum: 2759828 544e1f44b4cebfaf97f4ae1870b56ab1\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge3_alpha.deb\n Size/MD5 checksum: 232152 9ba670970518572ad7db755e7888ee8a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge3_alpha.deb\n Size/MD5 checksum: 227100 a836d721852b11fa6422f33dc81a5415\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-2-generic_2.6.8-16sarge1_alpha.deb\n Size/MD5 checksum: 20226800 f627945f7f8216fbe6961a9559766f29\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-2-smp_2.6.8-16sarge1_alpha.deb\n Size/MD5 checksum: 20068720 7aa6c0137c94e2e7ee45e5ae702cfe27\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge3_alpha.deb\n Size/MD5 checksum: 20220874 d9c1642300f72cc5f3fc3b04865b3b3d\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge3_alpha.deb\n Size/MD5 checksum: 20073352 1faa9472c15dd6142221fec2261b5628\n\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2_2.6.8-6sarge1_hppa.deb\n Size/MD5 checksum: 2798740 3bd227d7f6ce63d13f4eb4cef3cc7efa\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-32_2.6.8-6sarge1_hppa.deb\n Size/MD5 checksum: 209500 8b284495343adf74bca8219421f4b48d\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-32-smp_2.6.8-6sarge1_hppa.deb\n Size/MD5 checksum: 208722 941a680674931ec594e3512c5736c9bf\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-64_2.6.8-6sarge1_hppa.deb\n Size/MD5 checksum: 208356 7ab2df2b04391d75500083585a96701b\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-64-smp_2.6.8-6sarge1_hppa.deb\n Size/MD5 checksum: 207502 0a840281a00f4762978af411d7a3e7fb\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3_2.6.8-6sarge3_hppa.deb\n Size/MD5 checksum: 2802244 f82eaa9411813bbdee2e0c268a067c81\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32_2.6.8-6sarge3_hppa.deb\n Size/MD5 checksum: 211350 c221830c715cfebb1acb383d8f7c6a8a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32-smp_2.6.8-6sarge3_hppa.deb\n Size/MD5 checksum: 210570 96c096a16a6291f4b40716ac939bd063\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64_2.6.8-6sarge3_hppa.deb\n Size/MD5 checksum: 210220 fc6c20856e898e4bd881711e6392d4e9\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64-smp_2.6.8-6sarge3_hppa.deb\n Size/MD5 checksum: 209468 6a00248dcf25809f02f7ab585429f27b\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-32_2.6.8-6sarge1_hppa.deb\n Size/MD5 checksum: 16020358 6423b4288f949286ce1c70a743d03373\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-32-smp_2.6.8-6sarge1_hppa.deb\n Size/MD5 checksum: 16926452 be46b30fdb54c08c6cef2fcf7c9a2450\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-64_2.6.8-6sarge1_hppa.deb\n Size/MD5 checksum: 17472682 d8ecab478805553c2f978dd405dca57d\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-64-smp_2.6.8-6sarge1_hppa.deb\n Size/MD5 checksum: 18305956 42ae9163eaba822e863ea8dd2cdedcaa\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32_2.6.8-6sarge3_hppa.deb\n Size/MD5 checksum: 16029232 665d462c1fae45714ff948289c8a3457\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32-smp_2.6.8-6sarge3_hppa.deb\n Size/MD5 checksum: 16927312 a69c9e976ab6810bf7043a15daa1dd29\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64_2.6.8-6sarge3_hppa.deb\n Size/MD5 checksum: 17480298 66e35e40e7e2d82370f7ccba7544a59a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64-smp_2.6.8-6sarge3_hppa.deb\n Size/MD5 checksum: 18306822 88ade3c07fc414c82bf589def0bda600\n\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 2777236 af649947c652a9486461b92bbc33be8a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-386_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 256920 88db1b684f215fdd35de0989f148b57f\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-686_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 254646 553205bb17cfc57f4c4a7aadff46650a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-686-smp_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 251590 51ebd6202b7f347f66df0e189b2a3946\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-k7_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 254818 746967059979238eb49cfdcba572c07b\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-k7-smp_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 251708 33a61355c7a48d87b7570b772e454760\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 2779348 210a335431d029842eb82036d5326edf\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-386_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 258446 1d48b727a22487e4b34f4894b2a9a7f2\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 256322 8f73439c2a920c66ae05d3ceba45229a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686-smp_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 253564 4ce8f253c15562e9d11a985e135d94b4\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 256504 5a5c2acd3ef2fb3764489ed77865739e\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7-smp_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 253486 48f046411662bdde50195f8bdb421efa\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-386_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 14058198 fd607b13caf99093ef31071ff7395d6d\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-686_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 15531820 5871afdf04de65bda6f5eb3266b0621d\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-686-smp_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 15339250 f3ab94a1304a28732cea6be8dd871ac7\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-k7_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 15258514 cc888a3d69727d61b86a7f0945a51eff\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-k7-smp_2.6.8-16sarge1_i386.deb\n Size/MD5 checksum: 15118194 fb0e7f6b830b7a012f06bf7c25ff15cc\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-386_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 14063774 13d8810b179bb8408645e7fab57d114a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 15536484 0a47b2f9fc33d4b7a52eb68b54419c82\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686-smp_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 15346402 fffd9fb96343167ccc32356fa307152a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 15261026 cbdee84292a612fddca022377e38eebb\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7-smp_2.6.8-16sarge3_i386.deb\n Size/MD5 checksum: 15124168 248b85e7c59930aeb63fda6a0366b9a2\n\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 6606 27049d0c329dc1cad092b2d53c3322ec\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 6678 f3967dddbec5691733d49246d09f8cb3\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 6638 acc1b57c5a246304f9cee279574811e9\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 6706 5c28f912ecc42291a9ec3ef0f13c6041\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2_2.6.8-14sarge1_ia64.deb\n Size/MD5 checksum: 3097054 691f7cd4d1b2f184e50ab566f20a13e4\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-itanium_2.6.8-14sarge1_ia64.deb\n Size/MD5 checksum: 198662 72e0e4b4331b8a600de3a98d6ac59a82\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-itanium-smp_2.6.8-14sarge1_ia64.deb\n Size/MD5 checksum: 197920 6e19efeac81a2a9416328af58316c4cb\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-mckinley_2.6.8-14sarge1_ia64.deb\n Size/MD5 checksum: 198394 6d946fcc7b1fcf88c9ee9a47f7015384\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-mckinley-smp_2.6.8-14sarge1_ia64.deb\n Size/MD5 checksum: 197828 8be7e8290bd8e7cf1b9c162c9e369b36\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 3098862 aee4e1b99a34047fbf47941e2dced300\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 199934 484af4636ad4d64ecbf89dd7b47cda03\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium-smp_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 199302 8b6e3253f9c04054e1e9d2066e4323c0\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 199582 8b97de7837305ad8728bc0ab4bfeccb1\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley-smp_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 199190 508601b56facbca5211e2e3f1a819d4e\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 6602 dea61776e4279d8906f3d552af3ed55c\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 6670 d8ab34493a8cfc857dccd8a84743017a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 6630 04e4d5b971ec3523b80a3f2373afbf73\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 6700 f5cc48a00ca305eaea622738ce0d6570\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-itanium_2.6.8-14sarge1_ia64.deb\n Size/MD5 checksum: 22041474 4419d9b68b593646ed49ff194fcbcc9e\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-itanium-smp_2.6.8-14sarge1_ia64.deb\n Size/MD5 checksum: 22666884 7aab34e05eed41eee4b56ca45e1c4c2c\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-mckinley_2.6.8-14sarge1_ia64.deb\n Size/MD5 checksum: 21959066 27fe9dc58a04851cfbbac5b4a53f21ae\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-mckinley-smp_2.6.8-14sarge1_ia64.deb\n Size/MD5 checksum: 22689900 4011393c3e3a94354d81c909a1aaef91\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 21476428 ec3548487a558e67913419b84c84999c\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium-smp_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 22133136 0d6292568fadcc40f65e87314315165c\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 21408908 539197e6af86ff9583cf43d12ad109b1\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley-smp_2.6.8-14sarge3_ia64.deb\n Size/MD5 checksum: 22154322 a4ae9740b9459b0a43c47b5b6e546515\n\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge3_m68k.deb\n Size/MD5 checksum: 3305628 8029426256d755ea724ed7b46243c1ba\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge3_m68k.deb\n Size/MD5 checksum: 3101728 677b103a57ce6de26b072245dfd585f7\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge3_m68k.deb\n Size/MD5 checksum: 3014324 f7a8e8b9c7d4eacecd1f1d69f1ee2c34\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge3_m68k.deb\n Size/MD5 checksum: 2986734 fd1f14cc2856a55bb6948bdf956ea0d5\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge3_m68k.deb\n Size/MD5 checksum: 3173334 e32fa0fd9460b9e19bd24c8cc413684f\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge3_m68k.deb\n Size/MD5 checksum: 2978518 6e682497437fa9d1912ea5fd3374c82f\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge3_m68k.deb\n Size/MD5 checksum: 3047534 f9daecf9203da30c95cd9ab9647d8c54\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge3_m68k.deb\n Size/MD5 checksum: 3108200 9a81b37d60bdcf95d6cbc3ca5eb83d1a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge3_m68k.deb\n Size/MD5 checksum: 2992046 cfae06d516a2695eb961e574570661a4\n\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 407330 3025ba5c61db0cd42b9d0ab1a3e01b1c\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3-smp_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 406624 21742d40c3c0bac0d64e970c0944c59f\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 406548 b9ce59161b3faf818f77239a468828e4\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4-smp_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 406518 e40256427db90a027ed2be8a7b50997c\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 406882 c899bf1d81895ee43306a8b19e3c8ee8\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc-smp_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 407320 45108a12629a9eddd40b071db4b92e4e\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power3_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 405670 bd347754ea8c4cee14686b207e6cf46d\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power3-smp_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 405666 1dec752373178a4aef51f74c6d917073\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power4_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 405598 c39f371744ca92eec853ad8746f0f009\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power4-smp_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 405568 b346b94897fca3c678daadc99b515428\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-powerpc_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 405912 14475ec4cdc9b337ad2dc0ab3a772bdb\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-powerpc-smp_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 405698 4c3c94aa9afb4e6d73986bbfa26484bb\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 5143830 3a6cd285eba77baae74a2a16f8029be2\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-3_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 5147620 32c5daf3656ab15416c3a42a5be21afc\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 13577038 981f85ad155781610e2069f28b1eb4e7\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3-smp_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 13929444 b11a91f117e0d25b6df7a56cd2c0f0d6\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 13560822 44f1276a6cd811646ebf3ccb2da06067\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4-smp_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 13920572 fd32c8d3f0dbb55430075b57546f9390\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 13594454 93d70ceed88a16e7af0fe3db1a2c5baa\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc-smp_2.6.8-12sarge3_powerpc.deb\n Size/MD5 checksum: 13847204 5f22d24e351ce6040f9fa995e5a7906a\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power3_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 13494684 2ab633af498a4486190d3754c530e7f4\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power3-smp_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 13855580 1245c9d474405a277864484b0237252f\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power4_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 13486150 80b9f2ed16acb2c9fdb7c9cb133a4c03\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power4-smp_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 13842602 e4013da64e44e6e0401aa87b1e68c1ce\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-powerpc_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 13514634 a3fbbf23d7b805431a5f9f28aadd25ab\n http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-powerpc-smp_2.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 13769858 20783767bb65e7ea6ca76662438bf7ca\n\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-2_2.6.8-5sarge1_s390.deb\n Size/MD5 checksum: 5083010 42c4dd8c6c67ce7940f0d24bb745385c\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-3_2.6.8-5sarge3_s390.deb\n Size/MD5 checksum: 5087230 aa48eb8b2a3a5f215bba97329947a2eb\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-2-s390_2.6.8-5sarge1_s390.deb\n Size/MD5 checksum: 2973758 c8d12dd2fbddca3ab1b7bd905de4a90c\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-2-s390-tape_2.6.8-5sarge1_s390.deb\n Size/MD5 checksum: 1140118 328edfc2944127e2f1d6dca1842ce51d\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-2-s390x_2.6.8-5sarge1_s390.deb\n Size/MD5 checksum: 3179326 487c36323990a6ae1119f4c30f16cdd9\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390_2.6.8-5sarge3_s390.deb\n Size/MD5 checksum: 2977844 c491248ed7d4c71415be782f7fbe77e9\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390-tape_2.6.8-5sarge3_s390.deb\n Size/MD5 checksum: 1142366 fddcd4821b89cbf30f47d5df380f2961\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390x_2.6.8-5sarge3_s390.deb\n Size/MD5 checksum: 3186726 3eaf46617bf0ee1de50cad55f351aa54\n\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-2_2.6.8-15sarge1_sparc.deb\n Size/MD5 checksum: 3462 c68f0624f124db25f3a41f78432ca11c\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-3_2.6.8-15sarge3_sparc.deb\n Size/MD5 checksum: 5194 b90da0337cb607278aa01d4ec0c19a3a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2_2.6.8-15sarge1_sparc.deb\n Size/MD5 checksum: 2888690 29723527245a48a00e724c7366868ec9\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc32_2.6.8-15sarge1_sparc.deb\n Size/MD5 checksum: 107974 788d40ca3a1a3f53b8b2cf4c1fc4badc\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc64_2.6.8-15sarge1_sparc.deb\n Size/MD5 checksum: 142726 8719b1bf0d3aff36f7711d8979f87a7d\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc64-smp_2.6.8-15sarge1_sparc.deb\n Size/MD5 checksum: 143332 87bc055c575e3ec3ea44136ed44dff6a\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3_2.6.8-15sarge3_sparc.deb\n Size/MD5 checksum: 2890616 a3717a911c04df4af4917c5a0366a8de\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc32_2.6.8-15sarge3_sparc.deb\n Size/MD5 checksum: 109996 d42960c6242e6a62d5a2cb9809645bea\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64_2.6.8-15sarge3_sparc.deb\n Size/MD5 checksum: 144710 f1c0a8b3bf641019d7831cc1277ba524\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64-smp_2.6.8-15sarge3_sparc.deb\n Size/MD5 checksum: 145366 505e40a256abd9fa04a49321fba69115\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc32_2.6.8-15sarge1_sparc.deb\n Size/MD5 checksum: 4545570 00d7c7e1caef41efcbc198a282f2b9f2\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc64_2.6.8-15sarge1_sparc.deb\n Size/MD5 checksum: 7428184 1f146c58f98331bf5826520379bacd33\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc64-smp_2.6.8-15sarge1_sparc.deb\n Size/MD5 checksum: 7622116 4de4c114879d82d79fc34cb93c070d43\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc32_2.6.8-15sarge3_sparc.deb\n Size/MD5 checksum: 4550972 ea3ec35673aed896ec9416a8f470bf77\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64_2.6.8-15sarge3_sparc.deb\n Size/MD5 checksum: 7431000 fab9d693f9c9642b67e0d386f3df01ee\n http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64-smp_2.6.8-15sarge3_sparc.deb\n Size/MD5 checksum: 7628010 8c922a4190017515210c6738213b0782\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2006-06-27T00:00:00", "published": "2006-06-27T00:00:00", "id": "DEBIAN:DSA-1103-1:203B3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00189.html", "title": "[SECURITY] [DSA 1103-1] New Linux kernel 2.6.8 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}